Java Applet AccessControlException
I am doing a security course and a module on client side attacks, which is why this post might seem evil or outdated.
I have a Java applet fetching a malicious jar file and trying to then download and execute a malicious binary on a Windows 7 host.
When debugging the applet in Java Console I am getting the following error:
basic: Applet resized and added to parent container
basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 186710 us, pluginInit dt 8044964 us, TotalTime: 8231674 us
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.io.tmpdir" "read")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at sun.plugin2.applet.AWTAppletSecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at Java.init(Java.java:19)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
basic: Removed progress listener: sun.plugin.util.ProgressMonitorAdapter@1089de1
security: Reset deny session certificate store
I believe this corresponds with the below line of code:
String tmpdir = System.getProperty("java.io.tmpdir") + File.separator;
The applet has been compiled as below...
/opt/jdk1.7.0_80/bin/javac Java.java
echo "Permissions: all-permissions" > /root/manifest.txt
/opt/jdk1.7.0_80/bin/jar cvfm Java.jar /root/manifest.txt Java.class
keytool -genkey -alias signapplet -keystore mykeystore -keypass mykeypass -storepass password123
jarsigner -keystore mykeystore -storepass password123 -keypass password123 -signedjar SignedJava.jar Java.jar signapplet
I think the solution is something like that detailed here but I'm not sure what exactly to add to my code in order to bypass this restriction. I have all-permissions set in a manifest file on my local Kali box but I don't know enough about Java to know if this should or should not be fixing my error.
echo "Permissions: all-permissions" > /root/manifest.txt
What do I need to change to fix this exception and have my applet run?
