metasploit-payloads/java/README.md

# Building the Java and Android Meterpreter

1. Install Maven and Java, this will depend on your OS
1. Download the [Android SDK](https://developer.android.com/sdk/index.html)
1. Install Android SDK Platforms 3, 10 and 19, and update the "Android SDK Tools" and "Android SDK Platform-tools"
1. Compile the Android and Java Meterpreter, which deploys to the ../metasploit-frameworks folder
```
mvn package -Dandroid.sdk.path=/path/to/android-sdk -Dandroid.release=true -P deploy
```
Next time you run `msfconsole`, you should see: `WARNING: Local files may be incompatible with the Metasploit Framework`.
This means that msfconsole is now using your newly built version of the Java and Android Meterpreter :)


## Building on OSX
```
brew cask install caskroom/versions/java8
brew cask install android-sdk
brew install maven
sdkmanager --licenses
sdkmanager "platforms;android-3"
sdkmanager "platforms;android-10"
sdkmanager "platforms;android-19"

#cd metasploit-payloads/java
mvn package -Dandroid.sdk.path=/usr/local/share/android-sdk -Dandroid.release=true -P deploy
```

## Compiling JavaPayload and Java Meterpreter manually

To compile JavaPayload (a Java stager / code loader) and Java Meterpreter for
Metasploit, you need Maven 3.1 or above (Maven 3.5 works at the time of this
writing), and a copy of JDK 8.0 or later. Ensure that `mvn` and `javac` are in
your path and work. Then run

```
mvn package
```

to package all the files needed for Java meterpreter. The two files that you will be generated are:

```
meterpreter/meterpreter/target/meterpreter.jar
meterpreter/stdapi/target/ext_server_stdapi.jar
```

To get Metasploit to use these files, you need to place them in a place where
it can find them. To automatically build and install these files into
Metasploit Framework for testing, run:

```
mvn -P deploy package
```

This will package all the files and copy them into the correct place for
Metasploit, assuming that the metasploit-framework repository is checked out in
an adjacent directory to this one. (`../../metasploit-framework/data/java`). If
you get spurious compilation errors, make sure that there is an exclude rule in
your antivirus for the Metasploit directory (or that your antivirus is
disabled).

If the path to your metasploit framework repository is not
`../../metasploit-framework`, but for example (with Kali Linux)

`/usr/share/metasploit-framework/`, set the deploy.path directive like so:

```
mvn -D deploy.path=/usr/share/metasploit-framework -P deploy package
```

When you are editing this or any other Meterpreter, you will want to make sure
that your copy of metasploit-framework is also up-to-date. We occasionally
update the network protocol between Metasploit and its Payloads, and if the two
do not match, things will probably not work. Metasploit will warn you the first
time it stages a development payload that it is doing so, and that the payload
and Metasploit framework may be incompatible.

Each time you make a change to your code, you must build and deploy the files
into metasploit-framework for it to see the updates. It is not necessary to
restart msfconsole when updating payloads however, as they are read from disk
each time. So, a reasonable strategy when debugging is to leave msfconsole
running with `exploit/multi/handler`, and just install and restage payloads as
needed.

When you are done editing and want to revert Metasploit to use the builtin
payloads, simply delete `data/meterpreter/*.jar` and `data/meterpreter/java`
from your Metasploit framework directory. It will then fall back to the
versions bundled with the metasploit-payloads Ruby gem.

# IDE Support

In case you want to edit/debug JavaPayload for Metasploit or Java Meterpreter
with an IDE, Maven provides plugins to auto-generate project files for your
favourite environment (at least for Eclipse, Netbeans or IntelliJ).

I use Eclipse, so to generate project files I use

```
mvn eclipse:eclipse
```

This will generate project files that can be imported via

**File->Import->Existing Projects into Workspace**

into your Eclipse workspace.

(Note that if this is your first Maven project you want to use in Eclipse, you
also have to run

```
mvn -Declipse.workspace=/path/to/your/workspace eclipse:configure-workspace
```

to set up path variables like `M2_REPO` to point to the correct location.)

For NetBeans or IntelliJ IDEA, refer to the documentation at

http://maven.apache.org/netbeans-module.html
http://maven.apache.org/plugins/maven-idea-plugin/
update README.md with simpler instructions for building 2017-11-20 17:49:06 +08:00			`# Building the Java and Android Meterpreter`

			`1. Install Maven and Java, this will depend on your OS`
remove (unused) references to the NDK from README and Makefile 2019-06-02 22:42:01 +08:00			`1. Download the [Android SDK](https://developer.android.com/sdk/index.html)`
update README.md with simpler instructions for building 2017-11-20 17:49:06 +08:00			`1. Install Android SDK Platforms 3, 10 and 19, and update the "Android SDK Tools" and "Android SDK Platform-tools"`
			`1. Compile the Android and Java Meterpreter, which deploys to the ../metasploit-frameworks folder`
			```
remove (unused) references to the NDK from README and Makefile 2019-06-02 22:42:01 +08:00			`mvn package -Dandroid.sdk.path=/path/to/android-sdk -Dandroid.release=true -P deploy`
update README.md with simpler instructions for building 2017-11-20 17:49:06 +08:00			```
			Next time you run `msfconsole`, you should see: `WARNING: Local files may be incompatible with the Metasploit Framework`.
			`This means that msfconsole is now using your newly built version of the Java and Android Meterpreter :)`


			`## Building on OSX`
			```
			`brew cask install caskroom/versions/java8`
			`brew cask install android-sdk`
			`brew install maven`
			`sdkmanager --licenses`
			`sdkmanager "platforms;android-3"`
			`sdkmanager "platforms;android-10"`
			`sdkmanager "platforms;android-19"`

