Thanks a lot!
OK! If you are just looking for the answer of the question, it is in this youtube video at the specific time.
Time = 1.40.04
God bless you! Newbies like me really wants people like you… HTB really needs people like you ! I am going to go deep in this, it has shown me by biggest weakness ! Thankyou !
My realization
the first time I had real problems compiling the files and immediately looked for solutions on the internet and here in the forum, I also found helpful information, thanks for that!
But on the whole I didn’t follow the instructions in the module correctly and that was my mistake.
Every time you modify a *.java file, you should follow these steps
- javac -cp fatty-client-new.jar .\fatty-client-new.jar.src\htb\fatty\client\xyz\XYZ.java
- cp fatty-client-new.jar raw\fatty-client-new-2.jar
- mv -Force fatty-client-new.jar.src\htb\fatty\client\xyz*.class raw\htb\fatty\client\xyz\
- cd raw
- jar -cmf META-INF\MANIFEST.MF traverse.jar .
- double-click on the traverse.jar
and that’s it.
can some one just post the ip i have zero java experiance and ill never use this in real world as I have no desire to do programing i get to the part where you mod the file to download the server but they left out alot of the compiling and ■■■■ this section should be its own module i dont want to spend a week to complete a section that doesnt even reward you with cubes
any one stuck on the download add all th lines besides
return "Successfully saved the file to " + desktopPath;
}
and it should compile correctly you wont get a message but after a bit it should show the bianary output on screen and a non zero byte server file should be present on the desktop of the rdp this took me 8 straight hours to diag wow what a horrible section
Dude, thank you. Wish I could send my htb fees to you instead. What a rip
Thanks men!,
Need to delete the other fuction of String password in the code
Hey I dont know if anyone has tried this challenge recently but I wasn’t able to get the jar file to work. Some of the steps I took.
Modified port in the beans.xml file to 1337.
Deleted both 1.SF and 1.RSA.
Removed the SHA256 Hashes from the MANIFEST.MF file.
No matter what, Wireshark would do a SYN > SYN ACK > ACK then as soon as SSL/TLS sent a client HELO, the jar file froze up.
I also tried leaving the SHA hashes in the MANIFEST.MF file and just removing the 1.SF and 1.RSA files, no luck. Using all the three different ports, nothing. Using the IP address instead of the hostname in beans.xml. I consistently had the same SSL/TLS issues.
Another odd thing, I visited the host at port 1337 in the web browser and the application did respond to the HTTP request fine so… idk.
Any response to this would be cool. I managed to just watch ippsec’s video for the answer but was kind of bummed I couldn’t run through this like all the other labs.
make sure you removed all of the hashes from the MANIFEST file and leave just one new line at the end of it. so thats just one space or line you can place your cursor on to write. you dont have to follow doing an echo 10.10… ip address to your hosts file. i think i was having network issues with my lab so i restarted it and jsut did all the steps like that. make sure youre running the new jar file you just compiled.
It it is a hard one, thank you guys for the big help.
Superb post, Informative and helpful!
Have you manage to finish this section?! I am super stuck… have tried from the pawnbox, the windows machine but I cant even get to access the java application with the normal username and password…
I just managed to complete this section. For the first part, to login as qtc / clarabibi, I work on the below step
- Right click on fatty-client.jar to extract files into a folder (e.g. fatty-client)
- Open the “fatty-client\beans.xml” and change the connection port from 8000 to 1337 (follow the instruction in the section: Let’s edit the line
<constructor-arg index="1" value = "8000"/>
… , remember to save the file - In "fatty-client\META-INF" folder, rename the “MANIFEST.MF” to “MANIFEST.org” and copy and paste the code sample under section: Let’s remove the hashes from
META-INF/MANIFEST.MF
… into a new file “MANIFEST.MF” (You can follow the instruction in the section to delete all the hashes, but I find it easier to rename the original file and create back the MANIFEST.MF, remember to add a new line at the end of the MANIFEST.MF) - Delete the ‘1.RSA’ and ‘1.SF’ from the “META-INF” directory
- Run the command "
jar -cmf .\META-INF\MANIFEST.MF …\fatty-client-new.jar *" to generate the fatty-client-new.jar, i.e. to follow the step in section: We can update and run thefatty-client.jar
file by issuing the following commands… - Double click on the "fatty-client-new.jar’ and login as qtc / clarabibi, should be able to login successfully
Thanks! I managed to log in with qtc/clarabibi
I do not clear the complete screen… I can search or open any files in the java application…
I have reseted the machine but everytime I get it like this…
I remember I encountered similar screen before, I found out when I do any of the below 2 things, the open button did not show up:
1: when using xfreerdp with parameters smartsizing or size
2: when I expand/reduce the height of the java application screen
Hope this help.
Somehow you must know how Java works
i tried to open these two but none of them gives no response. Is this the correct file? Aren’t we supposed to open the newly compiled file
client_name.jar
?
EDITED
anyway got it. Thanks a lot once again. They've updated some slight changes.
can some one help me with invoker.java file … i am not able to compile it …???
For compiling, if you’ve followed what copper have mentioned Copper’s walk through there would be no issue