Ben Holland benjholla

## SystemProfiler.java
import java.awt.GraphicsDevice;
import java.awt.GraphicsEnvironment;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Locale;
import java.util.TimeZone;

## ExceptionalLaunder.java

/**
 * A toy example of laundering data through the use of the program stack and exception control flow paths
 * The input data drives how two methods recursively call each other.  If the next input value is a 0 then
 * the _0 method is called, likewise a 1 calls the _1 method.  When there is no more data an Exception is thrown
 * with the following stack trace.  The Exception is caught and the stack trace is used to recover the data.
 *
 * java.lang.StringIndexOutOfBoundsException: String index out of range: 0
 *	at java.lang.String.charAt(String.java:658)
 *	at ExceptionalLaunder._0(ExceptionalLaunder.java:39)

## DataFlowLaunder.java

/**
 * A toy example of laundering data through "implicit dataflow paths"
 * The launder method uses the input data to reconstruct a new result
 * with the same value as the original input.
 *
 * @author Ben Holland
 */
public class DataflowLaunder {

## ExampleClass.java
/**
 * Playing around with inner classes and control flow
 * @author Ben Holland
 */
public class ExampleClass {

	// static initializer
	static {
		// anonymous inner class
		new ExampleClass() {

## injection.py
#!/usr/bin/python

import sys
import getopt
import urllib2

# define hexEncode function
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])

def main(argv):

## InsideOut.java
public class InsideOut {

	public static void main(String[] args){
		System.out.println(new OutsideIn().toString());
	}

	public InsideOut() {}

	@Override
	public String toString(){

## UnicodeEvil.java
public class UnicodeEvil {

	public static void main(String[] args) {
		print("Hello");

		/*
		 * TODO: print World in unicode
		 * \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A
		 */
		print("World");

## SendmailCrackaddr.java
package sendmail_crackaddr;

/**
 * A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
 * Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
 *
 * Outputs:
 * Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
 *  at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
 *  at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)

## ExpandedExceptionalLaunder.java
public class ExpandedExceptionalLaunder {

	public static void main(String[] args) {
		String sensitive = "SECRET_DATA";
		try {
			pilfer(sensitive);
		} catch (Exception e){
    		leak(errorReport(e));
		}
	}

## PrivateMethodReflection.java
import java.lang.reflect.Method;
import java.util.Random;

public class PrivateMethodReflection {

	public static void main(String[] args) throws Exception {

		Person person = new Person("Bob");
		System.out.println("Name: " + person.getName());