1
00:00:00,450 --> 00:00:04,250
There are tons of applications that require Java to work.

2
00:00:05,400 --> 00:00:13,350
This is why Java runtime environment is installed on almost every computer, according to Oracle, 97

3
00:00:13,350 --> 00:00:15,660
percent of enterprise desktops run Java.

4
00:00:16,950 --> 00:00:25,140
Eighty nine percent of desktops or computers in the USA run Java, three billion mobile phones run Java,

5
00:00:25,740 --> 00:00:29,880
100 percent of Blu ray disk players ship with Java.

6
00:00:30,920 --> 00:00:36,140
And 125 million TV devices run Java.

7
00:00:37,160 --> 00:00:44,180
In the 2010s, there was several numbers of exploitable Java vulnerabilities found, most of them were

8
00:00:44,180 --> 00:00:50,870
allowing the attackers to execute remote codes in the victim's systems because almost every IT system

9
00:00:50,870 --> 00:00:51,530
has Java.

10
00:00:51,740 --> 00:00:56,420
And several critical zero day vulnerabilities have been found in the recent years.

11
00:00:56,750 --> 00:01:00,370
Exploiting Java vulnerabilities on the client side is quite popular.

12
00:01:01,010 --> 00:01:07,670
When you search for Java in Métis Point framework, you find a lot of exploit written for Java vulnerabilities.

13
00:01:08,030 --> 00:01:09,830
Some of them are seen in the slide.

14
00:01:11,470 --> 00:01:18,040
Let's see one of them in detail, the exploit module displayed in the slide abuses the Jambox classes

15
00:01:18,040 --> 00:01:21,640
from a Java applet to an arbitrary Java code.

16
00:01:22,210 --> 00:01:29,560
Additionally, this module bypasses default security settings introduced in Java seven update 10 to

17
00:01:29,560 --> 00:01:34,030
run unsigned applets without displaying any warning to the user.

18
00:01:35,160 --> 00:01:38,670
To use the exploit run, use command with the full exploit name.

19
00:01:39,700 --> 00:01:46,360
Set the options of the exploit and run it using exploit or run command, same as the Firefox add on

20
00:01:46,360 --> 00:01:50,410
exploit, it starts to serve an application on the server.

21
00:01:50,680 --> 00:01:57,730
Salvy host at the Port S.V. Port with a path given in the You are ipass option.

22
00:01:59,330 --> 00:02:05,720
At the same time, it starts a reverse TCP handler to collect the captured session on the same system

23
00:02:05,930 --> 00:02:09,800
with Salvy host at the Port 44 44.

24
00:02:10,770 --> 00:02:18,240
Did you notice that we didn't set a payload for the exploit by default, the exploit uses Java slash

25
00:02:18,390 --> 00:02:22,950
interpreter slash reverse underscore TCP payload.