The PoC exploit of ScriptKiddie from HackTheBox actually requires a binary known as jarsigner . The binary itself is bundled with the Java SDK. Since I use Kali Linux, which has a few of Java applications, I should have that binary installed. However, I was unable to locate this jarsigner.
I didn’t want to reinstall the Java SDK on my Kali just to obtain this single binary file as it could potentially mess up the whole system. So I started looking for the binary online. Sadly, most of the search results showed up were just a bunch of documentation about how to use jarsigner. Great!
In search of the missing binary - Google dork
Luckily, we can utilize Google dork for this! Here’s my dork:
intitle:"index of /" bin jarsigner
After some check, I found this site hosting the whole JDK folder.
Now I can just pull that jarsigner from the web. Unfortunately, it can not be used yet by just simply putting the binary into the Java PATH.
Installing jarsigner
It turns out that Java binary needs to be ‘symlinked’.
Okay so first I’ll have to locate where is my Java binary located.
$ ls -l $(which java)
lrwxrwxrwx 1 root root 22 Nov 25 2019 /usr/bin/java -> /etc/alternatives/java
$ ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 43 Nov 25 2019 /etc/alternatives/java -> /usr/lib/jvm/java-11-openjdk-amd64/bin/java
From here, I’ll grab the jarsigner binary from the previous site and drop it directly under /usr/lib/jvm/java-11-openjdk-amd64/bin/.
$ curl -s http://www.citrucoop.es/jdk-11.0.6/bin/jarsigner > /usr/lib/jvm/java-11-openjdk-amd64/bin/jarsigner
Lastly, I’ll make a symlink of jarsigner at /usr/bin/.
$ ln -sf /usr/lib/jvm/java-11-openjdk-amd64/bin/jarsigner /usr/bin/jarsigner
The exploit for ScriptKiddie should be working now!
Hold up.. isn’t it unsafe? 🤔
Absolutely! 😅 so don’t ever do this if you don’t trust the site or don’t know what you are doing xD