Java Smart Applet Attack

Cobalt Strike's Smart Applet Attack combines several exploits to disable the Java security sandbox into one package.

This tool is available through Attacks -> Web Drive-by -> Smart Applet Attack. This attack starts a Cobalt Strike web server hosting a Java applet. Initially, this applet runs in Java's security sandbox and it does not require user approval to start.

Set the URI Path and Port to configure the webserver. You must specify a Win32 Listener and a Java Listener.

The smart applet analyzes its environment and decides which Java exploit to use. If the Java version is vulnerable, the applet will disable the security sandbox, and spawn a session using Cobalt Strike's Java injector. On Windows, the Java injector will inject shellcode for the Win32 listener directly into memory for you. On other operating systems, the injector will dynamically link and execute the code for your chosen Java listener.

Press Launch to start the attack.