OSCP Learning Notes - Exploit(5)

Java Applet Attacks

Download virtual machines from the following website:

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

 

1. Reset the IE Internet Security Level to Medium and Local intranet to Low

 2. Add the target url to the exception site list in Java Security Control Panel.

3.Open setoolkit in Kali Linux.

setoolkit

select 1) Social-Engineering Attacks -> 2) Website Attack Vectors ->1) Java Applet Attack Method -> 2) Site Cloner

In this case, we clone baidu.com as the fakesite.

4. Generate the payload - 1)Meterpreter Memory Injection