Java Jdk-8u144 Mac Download

What You Need

  • A Kali virtual machine. I used version 2017.1.

Download the Java SE 6 for OSX (click the Download button) Once the download finishes, install the dmg file following the onscreen instructions. When you have Java Runtime 6 installed on your Mac, you can launch Adobe CS5 (or any other app that require Java 6 runtime). Note: You DO NOT need to restart your Mac before launching the app. This site requires JavaScript to be enabled. Select the appropriate file under the 'Java SE Development Kit' links, accept the license, then download the file. Once you have downloaded the JDK into a folder on your harddrive, go to that folder and double click on the file named (for example) jdk-8u144-windows-x64.exe to install it (version number may vary).(.

Purpose

Apache Struts is a popular server-side Java-basedframework used to make web applications. Firstwe'll set up a vulnerable server, and then exploitit with Metasploit.

Note that this is NOT the very latest exploit,released Sept 5, 2017. For that exploit,seethis project.

This exploit was released in Marchof 2017.

Download the Ubuntu 16.04.02 Server ISO

In a Web browser, go tohttps://www.ubuntu.com/download/server

Download the latest version of Ubuntu 16.04 server. WhenI looked, the latest version was 16.04.03, 64-bit only.

Create a VM

Start VMware. Create a new virtual machine,using the ISO file. The steps depend on yourVMware version.

For VMware Fusion on a Mac, the steps are:

  • File, New...
  • Accept the default option of 'Install from disc orimage' and click Continue.
  • Navigate to the Ubuntu ISO, click it, and click Continue.
  • In the 'Linux Easy Install' box, enter student in all the fields. Click Continue.
  • Click Finish.
  • Select a folder and name for your VM.
When the Ubuntu server starts, log in with these credentials:

Username: studentPassword: student

Installing SSH

To control the VM, you need SSH, so you can copy andpaste commands into the Terminal.

On your Ubuntu console, execute this command:

Enter the password student when you are prompted to.

On your Ubuntu console, execute these commands:

Connecting via SSH

On your host system, connect to your server via SSH.

On a Mac, in a Terminal window, execute this command,replacing the IP address with the IP address ofyour Ubuntu server.

Add the server fingerprint when you are promptedto.

Enter the password student when you areprompted to.

If you are using Windows, installPuTTYand use it to connect to your Ubuntu server.Install Oracle Java JDK 8On your host system,in a Web browser, go here:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

Accept the agreement.

Download jdk-8u144-linux-x64.tar.gz

On a Mac host, open a new Terminal windowand execute these commands to move theJava installer file to the server,replacing the IP address with the IP address ofyour Ubuntu server.

Enter the password student when you areprompted to.

If you are using Windows, you can move files to yourserver with SSHSecureShellClient, which you can get here:

In the SSH session controlling your Ubuntu server,execute these commands:

Enter the password student if youare prompted to.

In the SSH session controlling your Ubuntu server,execute these commands:

If you see 'nothing to configure' that's OK.

In the SSH session controlling your Ubuntu server,execute this command:

You should seea version number,as shown below.

Installing Tomcat

For future reference, I got Tomcatfrom this page:http://tomcat.apache.org/download-90.cgi

In the SSH session controlling your Ubuntu server,execute these commands:

In the SSH session controlling your Ubuntu server,execute these commands:Add this line to the bottom of the file,as shown below.Save the file with Java Jdk-8u144 Mac DownloadCtrl+X, Y,Enter.

In the SSH session controlling your Ubuntu server,execute this command to set the new environment variable:

In the SSH session controlling your Ubuntu server,execute this command to start Tomcat:Tomcat starts,as shown below.

On your host system,in a Web browser, openthis URL,replacing the IP address with the IP address ofyour Ubuntu server.

http://172.16.1.178:8080/

You see an Apache Tomcat page,as shown below.

Install unzip

In the SSH session controlling your Ubuntu server,execute these commands:

Install Struts2 (Old, Vulnerable Version)

In the SSH session controlling your Ubuntu server,execute these commands:

Install Maven

In the SSH session controlling your Ubuntu server,execute these commands:Add this line to the bottom of the file,as shown below.

Save the file with Ctrl+X, Y,Enter.

In the SSH session controlling your Ubuntu server,execute this command to set the new environment variable:

In the SSH session controlling your Ubuntu server,execute this command:You see a version number,as shown below.

Creating a Project

In the SSH session controlling your Ubuntu server,execute these commands:Many pages of 'Downloading' messagesscroll by.

When you see the message:'Define value for property 'version' 1.0-SNAPSHOT: :',press Enter.

