Add Java CLI reverse-engineering challenges and bundle JAR variants

[Copilot]

This adds WrongSecrets challenges based on the new Java CLIs introduced in OWASP/wrongsecrets-binaries#130. It covers both the plain and obfuscated Java variants and includes the relevant bundled artifacts, including CTF builds.

• New challenges

  • Add Challenge65 for the plain Java CLI JAR
  • Add Challenge66 for the obfuscated Java CLI JAR
  • Register both challenges in wrong-secrets-configuration.yaml with matching explanation, hint, and reason content

• Java JAR execution support

  • Extend BinaryExecutionHelper to execute runnable JARs via java -jar
  • Reuse the existing binary challenge flow so spoil() resolves the embedded secret from the packaged CLI rather than duplicating logic in application code

• Bundled Java artifacts

  • Add the Java CLI variants under src/main/resources/executables/
    • wrongsecrets-java.jar
    • wrongsecrets-java-obfuscated.jar
    • wrongsecrets-java-ctf.jar
    • wrongsecrets-java-obfuscated-ctf.jar
  • Update .gitignore so these tracked JARs can live alongside the existing executable assets

• Challenge docs and tests

  • Add focused AsciiDoc content for both Java challenges
  • Add challenge tests covering the new plain and obfuscated JAR-backed flows

Example of the new execution path:

@Override
public String getAnswer() {
  BinaryExecutionHelper helper = new BinaryExecutionHelper(65, new MuslDetectorImpl());
  return helper.executeJavaJar("", "wrongsecrets-java.jar");
}

[commjoen]

@copilot can you be more explicit in the steps here please? what does the user exactly need to do?

[Copilot]

Updated with explicit step-by-step instructions for decompiling, inspecting bytecode, and running the JAR locally in 928795e.

[github-actions]

🌐 GitHub Pages Preview Ready!

Your static preview is now available at:
🔗 Preview PR #2523

📄 What's included:

• ✅ All CSS, JavaScript, and static assets (embedded inline)
• ✅ Current styling and layout preview
• ✅ Images, icons, and UI components
• ✅ NEW: Generated HTML from Thymeleaf templates
  • 🏠 Home/Welcome Page
  • ℹ️ About Page
  • 📊 Stats & Config Page
  • 🤖 Challenge 57: LLM Security (Latest)
  • 🧩 Challenge Example

For full functionality testing: Use the Docker preview instead.

🔄 Auto-updates: This preview will be updated automatically when you push new commits to this PR.

---

_{Static preview with Thymeleaf generation by GitHub Actions}

[github-actions]

🔨 Preview Build Complete!

Your changes have been built and pushed to GitHub Container Registry.

🐳 Docker Image: ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2523-6714add

📦 Download & Test Locally:

1. 📁 Download Docker Image Artifact (look for wrongsecrets-preview-pr-2523)
2. Load and run the image:

# Download the artifact, extract it, then:
docker load < wrongsecrets-preview.tar
docker run -p 8080:8080 -p 8090:8090 wrongsecrets-preview

🚀 Alternative - Pull from Registry:

docker pull ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2523-6714add
docker run -p 8080:8080 -p 8090:8090 ghcr.io/owasp/wrongsecrets/wrongsecrets-pr:pr-2523-6714add

Then visit: http://localhost:8080

📝 Changes in this PR:
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge65.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge66.java
- src/main/java/org/owasp/wrongsecrets/challenges/docker/binaryexecution/BinaryExecutionHelper.java
- src/main/resources/explanations/challenge65.adoc
- src/main/resources/explanations/challenge65_hint.adoc
- src/main/resources/explanations/challenge65_reason.adoc
- src/main/resources/explanations/challenge66.adoc
- src/main/resources/explanations/challenge66_hint.adoc
- src/main/resources/explanations/challenge66_reason.adoc

Visual diff screenshots will be available shortly...

---

_{Preview built by GitHub Actions}

[github-actions]

📸 Visual Diff Ready!

Screenshots comparing your changes with the main branch are available:

📁 Download Visual Diff Artifacts

🖼️ Included screenshots:

• pr-home.png vs main-home.png - Welcome page comparison
• pr-about.png vs main-about.png - About page comparison
• pr-challenge.png vs main-challenge.png - Challenge page comparison

🔍 How to review:

1. Download the artifact zip file
2. Extract and compare the pr-* and main-* images side by side
3. Look for visual differences in layout, styling, and content

💡 Tip: Use an image comparison tool or open both images in separate browser tabs to spot differences easily.

---

_{Visual diff generated by GitHub Actions • PR #2523}