Jump to content

How to add Msfvenom payload to JAVA project?


Recommended Posts

Hey guys, I have a JAVA project and I want to add this msfvenom payload to it, but I have no idea how to "execute" this buf. Anyone know how to do this? or is there any other option on injecting code ?

--the payload was generated with './msfvenom -p osx/x64/say TEXT="it works" -f java'


buf = new byte[]
					(byte) 0x48, (byte) 0x31, (byte) 0xc0, (byte) 0xb8, (byte) 0x3b, (byte) 0x00, (byte) 0x00, (byte) 0x02,
					(byte) 0xe8, (byte) 0x16, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x2f, (byte) 0x75, (byte) 0x73,
					(byte) 0x72, (byte) 0x2f, (byte) 0x62, (byte) 0x69, (byte) 0x6e, (byte) 0x2f, (byte) 0x73, (byte) 0x61,
					(byte) 0x79, (byte) 0x00, (byte) 0x69, (byte) 0x74, (byte) 0x20, (byte) 0x77, (byte) 0x6f, (byte) 0x72,
					(byte) 0x6b, (byte) 0x73, (byte) 0x00, (byte) 0x48, (byte) 0x8b, (byte) 0x3c, (byte) 0x24, (byte) 0x4c,
					(byte) 0x8d, (byte) 0x57, (byte) 0x0d, (byte) 0x48, (byte) 0x31, (byte) 0xd2, (byte) 0x52, (byte) 0x41,
					(byte) 0x52, (byte) 0x57, (byte) 0x48, (byte) 0x89, (byte) 0xe6, (byte) 0x0f, (byte) 0x05
Link to comment
Share on other sites

Let me rephrase my answer so you maybe understand the issue at hand better.

Java, as you probably know, is an interpreted language. Sure, its byte-code gets compiled to machine code by the JIT compiler if you run it often enough, but that's an optimization of the virtual machine and your code should never be aware of this. As such, the only payload that you can inject into the system would be java byte-code that you inject into the virtual machine. Because that's your environment. Java actually makes effective use of this via user-defined classloaders and things like the ASM library, but this is very much advanced Java which 99% of the java-writing world will never dabble with.

Now, your msfvenom payload is x86 byte code. You need to modify the code running on your processor in such a way that the instruction pointer register points to the buffer containing this exact sequence of bytes. You're not going to get that any time soon with java, so instead you're going to have to target a native program. Some exe or service that preferably has some known flaw so you can inject your payload and also corrupt the stack so the instruction pointer gets to contain that buffer's address and you get to see your payload in action.

See this classic 2600 article by Aleph One Smashing The Stack For Fun And Profit for a good primer on where your payload goes in the whole scheme of things.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...