3

Hi!
I want to know if there is possibility to find a vulnerability on a .jar file.
I tried to install Kali on VM (for now) and tried to use metasploit but I found that it attacks the inter system on a indicated ip address.
There are many application or video (and so on) for my problem?
This .jar file is an application and I want to do pentesting...
Sorry for my poor english but it isn't my native language.
I'm new in pentesting wolrd 🤣

Comments
  • 1
    You don't need Metasploit for that, Use one(or more) of the tools available in the Reverse Engineering Section. Good Luck!
  • 2
    THIS IS A JOKE FOR THE SAKE OF JESTING:

    maybe to penetrate that jar you need a man to open it first?
  • 1
    As for metasploit, it depends on what kind of vulnerability it is. MSF (MetaSploit Framework) is made for remote exploitation/remote controlling of compromised hosts.

    If that jar has capabilities of listening to incoming connections or if you'd find a vulnerability which would allow a specifically crafted payload to exploit this in order to start a reverse (or bind) shell, then you could use MSF but you'd have to get that payload (in the form of something executable) onto the target system.

    I haven't done this in a while but I've done loads of pentesting so if you've got any questions, feel free to ask!
  • 0
    @rezn0v Check my comment ;)
  • 1
    @linuxxx Mhm.. You are right. I was speaking of my tiny experience. You are the experienced one here.

    Thanks ^^
  • 1
    Thank you. @linuxxx

    I'm trying to use javasnoop and decompile the application. But I'm New and I don't have any idea how to use that. I only have this error
  • 0
    @whiteChestnut Tbh I've never done Java or used that application 😅
Add Comment