thank you man…took me 3 weeks, but it’s done…
1 Like
SPOILERALERT
Short Guide to help you since the Module didn’t explain some important steps.
I will leave most of the steps explained in the course out.
First:
You don’t need to do the server part, it was only required to understand how to use the SQLi.
Second:
The only things you need to change are the port in beans.xml, deleting most of the MANIFEST.mf exactly as explained in the course and changing the User.java file in htb\fatty\shared\resources.
Additionally, you need to delete the 1.RSA and 1.SF from the META-INF directory.
Steps:
Change the port in the beans.xml and delete the hashes in the MANIFEST.MF and leave a new line beneath it. Save and jar -cmf .\META-INF\MANIFEST.MF ..\fatty-client-new.jar * exactly as explained in the course.
Check if you can log in with the given credentials. (if not, repeat the first step and look at the course explanation)
Now the steps that are insufficiently explained in the course.
- Drag the fatty-client-new.jar onto the JD-GUI in the C:\tools\
- “File” → “Save all resources” to C:\Apps\
- Extract the jar.src file to fatty-client-new.jar.src\ in the C:\Apps\
- Change the htb\fatty\shared\resources\User.java file to
javac -cp fatty-client-new.jar fatty-client-new.jar.src\htb\fatty\shared\resources\User.javamkdir rawcp fatty-client-new.jar raw\fatty-client-new-2.jar- Go to the raw directory and decompress the fatty-client-new-2.jar by right-clicking and “Extract here”
mv -Force fatty-client-new.jar.src/htb/fatty/shared/resources/*.class raw/htb/fatty/shared/resources/cd rawjar -cmf META-INF\MANIFEST.MF traverse.jar .- open the traverse.jar file and do the SQLi as explained in the course
- open the Ipconfig tab in the client to answer the question
If I missed something or made an error please correct me.
1 Like
thanks buddy, solved , struggling about 2 days anyways…
simply gets stuck, doesn’t work
nvm, I figured it out, big thanks
i use this method for @HaidarMaximus but give me login failed
really grateful for your comment… I thought we are always creating a new one without the existing .jar, so I renamed the “old” one and hence why it didn’t work.
Really appreciate the effort you put into this. Thanks a lot!
1 Like
Thanks a lot! Used it as a reference!
Thank you for posting this. This was honestly one of the worst modules I have come across simply due to the lack of clarity in the instructions.
Ah! I only got till where we download fatty-server.jar and it never opened, I spent almost 2 days on this but i was never sure why they were not opening. It happen one time with the Path Traversal part but I went out to clear my mind and it worked then. Thanks a lot! I think there are some instructions not clear enough but i could not manage the SQLi part