JReFrameworker - Practical Managed Code Rootkits for Java
This project aims to extend the work done by Erez Metula in his book Managed Code Rootkits: Hooking into Runtime Environments. The work outlines a tool ReFrameworker that claims to be a framework modification tool capable of performing any
modification task, however the tool falls short in usability.
Developing new attack modules is difficult as most users are not
familiar with working in the intermediate representations (IR) required
by the tool. Worse yet, the "write once, run anywhere"
motto of managed languages is violated when dealing with runtime
libraries, forcing the attacker to write new exploits for each target
platform. The current version of ReFrameworker (version 1.1) does not
have the ability to manipulate Java bytecode, although Erez Metula
points out that the same techniques of using IRs such as Soot's Jimple or the Jasmin assembler can be used to create Java MCRs.
JReFrameworker
Since ReFrameworker is no longer maintained, this project aims to
extend previous works by introducing JReFrameworker, a tool to produce
MCR capabilities aimed at the Java Runtime Environment in a
user-friendly way.
JReFrameworker is a tool that allows a user to write annotated Java
source that is automatically merged or inserted into the runtime. The
framework supports developing and debugging attack modules directly in
the Eclipse IDE. Working at the intended abstraction level of source
code allows the attacker to "write once, exploit anywhere".
Getting Started
Ready to get started?
- First install the JReFrameworker plugin.
- Then check out the provided tutorials to get started hacking your first attack module.
Changelog
1.1.1
- Improved payload dropper with new command line options for specifying non-standard runtime locations and for specifying output options
1.1.0
- Support for exporting a basic based payload dropper
1.0.2
- Improvements to preferences
- Bug fixes for builder
1.0.1
- Bug fix for missing annotations Jar in new projects
1.0.0
- Initial Release
JReFrameworker - Practical Managed Code Rootkits for Java
Reviewed by Zion3R
on
7:30 PM
Rating: