The PoC exploit of ScriptKiddie from HackTheBox actually requires a binary known as jarsigner . The binary itself is bundled with the Java SDK. Since I use Kali Linux, which has a few of Java applications, I should have that binary installed. However, I was unable to locate this jarsigner.

As it could potentially mess up the whole system, I didn’t want to reinstall the Java SDK on my Kali just to obtain this single binary file. So I started looking for the binary online. Sadly, most of the search results showed up were just a bunch of documentation about how to use jarsigner. Great!

In search of the missing binary - Google dork

Luckily, we can utilize Google dork for this! Here’s my dork:

intitle:"index of /" bin jarsigner

After wandering google’s page by page, I found this site hosting the whole JDK folder.

image-20210614151715867

Now I can just pull that jarsigner from the web. Unfortunately, it can not be used yet by just simply putting the binary into the Java PATH.

Installing jarsigner

This Java binary needs to be ‘symlinked’. Okay, so we’ll have to locate where is the whole Java binaries located.

$ ls -l $(which java)
lrwxrwxrwx 1 root root 22 Nov 25  2019 /usr/bin/java -> /etc/alternatives/java
$ ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 43 Nov 25  2019 /etc/alternatives/java -> /usr/lib/jvm/java-11-openjdk-amd64/bin/java

From here, we can grab the jarsigner binary from the previous site and drop it directly under /usr/lib/jvm/java-11-openjdk-amd64/bin/.

$ curl -s http://www.citrucoop.es/jdk-11.0.6/bin/jarsigner > /usr/lib/jvm/java-11-openjdk-amd64/bin/jarsigner

Lastly, I’ll make a symlink of jarsigner at /usr/bin/.

$ ln -sf /usr/lib/jvm/java-11-openjdk-amd64/bin/jarsigner /usr/bin/jarsigner

The exploit for ScriptKiddie should be working now!

Hold up.. isn’t it unsafe? 🤔

Absolutely! 😅 so don’t ever do this if you don’t trust the site or don’t know what you are doing xD