All right, now, let me take a look at Explain job us. This is going to be our first attack on our window seven system. The version of java that's on. There is no about a year old now,
but it is a little bit out of date. It is subject to some memory corruption vulnerabilities like the one we just did against the browser.
So I encourage you to see if you can find some memory corruption vulnerabilities you can use against it
Try those to get additional sessions, but we're not always constrained. We're working with clients. I'd attacks to memory corruption or some other flaw
in the service. Since we do have user interaction, sometimes we can get the user to help us.
So in our medicine section, for instance, who made that execute herbal and then put the user and just ran it by going to see that again a little bit later on? In this section, we look ATT, avoiding anti virus.
We'll turn on our anti virus on our window. Seven.
See if we can create inexcusable that can bypass it with various techniques, but
we could do something very similar here with Java, we can actually create a job, apple it and prompt the user. Would you like to run this apple it once the user says Yes, you know, pretty much run anything that a Java applet can run,
getting, um, interpreter session. Oddly enough, let's take a look at that.
What we want is exploit. Multi job is nice because its platform independent
yeah, actually run these Java once again
everything that comes in People's Max
he's done with these.
There are options again is going to be server based, So we have no Are those
on older versions of Java? You can get it, actually say that it's signed by a legitimate
source. That's not going to be the case on anything. They were wised up to this
unless you actually sign it with a legitimate
signing certificate, which you certainly can. I mean, there's nothing to stop you from by signing shirt
you do. These sorts of things regularly might be worth it,
but you can start the apple it names before his toe.
do signing keys and most ourselves. There some things you don't have any of those
on. Bashar payloads are gonna be Java based halos again. That will help make it platform independent.
Actually, by default their windows very lives.
We look at feel options again.
The exploit target, right? A cult is window for whatever reasons, with producer targets.
You actually said it to Java.
The little hit everything. Since this is gonna be window, that doesn't particularly matter. We could just leave with his windows
I've seen enough windows in Sure.
Well, look, our browser. This is going to run in the background.
Bills come overto windows seven.
Don't be well, don't we have to remember what? My password.
All right, so open up,
are there? My browser's Firefox actually has a neat thing. Where if your Klingons are out of date, it'll actually prompt you
you have to turn them on, basically,
Not here. But the news is today.
What do you want on this application? Depending on what brother use, you're gonna get a different one of these. If you run like, go to meetings and web exes and things like that, you probably see stuff like that. Like, do you want allow this thing to run code,
and if we actually want to attend the meeting, we have to say yes, though it specifically says that we'll have unrestricted access years to stop.
these things happen.
do what's on the other side. We, even our security conscious users, have a tendency to say yes.
it's all a matter of making the user think what's on the other side is more important than security.
he said. Nothing really happened.
What would you get? A session
the interactive session for So we now do have access or wonder seven Machine Don't have has John.
Plus, we'll see won't get into post exploitation that week.
We'll have a little more we have to do in order to get
publicists to do. Has dump on Windows seven. It has some additional restrictions in place that we will have to bypass, but we will be able to do so
begin. Our drama is going to have some vulnerabilities. Job is one that gets a fair amount of attention.
It is so ubiquitous, and it does allow you some platform independence only attack.
So there are issues that will
attacked this particular version of Java that's on there as well as some later versions.
So I encourage you to spend some time looking at those. Certainly we haven't would get every single possible way to exploit the system.
But this is another example where we
did something a little bit different. We asked the user, Hey, can I exploit you on? It doesn't matter whether whether there's a vulnerability at all. In that case, it's the user says yes, and we run codes are very similar to downloading any XY
on running it saying, Hey, can I run this piece of code?