When you see the message:'Y: :',press Enter.

You see a 'BUILD SUCCESS' message,as shown below.

In the SSH session controlling your Ubuntu server,execute these commands:

The file opens, as shown below.This is an XML configuration file.

At the bottom of the file,in the 'build' section,change myWebApp tobasic_struts,so it is as shown below:

At the bottom of the file,in the 'dependencies' section,add a new 'dependency' section,as shown below:Include in the “dependencies” Section:

Save the file with Ctrl+X, Y,Enter.

To make your web app,in the SSH session controlling your Ubuntu server,execute this command:

Many pages of 'Downloading' messages scroll by, ending witha green 'BUILD SUCCESS' message,as shown below.

This has created a 'war' file, ready to deploy,at this location:

~/myWebApp/target/basic_struts.war

However, we don't actually need that application.We'll deploy a different one later.

Comfiguring Web-Based Deployment

In the SSH session controlling your Ubuntu server,execute these commands:Add this line to the bottom of the file,as shown below.

Save the file with Ctrl+X, Y,Enter.

In the SSH session controlling your Ubuntu server,execute this command to set the new environment variable:

Now we need to adjust the tomcat configurationto allow administration from remote addresses.

In the SSH session controlling your Ubuntu server,execute this command:

The 'tomcat-users' section contain onlycomments, as shown below.

Insert these lines into the 'tomcat-users' section,as shown below.

Save the file with Ctrl+X, Y,Enter.

In the SSH session controlling your Ubuntu server,execute this command:

Insert these lines into the file,as shown below.

Save the file with Ctrl+X, Y,Enter.

In the SSH session controlling your Ubuntu server,execute these commands to restart Tomcat.It may take a few minutes to shut down the firsttime--that's OK.

Tomcat restarts,as shown below.

Opening the Web-Based Administration Page

On your host system,in a Web browser, openthis URL,replacing the IP address with the IP address ofyour Ubuntu server.

http://172.16.1.198:8080/manager

A box pops up asking for credentials.Enter these credentials:

Username: admin
Password: admin

In the 'Tomcat Web Application Manager'page, scroll down to the'Deploy' section,as shown below.

If you can't open the manager page,check the log with this command:When I did it, I had an error in the manager.xml file.

Downloading a Vulnerable Web App

On your host system,in a Web browser,go to:

On the right side,click the Download button.

You get a file named struts2_2.3.15.1-showcase.war

Deploying the Vulnerable Web App

In the 'Tomcat Web Application Manager'page, in the'Deploy' section,in the 'WAR file to deploy' section,click the 'Choose File' button.

Navigate to your Downloads folder anddouble-click thestruts2_2.3.15.1-showcase.warfile.

Click the Deploy button.

The Tomcat page now shows the/struts2_2.3.15.1-showcase applicationat the bottom of the Applicationssection,as shown below.

Click /struts2_2.3.15.1-showcase.

The 'Struts2 Showcase' page appears,as shown below.

Saving the Screen Image

Make sure the 'Struts2 Showcase' message is visibleat the top left of thepage, as shown above.

Save a whole-desktop screen capturewith a filename of 'Proj 9xa from YOUR NAME'.

Attacking from Metasploit

Launch Kali.

In a Terminal window,execute these commands to updateMetasploit:

In Kali,execute this command to launchMetasploit:In Metasploit, execute this commandto find 'struts' exploits:Several exploits are found,as shown below. We'll use the first one,from March of 2017.

In Metasploit, execute these commandsto select the exploit, show options,set the target and vulnerable URI, and exploit it.

Replace the IP address with the IP address ofyour Ubuntu server.

The exploit fails,as shown below.

What's the problem? When all else fails,consult the documentation.

Open this page:

Ths documentation says to try a 'cmd/*' payload,as shown below.

In Metasploit, execute these commandsto select show available payloads:

Scroll back up several pages to seethe 'cmd' payloads,as shown below.

In Metasploit, execute these commandsto set the current payload to 'cmd/unix/generic',and show its options:

We need to choose a Linuxcommand and put it in the 'CMD'parameter,as shown below.Java

In Metasploit, execute these commandsto set CMD to 'touch /tmp/foo'and exploit the target:

The exploit completes, as shown below.

In the SSH session controlling your Ubuntu server,execute this command:

The file 'foo' was created,as shown below. We have some control of thetarget!

In Metasploit, execute these commandsto use the 'cmd/unix/bind_netcat'payloadand exploit the target:

The exploit completes, as shown below,and opens a shell. There is no prompt,but you can execute commands like 'whoami'and 'ls'.

