Posts tagged Java

4 min Vulnerability Management

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

The new SAP vulnerability (RECON), a critical vulnerability affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard, is a huge deal.
1 min Research

A Serial Problem: Exploitation and Exposure of Java Serialized Objects

In our new research report, we take a look at Java Serialized Objects (JSOs), which are a reliable threat vector and present a rising threat to enterprise networks.

1 min Metasploit Weekly Wrapup

Weekly Metasploit Wrapup

Welcome to the last Metasploit update of the year! Since January 1st, 2015, we've had 6364 commits from 176 unique authors, closed 1119 Pull Requests, and added 323 modules. Thank you all for a great year! We couldn't have done it without you. Sounds The sounds plugin has been around for a long time, notifying hackers of new shells via their speakers since 2010. Recently, Wei sinn3r Chen gave it a makeover, replacing the old robotic voice with that of Offensive Security founder, Kali Linux Core
2 min Patch Tuesday

R7-2015-09: Oracle Java JRE AES Intrinsics Remote Denial of Service (CVE-2015-2659)

Java 8 servers versions prior to u46 are susceptible to a remote unauthenticated denial of service (hard crash) when used with AES intrinsics (AES-NI) CPU extensions on supported processors. AES intrinsics are enabled by default on the Oracle JVM if the the JVM detects that processor capability, which is common for modern processors manufactured after 2010. For more on AES-NI, see the Wikipedia article [http://en.wikipedia.org/wiki/AES_instruction_set]. This issue was tracked in the OpenJDK pu
2 min Java

Weekly Metasploit Wrapup: Remote Controlling Java Services

Java Remoting: Sign Me Up! This is a pretty exciting week for advancing the state of the art of penetration testing with Metasploit, thanks in large part to Juan Vazquez [https://twitter.com/_juan_vazquez_]'s work on the new protocol-level support for Java Remote Method Invocation (RMI). If you've never heard of it before, it's probably because, like me, you haven't done much (or any) Java programming since school. Java RMI is essentially a network-exposed API, usually listening on 1617/TCP, and
2 min Java

Oracle CPU: July 2014

Oracle's Quarterly Critical Patch Update (CPU) is never a minor event.  In April we saw 104 security issues addressed, in January it was 144.  This time around we are faced with 113 updates.  These updates span the entire portfolio of Oracle software, including the JRE, Solaris, Oracle Database, MySQL, and numerous web and middleware products. What stands out is the belated fix for Heartbleed in MySQL Enterprise Server, coming fully 3 months after Oracle fixed that issue in their other products
2 min Flash

Weekly Metasploit Update: More Meterpreters!

Meterpreter for All The Platforms This week is pretty exciting for us, since it's not every day we give out commit rights [https://github.com/rapid7/metasploit-framework/wiki/Committer-Keys] to the Rapid7 Metasploit repo. I'm very happy to report that Tim Wright [https://github.com/timwr] has agreed to step up and help out with moving Meterpreter research and development forward, focusing mainly on the Java and Android implementations. Many Metasploit users are familiar with Meterpreter for Wi
1 min Java

Oracle October 2013 CPU roundup

The story here is that Oracle has synced up their Java patching with the rest of their patching cycle and, when it comes to vulnerabilities, Java always steals the show. The CPU includes fixes for 127 vulnerabilities in Oracle products, but aside from Java, it's mostly ho-hum, low impact stuff. There's a CVSS 8.5 vulnerability in MySQL's Enterprise Service manager, but besides the Java patches, nothing else jumps out as particularly interesting. The Java patches include 51 of the 127 addresse
2 min Product Updates

Weekly Update: Sport Fishing for Exploits and Improved Java Hackery

Java Payload Cleanup If you've been watching the Metasploit source repository [https://github.com/rapid7/metasploit-framework/], you will have noticed some movement in Java Payload land -- specifically, PR#1217 [https://github.com/rapid7/metasploit-framework/pull/1217], which landed this week. Thanks to the refactoring efforts of Michael @mihi42 [https://twitter.com/mihi42] Schriel, testing by @Meatballs [https://github.com/Meatballs1], and integration from James @egyp7 [https://twitter.com/egyp
2 min Java

Oracle April 2013 CPU - 42 Java vulns!

Oracle Security had a busy day yesterday.  They released two of their Cumulative Patch Updates, one for Java and one for everything else that they patch. The Java CPU contains 19 CVEs with CVSS base score of 10 (the highest you can go) indicating that exploiting the vulnerability is not particularly challenging and could give complete control of compromised systems. For all of these vulnerabilities, the browser is the vector of exploit. For one of those (CVE-2013-1537)some Java server configurat
3 min Java

Java 7 Exploit for CVE-2013-0431 in the Wild

According to the latest news [http://malware.dontneedcoffee.com/2013/02/cve-2013-0431-java-17-update-11.html] , exploit kits such as Cool EK and Popads are integrating a new exploit for Java, targeting Java 7u11. An exploit for CVE-2013-0431 has been analyzed and shared by SecurityObscurity [http://security-obscurity.blogspot.com/2013/01/about-new-java-0-day-vulnerability.html] , and is also now available as a Metasploit module with some improvements for testability. We would like to use this b
2 min Product Updates

