API tools faq
paste
Advertisement
Linkcabin

Metasploit Java

Linkcabin
Jul 5th, 2013
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.72 KB | None | 0 0
raw download clone embed print report
  1. Name: Java Signed Applet Social Engineering Code Execution
  2. Module: exploit/multi/browser/java_signed_applet
  3. Version: 0
  4. Platform: Java, Windows, OSX, Linux, Solaris
  5. Privileged: No
  6. License: Metasploit Framework License (BSD)
  7. Rank: Excellent
  8.  
  9. Provided by:
  10. natron <natron@metasploit.com>
  11.  
  12. Available targets:
  13. Id Name
  14. -- ----
  15. 0 Generic (Java Payload)
  16. 1 Windows x86 (Native Payload)
  17. 2 Linux x86 (Native Payload)
  18. 3 Mac OS X PPC (Native Payload)
  19. 4 Mac OS X x86 (Native Payload)
  20.  
  21. Basic options:
  22. Name Current Setting Required Description
  23. ---- --------------- -------- -----------
  24. APPLETNAME SiteLoader yes The main applet's class name.
  25. CERTCN SiteLoader yes The CN= value for the certificate. Cannot contain ',' or '/'
  26. SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
  27. SRVPORT 8080 yes The local port to listen on.
  28. SSL false no Negotiate SSL for incoming connections
  29. SSLCert no Path to a custom SSL certificate (default is randomly generated)
  30. SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
  31. SigningCert no Path to a signing certificate in PEM or PKCS12 (.pfx) format
  32. SigningKey no Path to a signing key in PEM format
  33. SigningKeyPass no Password for signing key (required if SigningCert is a .pfx)
  34. URIPATH no The URI to use for this exploit (default is random)
  35.  
  36. Payload information:
  37. Avoid: 0 characters
  38.  
  39. Description:
  40. This exploit dynamically creates a .jar file via the
  41. Msf::Exploit::Java mixin, then signs the it. The resulting signed
  42. applet is presented to the victim via a web page with an applet tag.
  43. The victim's JVM will pop a dialog asking if they trust the signed
  44. applet. On older versions the dialog will display the value of
  45. CERTCN in the "Publisher" line. Newer JVMs display "UNKNOWN" when
  46. the signature is not trusted (i.e., it's not signed by a trusted
  47. CA). The SigningCert option allows you to provide a trusted code
  48. signing cert, the values in which will override CERTCN. If
  49. SigningCert is not given, a randomly generated self-signed cert will
  50. be used. Either way, once the user clicks "run", the applet executes
  51. with full user permissions.
  52.  
  53. References:
  54. http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-valsmith-metaphish.pdf
  55. http://www.spikezilla-software.com/blog/?p=21
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!