More Java Fun

by FaultySignal9

This is an extension of Xprotocol's "Java Applet Hacking" article in 17:2.  I case you missed the article, Xprotocol explained a way to exploit password protected web pages via information revealed inside a Java Archive (JAR).  This is an effective approach, but what if this information is not in the archive?  Well, first (maybe before you even open the archive), check for a <PARAM> tag in the HTML.  This tag passes a value to the applet via "String getParameter(String name)" in the java.applet class.  Sometimes filenames or important values will be revealed there.

Now, let's assume there is no <PARAM> and the archive reveals nothing, and all you have is a .class file.  In this case, it's a safe bet that your user/password or protected URL is inside the source.  Better yet, the protocol to the "really cool web game."  So, how do I get the source code, you may ask?  To answer this question, you may need a little primer in Java and the way its binaries work.

I'll start with the actual source code and walk you through to the execution.  Here is a "Hello World" program.  Note: this is not an applet, this is a console program.  However, the same rules apply to applets:

public class HelloWorld {
  public static void main(String args[]) {
    System.out.println("Hello World");
  }
}

Save this code as HelloWorld.java and compile with JDK (java.sun.com):

javac HelloWorld.java

This compilation creates the class file HelloWorld.class.  This class file is what the Java interpreter (a.k.a. Java virtual machine) uses to execute the code (hence, it's an interpreted language).  Your next step will be to execute the code via the interpreter:

java HelloWorld

O.K., back to the applets.  Every browser that supports Java has its own virtual machine/interpreter.  Look for .JARs in your Netscape directory if you are really curious.  So if you visit a page and the browser sees the <APPLET> tag it retrieves the .class/.jar file from the web server and executes it via the interpreter.

If you recall earlier, I was going to answer the question of how to get the source code.  In order to get the code, you have to decompile the class file.  Luckily for you, the source code is located inside the class file.

Even better, there are a number of Java decompilers on the web.  Personally, I use "Decafe Pro" (decafe.hypermart.net) for Windows and I imagine there is one at freshmeat.net.  Just decompile the code and there ya go!
Return to $2600 Index