Applet Of Death FULL DISCLOSURE!
Proof of Concept How an Innocent Looking Applet can Harm/Take Control your PC.
This is demostration of how a java Applet can harm you PC . We have not see nobody exploiting Java Applets , yet . But a Rogue website hosting a rogue Signed Applet is as dangerous as an ActiveX . Which means Full Control of the System who ever visited that website and accept Security Warning. Security Warning Dialog made by Sun on a Signed Applet is very Weak , which dont say any thing about harming your PC. THIS APPLET I am going to demonstrate will do not do any harm but will Fire Up a Calc.exe , which is under window's System32 Folder. (Provided that user run the applet as Administrator) .
This applet can made to run any application under browsing user's privileges by simpling placing this line :
p = Runtime.getRuntime().exec(System.getenv("windir")+"\\system32" +"\\calc.exe");
with any exe u want to run :)
eg .
p = Runtime.getRuntime().exec(System.getenv("windir")+"\\system32" +"\\cmd.exe /c format c:");
will Format the visitor's drive c !!!
Steps a visitor need to become a victim are :
1. Go to the webpage hosting applet (applet can even made invisible) .
2. Accept the Certificate Warning dialogue box raised (it is not even security dialog , just a certificate warning)
3. Thats all , you are owned :).
Full Source Code is Released under BSD License.
Enjoy!
Video is done by Arkar WMH.
By v3ss (phyo.arkarlwin@star-nix.net)
StarNix Solutions.
Greetz to : Arkar WMH, Shyaam and Everyone at Evilfingers
More information (Video and the code) can be found HERE.
- EF
Saturday, January 24, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment