Skip to content

Instantly share code, notes, and snippets.

Avatar

Ben Holland benjholla

View GitHub Profile
@benjholla
benjholla / SystemProfiler.java
Created May 6, 2014
Grabbing system profile metrics via Java
View SystemProfiler.java
import java.awt.GraphicsDevice;
import java.awt.GraphicsEnvironment;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Locale;
import java.util.TimeZone;
@benjholla
benjholla / ExceptionalLaunder.java
Created Sep 11, 2014
Dataflow laundering with exceptions
View ExceptionalLaunder.java
/**
* A toy example of laundering data through the use of the program stack and exception control flow paths
* The input data drives how two methods recursively call each other. If the next input value is a 0 then
* the _0 method is called, likewise a 1 calls the _1 method. When there is no more data an Exception is thrown
* with the following stack trace. The Exception is caught and the stack trace is used to recover the data.
*
* java.lang.StringIndexOutOfBoundsException: String index out of range: 0
* at java.lang.String.charAt(String.java:658)
* at ExceptionalLaunder._0(ExceptionalLaunder.java:39)
View DataFlowLaunder.java
/**
* A toy example of laundering data through "implicit dataflow paths"
* The launder method uses the input data to reconstruct a new result
* with the same value as the original input.
*
* @author Ben Holland
*/
public class DataflowLaunder {
@benjholla
benjholla / ExampleClass.java
Last active Aug 29, 2015
Using static and instance initializers to invoke a private method on an anonymous inner class
View ExampleClass.java
/**
* Playing around with inner classes and control flow
* @author Ben Holland
*/
public class ExampleClass {
// static initializer
static {
// anonymous inner class
new ExampleClass() {
@benjholla
benjholla / injection.py
Last active Aug 29, 2015
NCDC2015 WWW Command Injection
View injection.py
#!/usr/bin/python
import sys
import getopt
import urllib2
# define hexEncode function
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])
def main(argv):
@benjholla
benjholla / InsideOut.java
Created Feb 13, 2015
An Java inner class that extends its outer class (cause...why not?)
View InsideOut.java
public class InsideOut {
public static void main(String[] args){
System.out.println(new OutsideIn().toString());
}
public InsideOut() {}
@Override
public String toString(){
@benjholla
benjholla / UnicodeEvil.java
Created Mar 6, 2015
Some fun with Unicode. The main method calls the print method 3 times.
View UnicodeEvil.java
public class UnicodeEvil {
public static void main(String[] args) {
print("Hello");
/*
* TODO: print World in unicode
* \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A
*/
print("World");
@benjholla
benjholla / SendmailCrackaddr.java
Last active Aug 29, 2015
A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
View SendmailCrackaddr.java
package sendmail_crackaddr;
/**
* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
*
* Outputs:
* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
@benjholla
benjholla / PrivateMethodReflection.java
Created Apr 8, 2015
An example of using Java Reflection to invoke a private API method
View PrivateMethodReflection.java
import java.lang.reflect.Method;
import java.util.Random;
public class PrivateMethodReflection {
public static void main(String[] args) throws Exception {
Person person = new Person("Bob");
System.out.println("Name: " + person.getName());
@benjholla
benjholla / ExpandedExceptionalLaunder.java
Created Apr 8, 2015
An expanded example of the exception based dataflow laundering example
View ExpandedExceptionalLaunder.java
public class ExpandedExceptionalLaunder {
public static void main(String[] args) {
String sensitive = "SECRET_DATA";
try {
pilfer(sensitive);
} catch (Exception e){
leak(errorReport(e));
}
}
You can’t perform that action at this time.