I’m doing the updated content, but cant follow the exercise because the fatty-server.jar doesn’t download in the desktop someone have an idea why?
here is the Invoker.java
you can dm me if you still have the problem and I share you what it work for me
but you can try this, import at the top
import java.io.FileOutputStream;
import java.util.Properties;
and after modifying the invoker.java
javac -cp fatty-client-new.jar fatty-client-new.jar.src/htb/fatty/client/methods/Invoker.java
mv -Force fatty-client-new.jar.src/htb/fatty/client/methods/*.class raw/htb/fatty/client/methods/
I have the same issue. I also tried to just skip that part and go to the SQL part but I can’t get that to work either. If anyone could give me some pointers I would really appreciate it! Thanks
I was able to skip that part and just bypass the login for the client side. But I would like to do it right, so I will give your method a try in a bit. TBH I don’t really understand the client bypass either, same deal I could not get the examples to work from the module…
How did you solve the SQL Part? I was able to modify the client-side app and download succesfully the fatty-client.jar
But when I follow the same steps and modify the user.java file the code does not break, but also nothing happens. So I’m not pretty sure which are the fields one should replace. Since the server app asks for a getPassword and getUsername I only tried to touch all the parameters those functions returns. However, when I touch them and re-compile the code (already moving the .class files) nothing happens :l
By “nothing happens” I mean I cannot log as I did in the original app. So I succesfully modified the code, but no the way I wanted
Hi, i am also struggeling with this can’t get to work I did every thing as indicated but the server.jar file is not downloading. any other tips that you can give that might help
1-. When you open the original code you will see multiple
public User(...)
definitions (do not confuse it with the public class User, otherwise the .java file will not compile when you run javac if you delete/replace it). What I did was, taking the portion of code for public User provided in the Academy I only replaced THE FIRST public User definition. I.e., I left all the other public User definitions that contained conditions like if (!hash) and this(999, ...); and also kept the public static User anonymousUser( ) function.
2-. Just replace all the setPassword function with the portion of code provided in the Academy and do not touch the rest of getUsername, getRoleName, etc, functions
3-. Compile the code with the javac command, move the generated file to the raw directory (just follow/repeat the steps of the Academy for the ClientGuiTest.java as shown at the beginning of the section), and move all the .class files generated when we compiled User.java with
Ippsec did a youtube video on fatty, i suggest you check it out. It really helped me and also taught me some extra tricks that i can use if i run in such apps again
Hi, Is there someon that managed to get the “Exploiting Web Vulnerabilities in Thick-Client Applications” working? I am stuck recompiling the .java class with “javac -cp fatty-client-new.jar fatty-client-new.jar.src/htb/fatty/client/gui/ClientGuiTest.java”. It trows a lot of errors and I think that does not compile it right because I can not start the new .jar file. Does somebody know how to mitigate the errors?
