Re: Hijacking Java Classes

From: Dean H. Saxe (dean@fullfrontalnerdity.com)
Date: Thu Dec 29 2005 - 11:08:49 EST


Decompilation is your best bet. Decompile the existing class using
JAD or FrontEndPlus, modify it to suit your needs (say, writing out
login credentials somewhere), recompile and re-JAR the classes. You
could also use decompilation to determine all of the method
signatures and then write your own class with those particular method
signatures and replace the original class with your malicious one.
The effect is the same.

You'll have to make sure the JAR isn't signed for this to work
directly. If it is signed, you'll need to resign the JAR with a new
private key and certificate. If the certs are validated against a CA
then you'll need the original private key that was used to sign the
JAR. There may be other tamper-proofing mechanisms in place you'll
discover while working on this. They can usually be circumvented
with a little creativity.

Good luck!
dhs-

Dean H. Saxe, CEH
dean@fullfrontalnerdity.com
"I have always strenuously supported the right of every man to his
own opinion, however different that opinion might be to mine. He who
denies another this right makes a slave of himself to his present
opinion, because he precludes himself the right of changing it."
     -- Thomas Paine, 1783

On Dec 28, 2005, at 7:03 PM, funkyforumemail@hotmail.com wrote:

> I have a java .jar, and would like to write the variables being
> sent to a particular class into a seperate file, then continue to
> execute the class as normal. An example would be a login.class, i
> would like to intercept the username and password going into the
> class file. The point is that I dont have the original source code,
> and decompiling and recompiling the class is difficult. Replacing
> the class with my own and somehow resume normal execution seems to
> be the best way.
>
> Please help.
>
> ----------------------------------------------------------------------
> --------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications
> on your
> website. Up to 75% of cyber attacks are launched on shopping carts,
> forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down
> servers are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:18 EDT