Saving the Screen Image

Make sure the'set PAYLOAD cmd/unix/bind_netcat'and'Command shell session opened'messages are visible,as shown above.

Save a whole-desktop screen capturewith a filename of 'Proj 9xb from YOUR NAME'.

Turning In Your Project

Email the image to [email protected] with a subject of'Project 9x from YOUR NAME'.

Sources

Struts 2 Getting-Started on Ubuntu 14.04 Trusty LTS Linux Easy Guide
Apache Struts Jakarta Multipart Parser OGNL Injection
How can I install Sun/Oracle's proprietary Java JDK 6/7/8 or JRE?
Maven 3 How-to Generate a Java Web App Project on Ubuntu Linux Easy Guide
Struts 2 Blank Archetype
How does one set up/install struts on Ubuntu or a Nix machine?
Maven can't find Struts2 dependencies
Apache Tomcat 8 Apps Manager Quick-Start on Linux/Unix
CVE-2017-5638 - Apache Struts2 S2-045
Add Apache Struts 2 REST Plugin XStream RCE #8924
Posted 9-7-17 by Sam Bowne
Updated 9-8-17

This topic includes the following sections:

System Requirements for Installing the JDK on macOS

The following are the system requirements for installing the JDK on macOS:

  • Any Intel-based computer running macOS.

  • Administrator privileges.

    You cannot install Java for a single user. Installing the JDK on macOS is performed on a systemwide basis for all users. Administrator privileges are required to install the JDK on macOS.

Determining the Default JDK Version on macOS

When starting a Java application through the command line, the system uses the default JDK.

There can be multiple JDKs installed on the macOS system.

You can determine which version of the JDK is the default by entering java -version in a Terminal window. If the installed version is 13 Interim 0, Update 0, and Patch 0, then you see a string that includes the text 13. For example:

To run a different version of Java, either specify the full path, or use the java_home tool. For example:

$ /usr/libexec/java_home -v 13 --exec javac -version

Installing the JDK on macOS

  1. Download the JDK .dmg file, jdk-13.interim.update.patch_osx-x64_bin.dmg.

    Before the file can be downloaded, you must accept the license agreement.

  2. From either the browser Downloads window or from the file browser, double-click the .dmg file to start it.
    A Finder window appears that contains an icon of an open box and the name of the .pkg file.
  3. Double-click the JDK 13.pkg icon to start the installation application.
    The installation application displays the Introduction window.
  4. Click Continue.
  5. Click Install.
    A window appears that displays the message: Installer is trying to install new software. Enter your password to allow this.
  6. Enter the Administrator user name and password and click Install Software.
    The software is installed and a confirmation window is displayed.
After the software is installed, you can delete the .dmg file if you want to save disk space.

Uninstalling the JDK on macOS

You must have Administrator privileges.

Note:

Do not attempt to uninstall Java by removing the Java tools from /usr/bin. This directory is part of the system software and any changes will be reset by Apple the next time that you perform an update of the OS.

  1. Go to /Library/Java/JavaVirtualMachines.
  2. Remove the directory whose name matches the following format by executing the rm command as a root user or by using the sudo tool:
    /Library/Java/JavaVirtualMachines/jdk-13.interim.update.patch.jdk

    For example, to uninstall 13 Interim 0 Update 0 Patch 0:

    $ rm -rf jdk-13.jdk

Installation FAQ on macOS Platform

This topic provides answers for the following frequently asked questions about installing JDK on macOS computers.

1. How do I find out which version of Java is the system default?

When you run a Java application from the command line, it uses the default JDK. If you do not develop Java applications, then you do not need to worry about this. See Determining the Default JDK Version on macOS.

2. How do I uninstall Java?

See Uninstalling the JDK on macOS.

3. After installing Java for macOS 2012-006, can I continue to use Apple's Java 6 alongside the macOS JDK for Java 13?

If you want to continue to develop with Java 6 using command-line, then you can modify the startup script for your favorite command environment. For bash, use this:

$ export JAVA_HOME=`/usr/libexec/java_home -v 13`

Java Jdk 8u144

Some applications use /usr/bin/java to call Java. After installing Java for macOS 2012-006, /usr/bin/java will find the newest JDK installed, and will use that for all of the Java-related command-line tools in /usr/bin. You may need to modify those applications to find Java 6, or contact the developer for a newer version of the application.

4. What happened to the Java Preferences app in Application Utilities?

Java Jdk-8u144 Mac Download Windows 10

The Java Preferences app was part of the Apple Java installation and is not used by Oracle Java. Therefore, macOS releases from Apple that do not include Apple Java will not include Java Preferences.