leg3nd Posted October 31, 2011 Author Share Posted October 31, 2011 (edited) I am pleased to announce a major update in jasagerPwn, to version 1.3 (rev53). Every java applet attack against Windows will now utilize a new vector that spawns a meterpreter shell through powershell injection straight into memory. Since no payload never touches disk, Anti-virus (Yes, ALL anti-viruses) will not detect it. This will only be viable on machines with powershell installed, it is by default in Vista and Windows 7, but not XP. The full process in which this works is tedious, but I will try to explain it briefly. First we prepare some alphanumeric shellcode that can be used, we simply use msfvenom/msfpayload to do this. Then we parse this shellcode into a usable format, and convert the powershell command and payload into an "Encoded Command". The powershell "Encoded command" will bypass all powershell execution restriction policies. Then the java applet will first detect weather the victim has powershell installed. If it does, it will deploy the powershell payload onto the system, otherwise it will default to the normal and detectable EXE payload. Long story short, this will run a single command (long command) from the applet which will inject the payload straight into memory and execute. This concept, implementation, and some code was taken from many sources including ReL1k @ secmaniac.com and Matthew Graeber @ exploit-monday.com Related articles: http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html http://www.secmaniac.com/blog/2011/10/26/the-social-engineer-toolkit-v2-2-codename-son-of-flynn-has-been-released/ Enjoy! Feedback is appreciated! Edited October 31, 2011 by leg3nd Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.