This is not one to be missed! It is very impressive, Michael (Mihi) has clearly worked hard on this, kudos to him!
http://javapayload.sourceforge.net/
Wednesday, July 20, 2011
Monday, July 18, 2011
Insecure coding examples
A really useful list of test cases are available on the DHS National Cyber Security Division:
http://samate.nist.gov/SRD/view.php
http://samate.nist.gov/SRD/view.php
Saturday, July 16, 2011
Java RMI Server Insecure Default Configuration Java Code Execution
Now this is interesting, a Java RMI remote code execution due to a default method being exposed by the distributed garbage collector. It is going to be a fun one to test!
http://www.exploit-db.com/exploits/17535/
The Metasploit page can be found here:
http://www.metasploit.com/modules/exploit/multi/misc/java_rmi_server
Update: Confirmed as working. It does rely on the RMI service being tunneled over HTTP. This particular exploit won't work directly with the typical JRMP services, but I am sure a similar vulnerability will exist. Warrants further digging....
http://www.exploit-db.com/exploits/17535/
The Metasploit page can be found here:
http://www.metasploit.com/modules/exploit/multi/misc/java_rmi_server
Update: Confirmed as working. It does rely on the RMI service being tunneled over HTTP. This particular exploit won't work directly with the typical JRMP services, but I am sure a similar vulnerability will exist. Warrants further digging....
Subscribe to:
Posts (Atom)