Path: blob/master/modules/exploits/local_host/signed_applet_dropper/README.txt
1154 views
--- How to use this module ---1-- antisnatchor:2- the applet has been compiled with Java 1.6.0 update 0 in order to be compatible with every JRE > 1.6.x (1.7.x included)3- tested with IE8 on XP SP3, and IE10 on Win74- tested with JRE 1.6.x and 1.7.x56- I advise you to recompile/re-sign the applet yourself, the following are the required steps to compile and self-sign the applet.7NOTE: Best results are obtained signing the applet with a valid Code Signing certificate.89- Ideally the dropper is a packed backdoor (Meterpreter?) that connects back to your server (for instance a Metasploit multi/handler).10111. compile the two classes12javac SignedApplet.java SM.java13142. create a JAR15jar cvf SignedApplet.jar SignedApplet.class SM.class16173. generate a keystore to self-sign the applet18keytool -keystore tmp -genkey19204. sign the applet21jarsigner -keystore tmp signedAppletCmdExec.jar mykey222324