Jump to content

Eviljava


Recommended Posts

First of all thanks to reflex for creating the evil java page. I just turned it into a module.

The full version of this module is yet to come...

EvilJava module - version 2.0 (CURRENT)

  • Custom payloads can be uploaded from gui. They are categorized for Windows, Mac, and Linux. You can select through the UI which payload to use for a specific OS.
  • Custom payloads can be deleted too
  • Java applet and payloads can be saved in USB (this way you can have tens of custom payloads for each OS and switch between them very easily)
  • You can synchronize with the GET module in order to see what OS the clients are using, and wether they have Java enabled
  • NOTE: The listener ip changer will be fixed as soon as I figure out why all connections except metasploit work ;(
  • NOTE: A better 'help' and support for 'OTHER' OS are coming soon

EvilJava module - version 1.0

  • Malicious Java Applet for Windows, MAC, and Linux
  • Modify index.php page to redirect to EvilJava

NOTICE: the default payloads are set to connect back to 172.16.42.42 so make sure that's your IP unless you're using custom payloads. Feel free to upload as many custo payloads as you like :)

Please leave any suggestions, or bug reports you have here. Thanks... :)

post-39417-0-91471600-1338172525_thumb.ppost-39417-0-53351400-1338172537_thumb.p

Infected Page:

post-39417-0-66894100-1338172770_thumb.j

Edited by SilverExploit
Link to comment
Share on other sites

First off all thank you both for making this available to us!

I have a small suggestion. I'm assuming that anyone who makes use of this module is very familiar with Metasploit and know how to create his/her own (java)payload.

I would be very nice (at least I think so) to be able to put your own payload in via the Web UI per OS (Linux, Mac, Windows). The reason for this is that some of us are using the MKV as a standalone device connected to a 3G modem or via the WAN interface attached to a router. So you want to be able to put your own IP address in the payload. Not just 172.16.42.42. Maybe using a reverse HTTPS connection instead of a TCP etc. Now, I'm manually editing the run.html replacing the encoded payload with my own payload.

So by enabling the user to either use your default payload or its own, this module will be very powerful!

Anyway. This thing rocks already!!! ;)

Link to comment
Share on other sites

First off all thank you both for making this available to us!

I have a small suggestion. I'm assuming that anyone who makes use of this module is very familiar with Metasploit and know how to create his/her own (java)payload.

I would be very nice (at least I think so) to be able to put your own payload in via the Web UI per OS (Linux, Mac, Windows). The reason for this is that some of us are using the MKV as a standalone device connected to a 3G modem or via the WAN interface attached to a router. So you want to be able to put your own IP address in the payload. Not just 172.16.42.42. Maybe using a reverse HTTPS connection instead of a TCP etc. Now, I'm manually editing the run.html replacing the encoded payload with my own payload.

So by enabling the user to either use your default payload or its own, this module will be very powerful!

Anyway. This thing rocks already!!! ;)

Very nice idea! I'll start working on it right away. :) Thanks for the suggestion.

Link to comment
Share on other sites

Very nice idea! I'll start working on it right away. :) Thanks for the suggestion.

would be better if all of the java/exe payloads pointed back to the pineapple say on a reserved ip that is used to pivot/redirect to another machine/server/ip/dyndns the user sets up,

basically all scripts could make use of this methods having the special ip being controlled by the user/pen tester;-)

sorry I am ranting, just a thought

Link to comment
Share on other sites

would be better if all of the java/exe payloads pointed back to the pineapple say on a reserved ip that is used to pivot/redirect to another machine/server/ip/dyndns the user sets up,

basically all scripts could make use of this methods having the special ip being controlled by the user/pen tester;-)

sorry I am ranting, just a thought

I see... netcat or iptables will do the trick. I'll add a box where you can update the pentesters ip so that lets say 172.16.42.111 redirects to the pentesters ip to ex: 172.16.42.42, and all payloads are set to connect to 172.16.42.111 ! Very clever

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...