JPaulMora Posted November 16, 2015 Share Posted November 16, 2015 Hey guys, I have a JAVA project and I want to add this msfvenom payload to it, but I have no idea how to "execute" this buf. Anyone know how to do this? or is there any other option on injecting code ? --the payload was generated with './msfvenom -p osx/x64/say TEXT="it works" -f java' thanks. buf = new byte[] { (byte) 0x48, (byte) 0x31, (byte) 0xc0, (byte) 0xb8, (byte) 0x3b, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0xe8, (byte) 0x16, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x2f, (byte) 0x75, (byte) 0x73, (byte) 0x72, (byte) 0x2f, (byte) 0x62, (byte) 0x69, (byte) 0x6e, (byte) 0x2f, (byte) 0x73, (byte) 0x61, (byte) 0x79, (byte) 0x00, (byte) 0x69, (byte) 0x74, (byte) 0x20, (byte) 0x77, (byte) 0x6f, (byte) 0x72, (byte) 0x6b, (byte) 0x73, (byte) 0x00, (byte) 0x48, (byte) 0x8b, (byte) 0x3c, (byte) 0x24, (byte) 0x4c, (byte) 0x8d, (byte) 0x57, (byte) 0x0d, (byte) 0x48, (byte) 0x31, (byte) 0xd2, (byte) 0x52, (byte) 0x41, (byte) 0x52, (byte) 0x57, (byte) 0x48, (byte) 0x89, (byte) 0xe6, (byte) 0x0f, (byte) 0x05 }; Quote Link to comment Share on other sites More sharing options...
cooper Posted November 16, 2015 Share Posted November 16, 2015 You need to feed the buffer into a service or program you're exploiting. You need to specify that program or service. Quote Link to comment Share on other sites More sharing options...
JPaulMora Posted November 17, 2015 Author Share Posted November 17, 2015 Are you saying this needs to get injected directly to RAM? Could you point me to an example? isn't there a way to call it as a java function? Quote Link to comment Share on other sites More sharing options...
cooper Posted November 17, 2015 Share Posted November 17, 2015 Let me rephrase my answer so you maybe understand the issue at hand better. Java, as you probably know, is an interpreted language. Sure, its byte-code gets compiled to machine code by the JIT compiler if you run it often enough, but that's an optimization of the virtual machine and your code should never be aware of this. As such, the only payload that you can inject into the system would be java byte-code that you inject into the virtual machine. Because that's your environment. Java actually makes effective use of this via user-defined classloaders and things like the ASM library, but this is very much advanced Java which 99% of the java-writing world will never dabble with. Now, your msfvenom payload is x86 byte code. You need to modify the code running on your processor in such a way that the instruction pointer register points to the buffer containing this exact sequence of bytes. You're not going to get that any time soon with java, so instead you're going to have to target a native program. Some exe or service that preferably has some known flaw so you can inject your payload and also corrupt the stack so the instruction pointer gets to contain that buffer's address and you get to see your payload in action. See this classic 2600 article by Aleph One Smashing The Stack For Fun And Profit for a good primer on where your payload goes in the whole scheme of things. Quote Link to comment Share on other sites More sharing options...
JPaulMora Posted November 26, 2015 Author Share Posted November 26, 2015 You sir, have enlightened me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.