This article is a part of:
The PoC exploit of ScriptKiddie from HackTheBox actually requires a binary known as jarsigner . The binary typically bundled with the Java SDK. Since Kali Linux ships with several Java-based applications, I assumed that the binary was already installed somewhere.
However, I was unable to locate this jarsigner.
The Problem
I thought about reinstalling the Java SDK just to obtain this single binary file felt unnecessary. I mean, it could potentially affect the existing Java environment, so I started looking for the binary online.
Sadly, most of the search results were just a bunch of documentation about how to use jarsigner, rathen than where to obtain it directly.
Finding Solutions
In search of the missing binary
One approach for this is to leverage Google dork to locate accessible directory listings containing the binary.
Here’s my dork:
intitle:"index of /" bin jarsignerAfter digging trhough several pages, I came across a site hosting an entire Java JDK folder.
Among the files listed, there was the jarsigner file I was looking for. So I pulled that file to my local folder.
Installing jarsigner
Unfortunately, the file can not be used yet by just simply putting the binary into the Java PATH. This binary needs to be ‘symlinked’.
So, first I’ll have to locate where is the entire Java binaries located.
$ ls -l $(which java)
lrwxrwxrwx 1 root root 22 Nov 25 2019 /usr/bin/java -> /etc/alternatives/java
$ ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 43 Nov 25 2019 /etc/alternatives/java -> /usr/lib/jvm/java-11-openjdk-amd64/bin/javaNext, I’ll grab the jarsigner binary from the previous site and drop it directly under /usr/lib/jvm/java-11-openjdk-amd64/bin/.
$ curl -s http://www.citrucoop.es/jdk-11.0.6/bin/jarsigner > /usr/lib/jvm/java-11-openjdk-amd64/bin/jarsignerLastly, I’ll make a symlink of jarsigner at /usr/bin/.
$ ln -sf /usr/lib/jvm/java-11-openjdk-amd64/bin/jarsigner /usr/bin/jarsignerThe exploit for ScriptKiddie should be working again now!
Hold up.. isn’t it unsafe? 🤔
Absolutely! 😅 downloading binaries from an unknown server is a bad idea, sdon’t ever do this if you don’t trust the site or don’t know what you are doing!