OSCP Security Technology - Java Applet Attack

OSCP Security Technology - Java Applet Attack

Prepare a target virtual machine - IE11 on Win 7.

Set the security level of IE to low, and add a exception to Java security tab.

image-20210807182801043

image-20210807182826250

sudo setoolkit
Exploit Steps
S1 -> Choose option 1 ) Social-Engineering Attacks
S2 -> Choose option 2) Website Attack Vectors
S3 -> Choose option 1) Java Applet Attack Method
S4 -> Choose option 2) Site Cloner
S5 -> Set exploit parameters
S6 -> Choose payload type 1) Meterpreter Memory Injection (DEFAULT)
S7 -> Set payload parameters

image-20210807205654281

image-20210807205730178

image-20210807205805208

image-20210807205836802

image-20210807205952027

image-20210807210029872

When visit http://192.168.2.26 from Win 7, a session should established.

After established a session, we can do many things though meterpreter.

image-20210807211623485

But I encountered the following problem, which has not yet been solved.

Cannot import src.core.setcore when launching set interactive shell in Python3 environment.

image-20210807211606473

posted @ 2021-08-07 21:18  晨风_Eric  阅读(45)  评论(0编辑  收藏  举报