Setting up a Vulnerable JRE and Firefox Plugin

In this brief tutorial, we will be installing a vulnerable version of the Java runtime environment and manually linking the corresponding Firefox plugin. As with any lab environment, it is good practice to begin with a clean, up-to-date OS and be wary of its network connections!

Finding Your Target JRE

Odds are, your package manager only keeps relatively new JRE's on file. So to go back in time, we need to visit Oracle's Java archives. In order to download past versions of Java you need to have a registered Oracle account and navigate to http://www.oracle.com/technetwork/java/javase/archive-139210.html.

From there you should be able to download your desired JRE in tar.gz form for your lab's architecture.

Install the JRE

Once we have a Java archive, we need to extract it to an installation directory (ie /usr/java).

cd /usr/java
tar zxvf /path/to/your/jre-version-linux-arch.tar.gz

If your project would benefit from quick access to the java binaries, you can add them to the path.

export PATH="/usr/java/jre/bin:$PATH"
source .bashrc

Install the Firefox Plugin

If your testing involves drive-by attacks, then we need to configure our new vulnerable JRE to be the environment for a web browser plugin. So to link the plugin to Firefox, symlink the libnpjp2.so file to your plugins directory.

cd ~/.mozilla/plugins

For a 32 bit plugin:

ln -s /path/to/jre/lib/i386/libnpjp2.so .

For a 64 bit plugin:

ln -s /path/to/jre/lib/amd64/libnpjp2.so .

Finally, double check your plugin by launching Firefox and navigating to about:plugins.

You should see your version with a (STATE_VULNERABLE_UPDATE_AVAILABLE). Success!

Leave a Reply

Your email address will not be published. Required fields are marked *