Weekly Update: Hollywood Hacking and More Java Exploits

Hollywood Hacking: Tapping Webcams and Mics This week's update has two new post modules for Metasploit, which enables the creative pen-tester to hit that creeper vibe so often missing on a typical engagement, both by Metasploit exploit dev Wei @_sinn3r [https://twitter.com/_sinn3r] Chen. They're both post-exploitation modules, so they presume you already have a session on the target via some other exploit. First up is a webcam control module, which can take a snapshot using the target's webcam.
10 min Exploits

New Java Modules in Metasploit... No 0 days this time

Last year Security Explorations published some awesome research [http://www.security-explorations.com/en/SE-2012-01.html], exploring the security state of the Java SE from Oracle, and disclosing different vulnerabilities and exploit vectors in this software. In fact, some of the last Java exploits found in the wild have been using techniques from the mentioned research. Today we're publishing two new modules exploiting some of the documented issues. In this blog post we would like to share somet
2 min Microsoft

January is not over yet

Seems like a lot of activity already this year in the security world by way of high profile, already being exploited vulnerabilities.   First the Adobe Flash and Acrobat/Reader fixes [/2013/01/08/adobe-joins-the-january-patching-fun], then the Ruby on Rails exploit [/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156] and now Oracle turning around a fast fix and Microsoft delivering an out-of-band patch for Internet Explorer. Oracle has moved quickly to release a fix for the vuln
5 min Metasploit

Exploit Trends: Top 10 Searches for Metasploit Modules in October

Time for your monthly dose of Metasploit exploit trends! Each month we gather this list of the most searched exploit and auxiliary modules from the Metasploit database. To protect users' privacy, the statistics come from analyzing webserver logs of searches, not from monitoring Metasploit usage. October was a quiet month for exploit headlines, so not a whole lot of action on the list. The high traffic to Java and IE modules from their respective 0-days settled down, so you'll see some shuffli
2 min Nexpose

Multi-tenant User Provisioning

Introduction Performing bulk operations can be time consuming in Nexpose. A good example is user provisioning, which can take a long time. To save time, using the Nexpose APIs is an effective way to save you time and eliminate the error-prone process of doing everything manually. For this blog post, I want to demonstrate how you can manage users using the Nexpose API. I will be using an open source Java API client, which is available on clee-r7/nexpose_java_api · GitHub [https://github.com/clee-
5 min Metasploit

Exploit Trends: Java and IE 0days

Each month we report the top ten searched exploit and auxiliary modules on metasploit.com. The statistics are drawn from our exploit database by analyzing webserver logs of searches, not through Metasploit usage which is not tracked to preserve privacy. With the Java and Internet Explorer 0-days in August and September, this month's exploit trends from Metasploit really shook-up the status quo. And, just to make things more interesting, there are a couple exploits from April that came back fo
1 min Nexpose

Nexpose Site Creation - Now with More Scheduling

Got Sites?  Well now you can! One of everyone's favorite tasks in Nexpose is creating new sites.  But what if you could do it all with an interactive, menu-driven, standalone java application that leveraged the awesome Nexpose Java API client.  I know what you are thinking, "That would be too cool." Well wait no longer!  We here at Rapid7 have created just such a tool for you to use.  So go ahead, download it and give it a try.  All source code is included so you can easily modify or extend it
1 min Nexpose

Nexpose Reporting with the Java API Client

Nexpose reporting just got easier! Now you can manage and generate Nexpose reports though an interactive application that leverages the Nexpose Java API client. Here is a list of the options that are currently supported. 1. List Reports 2. Generate Reports 3. Delete Reports 4. Delete Report Configurations (and all associated reports) 5. View Report Configuration 6. View Report History Attached is a copy of the application and the source code so you can easily modify and extend its func
5 min Java

Creating a bunch of users at once using the Nexpose API

I would like to take the time to share an example of how you can use the Nexpose API to create a batch of users at one time with the use of a CSV file. Sounds too good to be true right? I swear to you that this is not a mirage. In fact I am prepared to put my money where my mouth is and post a code example with Rapid7's very own Open Source Java API client. This will allow you to do the following: * Interactively specify a CSV file to Create Update and even remove existing users * Please s
4 min Exploits

Exploit Trends: August Java 0-day

Coming from August's Java 0-day release, there are three new Java exploits among the top 10 most searched Metasploit exploits and auxiliary modules in this month's trend list. The monthly statistics are drawn from our exploit database [http://www.metasploit.com/modules/] by analyzing webserver logs of searches on metasploit.com, not through Metasploit usage which is not tracked for privacy. Check out the top searched exploits and modules below, annotated with Tod Beardley's excellent comments
2 min Java

Weekly Metasploit Update: Java 0-Day, Meterpreter Network Commands, and More!

