Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Name: Java Signed Applet Social Engineering Code Execution
- Module: exploit/multi/browser/java_signed_applet
- Version: 0
- Platform: Java, Windows, OSX, Linux, Solaris
- Privileged: No
- License: Metasploit Framework License (BSD)
- Rank: Excellent
- Provided by:
- natron <natron@metasploit.com>
- Available targets:
- Id Name
- -- ----
- 0 Generic (Java Payload)
- 1 Windows x86 (Native Payload)
- 2 Linux x86 (Native Payload)
- 3 Mac OS X PPC (Native Payload)
- 4 Mac OS X x86 (Native Payload)
- Basic options:
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- APPLETNAME SiteLoader yes The main applet's class name.
- CERTCN SiteLoader yes The CN= value for the certificate. Cannot contain ',' or '/'
- SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
- SRVPORT 8080 yes The local port to listen on.
- SSL false no Negotiate SSL for incoming connections
- SSLCert no Path to a custom SSL certificate (default is randomly generated)
- SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
- SigningCert no Path to a signing certificate in PEM or PKCS12 (.pfx) format
- SigningKey no Path to a signing key in PEM format
- SigningKeyPass no Password for signing key (required if SigningCert is a .pfx)
- URIPATH no The URI to use for this exploit (default is random)
- Payload information:
- Avoid: 0 characters
- Description:
- This exploit dynamically creates a .jar file via the
- Msf::Exploit::Java mixin, then signs the it. The resulting signed
- applet is presented to the victim via a web page with an applet tag.
- The victim's JVM will pop a dialog asking if they trust the signed
- applet. On older versions the dialog will display the value of
- CERTCN in the "Publisher" line. Newer JVMs display "UNKNOWN" when
- the signature is not trusted (i.e., it's not signed by a trusted
- CA). The SigningCert option allows you to provide a trusted code
- signing cert, the values in which will override CERTCN. If
- SigningCert is not given, a randomly generated self-signed cert will
- be used. Either way, once the user clicks "run", the applet executes
- with full user permissions.
- References:
- http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-valsmith-metaphish.pdf
- http://www.spikezilla-software.com/blog/?p=21
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement