Hi!
I want to know if there is possibility to find a vulnerability on a .jar file.
I tried to install Kali on VM (for now) and tried to use metasploit but I found that it attacks the inter system on a indicated ip address.
There are many application or video (and so on) for my problem?
This .jar file is an application and I want to do pentesting...
Sorry for my poor english but it isn't my native language.
I'm new in pentesting wolrd 🤣

You don't need Metasploit for that, Use one(or more) of the tools available in the Reverse Engineering Section. Good Luck!

What kind of vulnerability ? I doubt code exec is possible as you would have to find a vuln in the java VM.
If you are looking to bypass something (this smells of piracy) I'd use a good old java decompiler, you can do it on windows as well

THIS IS A JOKE FOR THE SAKE OF JESTING:

maybe to penetrate that jar you need a man to open it first?

As for metasploit, it depends on what kind of vulnerability it is. MSF (MetaSploit Framework) is made for remote exploitation/remote controlling of compromised hosts.

If that jar has capabilities of listening to incoming connections or if you'd find a vulnerability which would allow a specifically crafted payload to exploit this in order to start a reverse (or bind) shell, then you could use MSF but you'd have to get that payload (in the form of something executable) onto the target system.

I haven't done this in a while but I've done loads of pentesting so if you've got any questions, feel free to ask!

@rezn0v Check my comment ;)

@linuxxx Mhm.. You are right. I was speaking of my tiny experience. You are the experienced one here.

Thanks ^^

Thank you. @linuxxx

I'm trying to use javasnoop and decompile the application. But I'm New and I don't have any idea how to use that. I only have this error

@whiteChestnut Tbh I've never done Java or used that application 😅