While there are many tools that we could use to decompile Java bytecode (with various degrees of success), let's checkout the JD-GUI decompiler. Java-based web applications primarily consist of compiled Java class files that are compressed into a single file, a Java ARchive, or JAR, file. Using JD-GUI, we can extract the class files and subsequently decompile them back to Java source code.

Java Decompiler
JD Java Decompiler

Let's demonstrate decompilation in JD-GUI with a test JAR file. We'll create JAR/test.java on our Kali machine:

import java.util.*;

public class test{
	public static void main(String[] args){
		Scanner scanner = new Scanner(System.in);
		System.out.println("What is your favorite Web Application Language?");
		String answer = scanner.nextLine();
		System.out.println("Your answer was: " + answer);
A simple Java application

This basic Java application prompts for the user's favorite language and prints the answer to the console. As part of the compilation process, we also set the Java source and target versions to 1.8, which is the current long-term suggested version from Oracle.

For this section, we will need a Java Development Kit (JDK) to compile the Java source. If it is not already installed, we can install it in Kali with "sudo apt install default-jdk".

kali@kali:~$ javac -source 1.8 -target 1.8 test.java
Setting the relative Java version during compilation

After compiling the source code, test.class is written to our JAR directory. In order to package our class as a JAR file, we will need to create a manifest file. This is easily accomplished by creating the JAR/META-INF directory and adding our test class to the MANIFEST.MF file as shown below.

kali@kali:~$ mkdir META-INF

kali@kali:~$ echo "Main-Class: test" > META-INF/MANIFEST.MF
Creating the manifest for the JAR test file

We can now create our JAR file by running the following command:

kali@kali:~$ jar cmvf META-INF/MANIFEST.MF test.jar test.class
added manifest
adding: test.class(in = 747) (out= 468)(deflated 37%)
Creating the JAR test file

Great! Now that we know our JAR file works, let's copy it to the machine running JD-GUI. One easy way to transfer files is via SMB with an Impacket script. In our JAR directory, we will issue the following command:

Creating a temporary SMB Server on Kali Linux

We'll use Windows Explorer to navigate to our Kali SMB server with the Samba server running using the \\your-kali-machine-ip\test path. We'll then copy test.jar to the desktop of the machine with JD_GUI installed. Finally, we can open JD-GUI using the taskbar shortcut and drag our JAR file on its window.

At this point, we should be able to use the left navigation pane to navigate to the decompiled code in JD-GUI, as shown in Figure 46.

Navigating the decompiled source code

In a manner similar to the cross-reference analysis that can be performed with dnSpy, we can also search the decompiled classes for arbitrary methods and variables with JD-GUI. However, the user interface is non-intuitive and may be cumbersome when used with large and complex applications.

Searching for arbitrary strings in JD-GUI

FreeRDP is a free remote desktop protocol client.
freerdp2 | Kali Linux Tools

Freerdp comes preinstalled with Kali Linux and is easy to use to remote from Linux into a Windows machine.

kali@kali:~$ xfreerdp +nego +sec-rdp +sec-tls +sec-nla /d: /u: /p: /v:M@ch1n3N@m3 /u:@dm1n1$tr@t0r /p:P@$$W0rd /size:1180x708
How to connect to Windows remote desktop from Linux