OSCP Security Technology - Java Applet Attack
Prepare a target virtual machine - IE11 on Win 7.
Set the security level of IE to low, and add a exception to Java security tab.
sudo setoolkit
| Exploit Steps |
|---|
| S1 -> Choose option 1 ) Social-Engineering Attacks |
| S2 -> Choose option 2) Website Attack Vectors |
| S3 -> Choose option 1) Java Applet Attack Method |
| S4 -> Choose option 2) Site Cloner |
| S5 -> Set exploit parameters |
| S6 -> Choose payload type 1) Meterpreter Memory Injection (DEFAULT) |
| S7 -> Set payload parameters |
When visit http://192.168.2.26 from Win 7, a session should established.
After established a session, we can do many things though meterpreter.
But I encountered the following problem, which has not yet been solved.
Cannot import src.core.setcore when launching set interactive shell in Python3 environment.