1
00:00:00,450 --> 00:00:04,230
‫There are tens of applications that require Java to work.

2
00:00:05,400 --> 00:00:13,320
‫This is why Java runtime environment is installed on almost every computer, according to Oracle, 97

3
00:00:13,320 --> 00:00:15,630
‫percent of enterprise desktops run Java.

4
00:00:16,980 --> 00:00:21,240
‫89 percent of desktops or computers in the USA run Java.

5
00:00:22,140 --> 00:00:25,110
‫Three billion mobile phones run Java.

6
00:00:25,740 --> 00:00:29,850
‫100 percent of Blu ray disc players ship with Java.

7
00:00:30,950 --> 00:00:36,110
‫And 125 million TV devices run Java.

8
00:00:37,160 --> 00:00:42,770
‫In the 2010s, there were several numbers of exploitable Java vulnerabilities found.

9
00:00:43,190 --> 00:00:49,790
‫Most of them were allowing the attackers to execute remote codes in the victim's systems because almost

10
00:00:49,790 --> 00:00:55,910
‫every I.T. system has Java and several critical zero day vulnerabilities have been found in the recent

11
00:00:55,910 --> 00:00:56,360
‫years.

12
00:00:56,720 --> 00:01:00,350
‫Exploiting Java vulnerabilities on the client side is quite popular.

13
00:01:01,010 --> 00:01:07,640
‫When you search for Java in Metasploit Framework, you find a lot of exploit written for Java vulnerabilities.

14
00:01:08,030 --> 00:01:09,830
‫Some of them are seen in the slide.

15
00:01:11,470 --> 00:01:13,310
‫Let's see one of them in detail.

16
00:01:14,020 --> 00:01:20,770
‫The exploit module displayed in the slide abuses the Gen-X classes from a Java applet to run arbitrary

17
00:01:20,770 --> 00:01:21,610
‫Java code.

18
00:01:22,240 --> 00:01:27,880
‫Additionally, this module bypasses default security settings introduced in Java seven.

19
00:01:28,150 --> 00:01:34,000
‫Update 10 to run unsigned applets without displaying any warning to the user.

20
00:01:35,100 --> 00:01:38,640
‫To use the exploit run use command with the full exploit name.

21
00:01:39,730 --> 00:01:44,020
‫Set the options of the exploit and run it using exploit or run command.

22
00:01:44,650 --> 00:01:46,810
‫Same as the Firefox add on exploit.

23
00:01:47,110 --> 00:01:55,210
‫It starts to serve an application on the server as savvy host at the port as SA V Port, with a path

24
00:01:55,390 --> 00:01:57,700
‫given in the U R II path option.

25
00:01:59,300 --> 00:02:05,690
‫At the same time, it starts a reverse TCP handler to collect the captured session on the same system

26
00:02:05,930 --> 00:02:09,770
‫with savvy hosted at the Port 44 44.

27
00:02:10,770 --> 00:02:15,300
‫Did you notice that we didn't set a payload for the exploit by default?

28
00:02:15,480 --> 00:02:22,920
‫The exploit uses Java slash from interpreter slash reverse underscored TCP payload.