While there are many tools that we could use to decompile Java bytecode (with various degrees of success), let's checkout the JD-GUI decompiler. Java-based web applications primarily consist of compiled Java class files that are compressed into a single file, a Java ARchive, or JAR, file. Using JD-GUI, we can extract the class files and subsequently decompile them back to Java source code.
Let's demonstrate decompilation in JD-GUI with a test JAR file. We'll create JAR/test.java on our Kali machine:
This basic Java application prompts for the user's favorite language and prints the answer to the console. As part of the compilation process, we also set the Java source and target versions to 1.8, which is the current long-term suggested version from Oracle.
For this section, we will need a Java Development Kit (JDK) to compile the Java source. If it is not already installed, we can install it in Kali with "sudo apt install default-jdk".
After compiling the source code, test.class is written to our JAR directory. In order to package our class as a JAR file, we will need to create a manifest file. This is easily accomplished by creating the JAR/META-INF directory and adding our test class to the MANIFEST.MF file as shown below.
We can now create our JAR file by running the following command:
Great! Now that we know our JAR file works, let's copy it to the machine running JD-GUI. One easy way to transfer files is via SMB with an Impacket script. In our JAR directory, we will issue the following command:
We'll use Windows Explorer to navigate to our Kali SMB server with the Samba server running using the \\your-kali-machine-ip\test path. We'll then copy test.jar to the desktop of the machine with JD_GUI installed. Finally, we can open JD-GUI using the taskbar shortcut and drag our JAR file on its window.
At this point, we should be able to use the left navigation pane to navigate to the decompiled code in JD-GUI, as shown in Figure 46.
In a manner similar to the cross-reference analysis that can be performed with dnSpy, we can also search the decompiled classes for arbitrary methods and variables with JD-GUI. However, the user interface is non-intuitive and may be cumbersome when used with large and complex applications.
Freerdp comes preinstalled with Kali Linux and is easy to use to remote from Linux into a Windows machine.
kali@kali:~$ xfreerdp +nego +sec-rdp +sec-tls +sec-nla /d: /u: /p: /v:M@ch1n3N@m3 /u:@dm1n1$tr@t0r /p:P@$$W0rd /size:1180x708