Initial commit of Msf::Exploit::Java mixin and multi/browser/java_signed_applet exploit.

git-svn-id: file:///home/svn/framework3/trunk@8267 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-27 19:46:39 +00:00
parent 2f76affadb
commit cd5e5880d2
18 changed files with 817 additions and 10 deletions
@@ -0,0 +1,69 @@
+// Based on the example from http://www.java2s.com/Code/Java/JDK-6/CompilingfromMemory.htm
+
+package javaCompile;
+
+import java.net.URI;
+import java.util.Arrays;
+import java.util.List;
+import java.util.ArrayList;
+import java.lang.String;
+
+import javax.tools.JavaCompiler;
+import javax.tools.JavaFileObject;
+import javax.tools.SimpleJavaFileObject;
+import javax.tools.StandardJavaFileManager;
+import javax.tools.ToolProvider;
+import javax.tools.JavaFileObject.Kind;
+
+public class CompileSourceInMemory {
+
+	public static boolean CompileFromMemory(String strClass, String strCodeContent) {
+		String[] classNames	= { strClass };
+		String[] codeContent 	= { strCodeContent };
+		return CompileFromMemory(classNames, codeContent, null);
+	}
+
+	public static boolean CompileFromMemory(String[] classNames, String[] codeContent) {
+		return CompileFromMemory(classNames, codeContent, null);
+	}
+
+	public static boolean CompileFromMemory(String[] classNames, String[] codeContent, String[] compOptions) {
+		
+		List<String> compOptList = null;
+		if (compOptions != null) { compOptList = Arrays.asList(compOptions); }
+		
+		JavaCompiler compiler = ToolProvider.getSystemJavaCompiler();
+
+		// Need to add a check that classNames.length == codeContent.length, else we're fubared.
+		List<JavaFileObject> files = new ArrayList<JavaFileObject> () ;
+		int i = 0;
+		for (String codePage : codeContent) {
+			files.add(new JavaSourceFromString(classNames[i], codePage));
+			i++;
+		}
+
+		Iterable<? extends JavaFileObject> compilationUnits = files;
+		
+		JavaCompiler.CompilationTask task = compiler.getTask(null, null, null, compOptList, null, compilationUnits);
+		
+		boolean success = task.call();
+
+		return success;
+
+	}
+}
+
+class JavaSourceFromString extends SimpleJavaFileObject {
+	final String code;
+
+	JavaSourceFromString(String name, String code) {
+		super(URI.create("string:///" + name.replace('.','/') + Kind.SOURCE.extension),Kind.SOURCE);
+		this.code = code;
+	}
+
+	@Override
+	public CharSequence getCharContent(boolean ignoreEncodingErrors) {
+		return code;
+	}
+}
+
@@ -0,0 +1,51 @@
+// Source: http://www.java2s.com/Code/Java/File-Input-Output/CreateJarfile.htm
+
+package javaCompile;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.util.jar.JarEntry;
+import java.util.jar.JarOutputStream;
+import java.util.jar.Manifest;
+
+public class CreateJarFile {
+	public static int BUFFER_SIZE = 10240;
+	public static void createJarArchive(File archiveFile, File[] tobeJared) {
+		try {
+			byte buffer[] = new byte[BUFFER_SIZE];
+			// Open archive file
+			FileOutputStream stream = new FileOutputStream(archiveFile);
+			JarOutputStream out = new JarOutputStream(stream, new Manifest());
+
+			for (int i = 0; i < tobeJared.length; i++) {
+				if (tobeJared[i] == null || !tobeJared[i].exists()
+						|| tobeJared[i].isDirectory())
+					continue; // Just in case...
+				System.out.println("Adding " + tobeJared[i].getName());
+
+				// Add archive entry
+				JarEntry jarAdd = new JarEntry(tobeJared[i].getName());
+				jarAdd.setTime(tobeJared[i].lastModified());
+				out.putNextEntry(jarAdd);
+
+				// Write file to archive
+				FileInputStream in = new FileInputStream(tobeJared[i]);
+				while (true) {
+					int nRead = in.read(buffer, 0, buffer.length);
+					if (nRead <= 0)
+						break;
+					out.write(buffer, 0, nRead);
+				}
+				in.close();
+			}
+
+			out.close();
+			stream.close();
+			System.out.println("Adding completed OK");
+		} catch (Exception ex) {
+			ex.printStackTrace();
+			System.out.println("Error: " + ex.getMessage());
+		}
+	}
+}