Security Obscurity Blog

In the last post i was talking about how to obfuscate a Java exploit (CVE-2012-4681 link here ), now i want to show you how an attacker can use this obfuscated exploit for a  targeted attack. This is intended to be the second part of Wordpress Cookie Grabber video because i will show what you can do once you have compromised a website, frank's blog in this case. The victim will be only the administrator. The exploit code in the previous article just escape from java sandbox and launch windows calculator. What we want to do is launch something different, like a meterpreter reverse shell which will connect back to the attacker. Thus in the previous code we have to add a download & execute class/method. I opted for a new class but you can certainly add a method in the same class. This new class called NewClass (i'm lacking of fantasy) will download a meterpreter executable from a remote host and save it with the name fsc73B8.tmp.exe into temp folder, after t...

Why not play a game where we try to make the latest (at time of writing) public java exploit ( CVE-2012-4681 ) undetected by all antivirus and see who will be the last to detect it ?. I think it will be a funny "challenge" because evading antivirus has always his charm. I will not use software obfuscators like proGuard, Allatori, Zelix KlassMaster etc... This because will not be funny. This is not intended to be an analysis or explanation because there are already great post here: http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html http://www.h-online.com/security/features/The-new-Java-0day-examined-1677789.html Before we start we need to make two considerations: From The Current Web-Delivered Java 0Day :  So while you may see a few links to Virustotal with the inevitable complaining that a scanner is missing a specific chunk of altered code along wi...