Jump to content

Java Attack Methods


Recommended Posts

Hey all,

I currently have a .jar file that I had custom made so when run it sets up a backdoor to connect back to an IRC server which is on my network to better manage the computers I'm pen testing.

Anyways I'm having a hard time getting the java program to run when a person connects to the pineapple. Can someone give me some tips as to where do I put the .jar file? under /www and then just have a the DNS spoof page linked to the location of the .jar file on the pineapple?

I'd like to incorporate this just as the SET java attack does...have the user click "ok" etc.. to run the java.. Anyone have any ideas?

Link to comment
Share on other sites

You want the captive portal page to run it as an applet. Keep in mind that applets sometimes have additional security restrictions so you'll probably want to test it in a browser to make sure it behaves the way you think it will when loaded over the captive portal.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...