1
00:00:00,480 --> 00:00:04,290
‫There are tens of applications that require Java to work.

2
00:00:05,430 --> 00:00:13,380
‫This is why Java runtime environment is installed on almost every computer, according to Oracle, 97

3
00:00:13,380 --> 00:00:15,690
‫percent of enterprise desktops run Java.

4
00:00:17,010 --> 00:00:25,170
‫Eighty nine percent of desktops or computers in the USA run Java, three billion mobile phones run Java,

5
00:00:25,770 --> 00:00:29,910
‫100 percent of Blu ray disk players ship with Java.

6
00:00:30,950 --> 00:00:36,170
‫And 125 million TV devices run Java.

7
00:00:37,160 --> 00:00:44,210
‫In the 2010s, there was several numbers of exploitable Java vulnerabilities found, most of them were

8
00:00:44,210 --> 00:00:50,900
‫allowing the attackers to execute remote codes in the victim's systems because almost every IT system

9
00:00:50,900 --> 00:00:51,560
‫has Java.

10
00:00:51,770 --> 00:00:56,450
‫And several critical zero day vulnerabilities have been found in the recent years.

11
00:00:56,780 --> 00:01:00,400
‫Exploiting Java vulnerabilities on the client side is quite popular.

12
00:01:01,040 --> 00:01:07,700
‫When you search for Java in Métis Point framework, you find a lot of exploit written for Java vulnerabilities.

13
00:01:08,060 --> 00:01:09,860
‫Some of them are seen in the slide.

14
00:01:11,510 --> 00:01:18,050
‫Let's see one of them in detail, the exploit module displayed in the slide abuses the Genex classes

15
00:01:18,050 --> 00:01:21,680
‫from a Java applet to an arbitrary Java code.

16
00:01:22,220 --> 00:01:29,570
‫Additionally, this module bypasses default security settings introduced in Java seven update 10 to

17
00:01:29,570 --> 00:01:34,070
‫run unsigned applets without displaying any warning to the user.

18
00:01:35,170 --> 00:01:38,680
‫To use the exploit run, use command with the full exploit name.

19
00:01:39,730 --> 00:01:46,390
‫Set the options of the exploit and run it using exploit or run command, same as the Firefox add on

20
00:01:46,390 --> 00:01:55,270
‫exploit, it starts to serve an application on the server S.V. host at the Port S.V. Port with a path

21
00:01:55,450 --> 00:01:57,760
‫given in the You are ipass option.

22
00:01:59,380 --> 00:02:05,740
‫At the same time, it starts a reverse TCP handler to collect the captured session on the same system

23
00:02:05,950 --> 00:02:09,820
‫with S.V. host at the Port 44 44.

24
00:02:10,790 --> 00:02:18,260
‫Did you notice that we didn't set a payload for the exploit by default, the exploit uses Java slash

25
00:02:18,410 --> 00:02:22,970
‫interpreter slash reverse underscore TCP payload.