Jump to content

Recommended Posts

  • 4 weeks later...

I have played a little bit with the Evil Java applet and found that the possibility to lure someone is quite slim.. The user would have to be quite braindead for you to achieve the attack.

Just to make it clear I did not start a listener in Metasploit, nor did I test this in the "right side" of the pineapple. The reason for this is both that I'm not sure how to change the listener address in the attack, and I didn't want to create a BT VM in my laptop for this test.

This test is made from the WAN/LAN side. And MSE went totally crazy when I entered this site, so the test is run without any AV.

Firstly the site is.. well not too bad

46216.jpg

But the warning speaks for itself

46217.jpg

Especially when the AV is amok at this point.

That said, I have also tested a couple of java attacks from SET in backtrack, but I haven't found any that actually fools MSE. If anyone have any tips to what java attacks one might use without AV going insane would be great! Otherwise I don't see any point in using time on this.

In regards to what you can do with it is potentially own the users machine ;)

Edited by loozr
Link to post
Share on other sites

I have played a little bit with the Evil Java applet and found that the possibility to lure someone is quite slim.. The user would have to be quite braindead for you to achieve the attack.

Just to make it clear I did not start a listener in Metasploit, nor did I test this in the "right side" of the pineapple. The reason for this is both that I'm not sure how to change the listener address in the attack, and I didn't want to create a BT VM in my laptop for this test.

This test is made from the WAN/LAN side. And MSE went totally crazy when I entered this site, so the test is run without any AV.

Firstly the site is.. well not too bad

46216.jpg

But the warning speaks for itself

46217.jpg

Especially when the AV is amok at this point.

That said, I have also tested a couple of java attacks from SET in backtrack, but I haven't found any that actually fools MSE. If anyone have any tips to what java attacks one might use without AV going insane would be great! Otherwise I don't see any point in using time on this.

In regards to what you can do with it is potentially own the users machine ;)

Get the executable signed by java/oracle :P

Link to post
Share on other sites

I'm afraid this is easier said than done.. I have no knowledge about this at all, but I'll bet that Oracle protects their signed java applets as good as they can.. However the java client on users computers is breached every now and then.. <_<

In my opinion I think most (normal) users have some kind of AV that the computer was originally delivered with, maybe not very god ones, but nevertheless I think that any attacks/pentests should be as stealth as possible i.e. no alert in AV.

People that are not using AV would be more aware and not install an applet like the one above, and user not aware would be aware because of the AV.

Link to post
Share on other sites

I'm afraid this is easier said than done.. I have no knowledge about this at all, but I'll bet that Oracle protects their signed java applets as good as they can.. However the java client on users computers is breached every now and then.. <_<

In my opinion I think most (normal) users have some kind of AV that the computer was originally delivered with, maybe not very god ones, but nevertheless I think that any attacks/pentests should be as stealth as possible i.e. no alert in AV.

People that are not using AV would be more aware and not install an applet like the one above, and user not aware would be aware because of the AV.

Ya I was completely kidding. No way would you ever want to do this on a Pentest, Unless you want Oracle to come down on you like a ton of bricks.

Link to post
Share on other sites
  • 6 months later...

Ya I was completely kidding. No way would you ever want to do this on a Pentest, Unless you want Oracle to come down on you like a ton of bricks.

Still, how someone could make a signed java applet by Oracle? Do you need a java compagnie or...?

Link to post
Share on other sites

Pentesting is not simply using 1 'hack'

The java applet attack may work if you know the victim's machine is susceptible to the attack, but to be honest, the worst thing you can do on a pentest is try and throw everything at a target.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...