			`#cd metasploit-payloads/java`
remove (unused) references to the NDK from README and Makefile 2019-06-02 22:42:01 +08:00			`mvn package -Dandroid.sdk.path=/usr/local/share/android-sdk -Dandroid.release=true -P deploy`
update README.md with simpler instructions for building 2017-11-20 17:49:06 +08:00			```

			`## Compiling JavaPayload and Java Meterpreter manually`
update README 2017-08-25 17:57:46 -05:00
			`To compile JavaPayload (a Java stager / code loader) and Java Meterpreter for`
			`Metasploit, you need Maven 3.1 or above (Maven 3.5 works at the time of this`
			writing), and a copy of JDK 8.0 or later. Ensure that `mvn` and `javac` are in
			`your path and work. Then run`
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00			`mvn package`
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
update README 2017-08-25 17:57:46 -05:00			`to package all the files needed for Java meterpreter. The two files that you will be generated are:`

			```
			`meterpreter/meterpreter/target/meterpreter.jar`
			`meterpreter/stdapi/target/ext_server_stdapi.jar`
			```

			`To get Metasploit to use these files, you need to place them in a place where`
			`it can find them. To automatically build and install these files into`
			`Metasploit Framework for testing, run:`
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00			`mvn -P deploy package`
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
update README 2017-08-25 17:57:46 -05:00			`This will package all the files and copy them into the correct place for`
			`Metasploit, assuming that the metasploit-framework repository is checked out in`
			an adjacent directory to this one. (`../../metasploit-framework/data/java`). If
			`you get spurious compilation errors, make sure that there is an exclude rule in`
			`your antivirus for the Metasploit directory (or that your antivirus is`
			`disabled).`
Fix relative paths to Metasploit repository As this repo it is no longer in external/source directory, the deploy targets need to know where the Framework repository is. This defaults to ../metasploit-framework, but can be changed via -D deploy.path= command line switch. 2013-06-12 23:44:57 +02:00
update README 2017-08-25 17:57:46 -05:00			`If the path to your metasploit framework repository is not`
still prefer an absolute path 2019-04-25 14:45:07 -05:00			`../../metasploit-framework`, but for example (with Kali Linux)

			`/usr/share/metasploit-framework/`, set the deploy.path directive like so:
Fix relative paths to Metasploit repository As this repo it is no longer in external/source directory, the deploy targets need to know where the Framework repository is. This defaults to ../metasploit-framework, but can be changed via -D deploy.path= command line switch. 2013-06-12 23:44:57 +02:00
			```
still prefer an absolute path 2019-04-25 14:45:07 -05:00			`mvn -D deploy.path=/usr/share/metasploit-framework -P deploy package`
Fix relative paths to Metasploit repository As this repo it is no longer in external/source directory, the deploy targets need to know where the Framework repository is. This defaults to ../metasploit-framework, but can be changed via -D deploy.path= command line switch. 2013-06-12 23:44:57 +02:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
update README 2017-08-25 17:57:46 -05:00			`When you are editing this or any other Meterpreter, you will want to make sure`
			`that your copy of metasploit-framework is also up-to-date. We occasionally`
			`update the network protocol between Metasploit and its Payloads, and if the two`
			`do not match, things will probably not work. Metasploit will warn you the first`
			`time it stages a development payload that it is doing so, and that the payload`
			`and Metasploit framework may be incompatible.`

			`Each time you make a change to your code, you must build and deploy the files`
			`into metasploit-framework for it to see the updates. It is not necessary to`
			`restart msfconsole when updating payloads however, as they are read from disk`
			`each time. So, a reasonable strategy when debugging is to leave msfconsole`
			running with `exploit/multi/handler`, and just install and restage payloads as
			`needed.`

			`When you are done editing and want to revert Metasploit to use the builtin`
note additional cleanup directories 2017-08-25 18:00:11 -05:00			payloads, simply delete `data/meterpreter/*.jar` and `data/meterpreter/java`
			`from your Metasploit framework directory. It will then fall back to the`
			`versions bundled with the metasploit-payloads Ruby gem.`
update README 2017-08-25 17:57:46 -05:00
			`# IDE Support`

			`In case you want to edit/debug JavaPayload for Metasploit or Java Meterpreter`
			`with an IDE, Maven provides plugins to auto-generate project files for your`
			`favourite environment (at least for Eclipse, Netbeans or IntelliJ).`

			`I use Eclipse, so to generate project files I use`
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00			`mvn eclipse:eclipse`
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			`This will generate project files that can be imported via`
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Fix relative paths to Metasploit repository As this repo it is no longer in external/source directory, the deploy targets need to know where the Framework repository is. This defaults to ../metasploit-framework, but can be changed via -D deploy.path= command line switch. 2013-06-12 23:44:57 +02:00			`File->Import->Existing Projects into Workspace`
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
			`into your Eclipse workspace.`

			`(Note that if this is your first Maven project you want to use in Eclipse, you`
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			`also have to run`
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00			`mvn -Declipse.workspace=/path/to/your/workspace eclipse:configure-workspace`
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			```
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
Add compilation instructions for Android 2013-06-11 16:58:53 -05:00			to set up path variables like `M2_REPO` to point to the correct location.)
Convert JavaPayload project to use Maven Functionality and build result is 1:1 the same as before. Auxiliary ant targets have been converted to Maven profiles. 2012-12-20 23:56:21 +01:00
			`For NetBeans or IntelliJ IDEA, refer to the documentation at`

			`http://maven.apache.org/netbeans-module.html`
			`http://maven.apache.org/plugins/maven-idea-plugin/`

Add compilation instructions for Android 2013-06-11 16:58:53 -05:00