Java Signed Applet Attack is a Client Side exploit and is based on a human vulnerability as opposted to software vulnerability.

This attack affects targets with Java installed and enabled in their browsers. In this example we create a malicious Java applet which will execute code of our choice.

If user runs the Java applet, the Java software installed on victim´s machine will execute our payload.

This Java code below will download a given executable and execute it a temp directory on the target machine.

Java.java

Compile code with Java compiler and then sign applet.

When the applet is ready, embed it in an HTML file and write to web root folder:

Copy netcat to web root and rename it to evil.exe

User browses to java.html and reveives a warning message popup, user ignore it and click “Run”.

javapayload.png

Attacker captures the reverse shell with netcat; “nc -lnvp 1337”

Java Signed Applet Attack