Description: This video uses Armitage and Metasploit to demonstrate a new cross-platform Java exploit. This exploit uses a loophole in the Java API to execute a payload outside of Java's security sandbox without requiring a user to approve some action. This works in Firefox, Internet Explorer, and Safari on Windows, MacOS X, and presumably Linux. Java 1.6.0u27, Java 1.7.0, and older versions are vulnerable.
Tags: Java , cross-platform , exploit , demonstration , armitage , metasploit , CVE-2011-3544 , applet ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
OK, is nice, but how to run it from another server, from another IP...Not from your local IP... Thanks.
This is not working on java 1.7.*, is working only on 1.6.*...
@cip
dude simple answer for ur question is
Learn networking :)
@cip According to the CVE report, it doesn't work in Java 1.7.*. It works in Java 1.7.0 with no updates. Java 1.7.0 update 1 fixes the issue. I have yet to test it against 1.7.0.
@ArmitageHacker Yes, that can be... But java 1.7.0.1 almost any windows user has. :) Is a good one anyway.
@rootx If you had know networking, maybe you told me how to do it from another server, or to host the exploit and execute it from there... Leave it "smart" boy...
I wold like to know what CIP asked, how to do it outside the lan? thank you
@cip
Cip ur a Dum kid, rootx mentioned in a polite manner >> if u dont know this why the hell are u trying to run this exploit>>>all u need to do is port forward >>>>>>>>>>
nice lesson .. :)
it's very ..fantastic
Sir I m Residential Editor of Hackers5. I m willing to take your interview for ma magzine's upcoming issue of January. Would you please give me your personal email id so that i can contact to you there and take the interview.........
contact me at ankurtiwari65@gmail.com. Waiting for your reply.
@ArmitageHacker Nice!! funny i was just testing this exploit on my own windows 7 and made a tutorial posted it on here (metasploit over internet) on google chrome it did ask me to update or run java. thanks 4 this hope to see more videos ;) peace
@cip i just made a tutorial and added it to securitytube check it out. :)