Skip to content

Instantly share code, notes, and snippets.

Ben Holland benjholla

Block or report user

Report or block benjholla

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@benjholla
benjholla / SystemProfiler.java
Created May 6, 2014
Grabbing system profile metrics via Java
View SystemProfiler.java
import java.awt.GraphicsDevice;
import java.awt.GraphicsEnvironment;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Locale;
import java.util.TimeZone;
@benjholla
benjholla / ExceptionalLaunder.java
Created Sep 11, 2014
Dataflow laundering with exceptions
View ExceptionalLaunder.java
/**
* A toy example of laundering data through the use of the program stack and exception control flow paths
* The input data drives how two methods recursively call each other. If the next input value is a 0 then
* the _0 method is called, likewise a 1 calls the _1 method. When there is no more data an Exception is thrown
* with the following stack trace. The Exception is caught and the stack trace is used to recover the data.
*
* java.lang.StringIndexOutOfBoundsException: String index out of range: 0
* at java.lang.String.charAt(String.java:658)
* at ExceptionalLaunder._0(ExceptionalLaunder.java:39)
View DataFlowLaunder.java
/**
* A toy example of laundering data through "implicit dataflow paths"
* The launder method uses the input data to reconstruct a new result
* with the same value as the original input.
*
* @author Ben Holland
*/
public class DataflowLaunder {
@benjholla
benjholla / ExampleClass.java
Last active Aug 29, 2015
Using static and instance initializers to invoke a private method on an anonymous inner class
View ExampleClass.java
/**
* Playing around with inner classes and control flow
* @author Ben Holland
*/
public class ExampleClass {
// static initializer
static {
// anonymous inner class
new ExampleClass() {
@benjholla
benjholla / injection.py
Last active Aug 29, 2015
NCDC2015 WWW Command Injection
View injection.py
#!/usr/bin/python
import sys
import getopt
import urllib2
# define hexEncode function
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])
def main(argv):
@benjholla
benjholla / InsideOut.java
Created Feb 13, 2015
An Java inner class that extends its outer class (cause...why not?)
View InsideOut.java
public class InsideOut {
public static void main(String[] args){
System.out.println(new OutsideIn().toString());
}
public InsideOut() {}
@Override
public String toString(){
@benjholla
benjholla / UnicodeEvil.java
Created Mar 6, 2015
Some fun with Unicode. The main method calls the print method 3 times.
View UnicodeEvil.java
public class UnicodeEvil {
public static void main(String[] args) {
print("Hello");
/*
* TODO: print World in unicode
* \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A
*/
print("World");
@benjholla
benjholla / SendmailCrackaddr.java
Last active Aug 29, 2015
A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
View SendmailCrackaddr.java
package sendmail_crackaddr;
/**
* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
*
* Outputs:
* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
@benjholla
benjholla / PrivateMethodReflection.java
Created Apr 8, 2015
An example of using Java Reflection to invoke a private API method
View PrivateMethodReflection.java
import java.lang.reflect.Method;
import java.util.Random;
public class PrivateMethodReflection {
public static void main(String[] args) throws Exception {
Person person = new Person("Bob");
System.out.println("Name: " + person.getName());
@benjholla
benjholla / ExpandedExceptionalLaunder.java
Created Apr 8, 2015
An expanded example of the exception based dataflow laundering example
View ExpandedExceptionalLaunder.java
public class ExpandedExceptionalLaunder {
public static void main(String[] args) {
String sensitive = "SECRET_DATA";
try {
pilfer(sensitive);
} catch (Exception e){
leak(errorReport(e));
}
}
You can’t perform that action at this time.