Results 1 to 1 of 1

Thread: Java Applet Attack Evolution with Metasploit Share/Save - My123World.Com!

  1. #1

    Java Applet Attack Evolution with Metasploit

    In this video I demonstrate different ways in which Java Applets are used to perform remote code execution with Browser Exploits.

    http://vimeo.com/33818972

    The latest variant of these attacks is the one which exploits a flaw in Java Rhino Script engine that ships along with Java 6 JDK. This exploit doesn't prompt the end user with a Security Warning pop up box and does not ask for their permission to run the applet.

    3 Attacks are performed in this video:

    • Java Signed Applet Attack against Older version of JRE (version 1.6.0 update 20)
    • Java Signed Applet Attack against Newer version of JRE (version 1.6.0 update 26)
    • Java Rhino Script Engine Exploit against newer version of JRE.


    Please note that the latest version of JRE is version 1.6.0 update 29 and it is not vulnerable to any of the above exploits.

    The first 2 attacks are mostly Social Engineering attacks and require the end user to Accept and run our applet. The last attack is more stealthy.

    c0d3inj3cT
    Last edited by c0d3inj3cT; 12-18-2011 at 03:54 PM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •