This topic contains 1 reply, has 2 voices, and was last updated by DrTankHead 1 month, 3 weeks ago.
- February 27, 2021 at 7:17 pm #367470
Most malware is written in c or c++ but why that? Can you write effective undetected malware in Java or is it better to learn c/c++ cause Java is pretty easy to reverse engineer?
What’s the benefit of learning c in this case?
Ps: i don’t want to harm people with this, I’m just interested in how it works, how to bypass antivirus and so on. A good way of doing this is writing my own.
- February 27, 2021 at 7:17 pm #367475
Not to mention that C and C++ are the most stable platforms. Air traffic control, railways control, medical software, road traffic control, everything is written in C++ because you can’t afford a crash.
- February 27, 2021 at 7:17 pm #367476
No C is more powerfull
- February 27, 2021 at 7:17 pm #367473
If you’re trying to hack a jvm, then, sure.
- February 27, 2021 at 7:17 pm #367474
While I think it’s possible – One of the features of Java is that it was explicitly created to run inside a virtual machine and advertised to the user as being “safe” because it never touches your actual machine.
So it would be difficult, but technically, Java can get a hold of your built in OS hooks with the right permissions, so if you could figure out some method of privilege escalation you could use those to manipulate the OS (but it would be pretty limited). As far as loading it’s own payload, technically Java is not supposed to be able access any memory outside of the virtual machine, but you *could* use Java to run a script or a C program to then load a payload. Its probably not worth it though, because if you’re going to use C for part of it, you might as well use C for all of it.
You could use Java to run some really low key malware – like to pop launch popups or something disruptive, but it would be easy to kill by simply destroying the JVM. And you couldn’t really use it to do something like use up a lot of memory, because the JVM won’t let you. You could use it to create a bot net – but again, it would be really easy to root out and squash.
I wouldn’t choose Java to write malware, unless I just really wanted a challenge. Like – can you eat soup with a fork? Probably, if you try really hard, but nobody would choose to.
- February 27, 2021 at 7:17 pm #367472
Java code needs an interpreter to run the application, so your target needs to have java installed and universally available to any user or application. Then you need to somehow actually load and run the bytecode – which maybe blocked by an updated java runtime.
c/cpp can be compiled into a 10kb executable or a library that when placed into certain directories is run automatically without the need of any additional software – and most of the code (unless you depend on Win32/COM/posix specific vulnerabilities) can be compiled to any ISA or platform.
So in the end you can have universal code, with an even smaller platform specific payload 🙂
- February 27, 2021 at 7:17 pm #367471
Java has the benefit of cross-platform compatibility and better code obfuscation, however your attack vector is more narrow. Any browser worth its salt avoids downloading . jar, and in most cases a user has to go back in and mark the jar file as executable. You can bypass these of course, but for some its easier to target windows with Call based stuff, as you get the most results.
With any sort of attack, you have to ask what your attack vector and goal is. If you are targeting a niche field, you likely will get fewer results, but with better quality in the results. Great for attacking specific things.
Or there is a wider vector, with lower quality results.
Java is interesting to play with. It’s not like taboo to use, just most attacks go for the wider net.
Of course what you do is your own discretion and risk, but I hope maybe my response gave you some insight. Happy Hacking!
You must be logged in to reply to this topic.