Time to chalk up one more victory for the forces of goodness and light in our struggle against secret 0-day. Java 0-Day Exploit Shipped If you pay any attention at all to the usual security news, you will have certainly already heard about how Accuvant's Josh "jduck" Drake and the Metasploit dev community pounced on the Java 0-Day [http://krebsonsecurity.com/2012/08/attackers-pounce-on-zero-day-java-exploit/], aka CVE-2012-4681, aka the Java 7 Applet RCE [http://metasploit.com/modules/exploit/m
1 min Metasploit

Let's start the week with a new Java 0-day in Metasploit

On late Sunday night, the Metasploit Exploit team was looking for kicks, and heard the word on the street that someone was passing around a reliable Java 0-day exploit. Big thanks to Joshua J. Drake (jduck), we got our hands on that PoC [https://twitter.com/jduck1337/status/239875285913317376], and then once again, started our voodoo ritual. Within a couple of hours, we have a working exploit. Download Metasploit here [http://www.rapid7.com/downloads/metasploit.jsp], and apply the latest update
1 min Exploits

Oracle Issues Java Security Fixes

Oracle released Java Release 7 Update 5 and Java Release 6 Update 33 in order to patch several security vulnerabilities. I expect older versions to have public exploit code available soon. IsJavaExploitable.com [http://isjavaexploitable.com/] has been updated to assist everyone in detecting if they need to upgrade. Apple has also made patches available for OS X, which is a testament to Apple improving their consumer security. In the last couple of months Apple has made drastic improvements on re
1 min Apple

Apple OS X Java Woes

Oracle recently announced that they would provide stand alone updates in the future for Java Runtime Environment for Mac users. Many people including myself were excited when we heard the news, but..... so far this hasn't happened. Mac OS X users including yours truly are once again behind Oracle's recommended version. Apple last patched Java on OS X when they released Java 6 Update 31 on April 3rd, which had critical bug fixes on related to Flashback malware. Oracle then released Java 6 Update
2 min Release Notes

Getting the Most from Customizable CSV Exports - Part 6

Hi, my name is Eden Martinez, and I'm a Federal Sales Engineer with Rapid7. Larger environments often list scalability as one of their top problems; specifically, too much data. With current tools, it's not hard to generate large data sets. Most tools are comprehensive with a focus on the largest list of results wins. While you can turn all the knobs on Nexpose up to 11, I've found many enterprise environments prefer to focus on prioritization of vulnerabilities and trending of the results. M
1 min Metasploit

Is [Your] Java Exploitable?

There were too big news stories in the Java Exploitation landscape this week: 1. Blackhole Exploit Kit added an exploit for CVE-2012-0507 [http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/] 2. Metasploit added exploit for CVE-2012-0507 [/2012/03/29/cve-2012-0507-java-strikes-again] In order to help users and organization's do a quick field test to see if they are exploitable to these attacks, I crafted a Java version check now available at IsJavaExploitabl
2 min Nexpose

Automating Nexpose Discovery Connections through the Java API

Nexpose has long offered APIs allowing for automated workflow operations. The following examples are intended to help Nexpose users automate the discovery mechanisms feature through the API. The following code shows how to leverage the Java API client [https://github.com/clee-r7/nexpose_java_api] to create, list, update and delete discovery mechanisms in Nexpose. Nexpose supports Discovery connection API starting on version 5.2.  The supported operations on the API with regards to discovery ar
4 min Java

Java API client - How to augment it and share with the community

The prerequisite is that you get the client: clee-r7/nexpose_java_api · GitHub [https://github.com/clee-r7/nexpose_java_api] This blog post will show you how to augment the java api client and use it in 4 easy steps. The Java API client uses XML templates to generate requests. Browse to the src/org/rapid7/nexpose/api folder within the API source code, you will see the templates for the currently supported API client requests. i.e:  AssetGroupSaveRequest.xml. There are currently 2 versions of

1 min Nexpose

Nexpose Java API

We are really excited to see the Nexpose community coming up with all sorts of cool and useful ways to automate Nexpose via our APIs. Since we have published our Ruby [https://github.com/rapid7/nexpose-client] and .Net [https://github.com/brandonprry/nexpose-sharp] API client libraries, we have had some requests for a Java library as well. And now we have open sourced a Java [https://github.com/clee-r7/nexpose_java_api] based library for accessing the Nexpose API.  This library is BSD licensed s
3 min Release Notes

Exploit for critical Java vulnerability added to Metasploit

@_sinn3r [http://twitter.com/_sinn3r] and Juan Vasquez [https://twitter.com/#!/_juan_vazquez_] recently released a module which exploits the Java vulnerability detailed here [http://schierlm.users.sourceforge.net/CVE-2011-3544.html] by mihi and by Brian Krebs here [http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits]. This is a big one.  To quote Krebs: "A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the cri
5 min Exploits

Recent Developments in Java Signed Applets

The best exploits are often not exploits at all -- they are code execution by design. One of my favorite examples of this is a signed java applet. If an applet is signed, the jvm allows it to run outside the normal security sandbox, giving it full access to do anything the user can do. Metasploit has supported using signed applets as a browser exploit for quite awhile, but over the last week there have been a couple of improvements that might help you get more shells. The first of these improve