![]() ![]() JD-GUI is a simple tool that allows you to decompile and view the code of JAR files. Once we have the file, we will analyse it with JD-GUI. The domain hxxp://fedex-tracking.fun is still up, so we can download the FedEx_Delivery_invoice.jar file from here. ![]() As shown in the XML code below, we can see that this JNLP file will be used to load and execute the JAR file FedEx_Delivery_invoice.jar from the domain hxxp://fedex-tracking.funĪs we know the name and location of the 2nd stage payload, we can try and download it. You can easily view the content of a JNLP file by changing the extension to XML and loading the file in a text editor like notepad++. They are generally quite simple and are not difficult to analyse. It is worth noting that to be susceptible to phishing via a JNLP the user will have to have java installed on their machine. ![]() JNLP files can be used to allow for applications hosted on a remote server to be launched locally. Javaws.exe is an application that is part of the Java Runtime Environment and is used to give internet functionality to java applications. A JNLP file is a java web file, which when clicked, the application javaws.exe will attempt to load and execute the file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |