Description

This attack starts a web server hosting a self-signed Java applet. Visitors are asked to give the applet permission to run. When a visitor grants this permission, you gain access to their system.

The Java Signed Applet Attack uses Cobalt Strike's Java injector. On Windows, the Java injector will inject shellcode for a Windows listener directly into memory for you.

Note

To get the most mileage from this attack, you will want to download the Applet Kit from the Cobalt Strike arsenal and sign it with a code signing certificate.

Attack

For self-signed applets, the attack will likely fail: