Did you miss last night’s live broadcast of Security Weekly? If so you missed a great technical segment by Carlos Perez that demonstrated the new Metasploit java signed applet exploit. This exploit is a great example of how an attacker can gain access to systems that have no vulnerabilities by taking advantage of inherent weaknesses in the way products such as java applet signing are implemented.
Before you can use this exploit you will need to install a the java developers kit and the rjb ruby gem. Carlos explains how to do that in the show notes.
*Note: In this video I misspoke and said that LPORT is not being used. In fact, it is used by the meterpreter payload for its command and control communications channel.
I will be teaching SANS 504 Incident Handling and Hacker Techniques in Raleigh Durham NC Monday, June 21, 2010 – Saturday, June 26, 2010. Sign up today.