View SystemProfiler.java
import java.awt.GraphicsDevice; | |
import java.awt.GraphicsEnvironment; | |
import java.io.File; | |
import java.lang.management.ManagementFactory; | |
import java.net.InetAddress; | |
import java.net.NetworkInterface; | |
import java.util.ArrayList; | |
import java.util.Enumeration; | |
import java.util.Locale; | |
import java.util.TimeZone; |
View ExceptionalLaunder.java
/** | |
* A toy example of laundering data through the use of the program stack and exception control flow paths | |
* The input data drives how two methods recursively call each other. If the next input value is a 0 then | |
* the _0 method is called, likewise a 1 calls the _1 method. When there is no more data an Exception is thrown | |
* with the following stack trace. The Exception is caught and the stack trace is used to recover the data. | |
* | |
* java.lang.StringIndexOutOfBoundsException: String index out of range: 0 | |
* at java.lang.String.charAt(String.java:658) | |
* at ExceptionalLaunder._0(ExceptionalLaunder.java:39) |
View DataFlowLaunder.java
/** | |
* A toy example of laundering data through "implicit dataflow paths" | |
* The launder method uses the input data to reconstruct a new result | |
* with the same value as the original input. | |
* | |
* @author Ben Holland | |
*/ | |
public class DataflowLaunder { |
View ExampleClass.java
/** | |
* Playing around with inner classes and control flow | |
* @author Ben Holland | |
*/ | |
public class ExampleClass { | |
// static initializer | |
static { | |
// anonymous inner class | |
new ExampleClass() { |
View injection.py
#!/usr/bin/python | |
import sys | |
import getopt | |
import urllib2 | |
# define hexEncode function | |
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x]) | |
def main(argv): |
View InsideOut.java
public class InsideOut { | |
public static void main(String[] args){ | |
System.out.println(new OutsideIn().toString()); | |
} | |
public InsideOut() {} | |
@Override | |
public String toString(){ |
View UnicodeEvil.java
public class UnicodeEvil { | |
public static void main(String[] args) { | |
print("Hello"); | |
/* | |
* TODO: print World in unicode | |
* \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A | |
*/ | |
print("World"); |
View SendmailCrackaddr.java
package sendmail_crackaddr; | |
/** | |
* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien | |
* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf | |
* | |
* Outputs: | |
* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200 | |
* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57) | |
* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20) |
View ExpandedExceptionalLaunder.java
public class ExpandedExceptionalLaunder { | |
public static void main(String[] args) { | |
String sensitive = "SECRET_DATA"; | |
try { | |
pilfer(sensitive); | |
} catch (Exception e){ | |
leak(errorReport(e)); | |
} | |
} |
View PrivateMethodReflection.java
import java.lang.reflect.Method; | |
import java.util.Random; | |
public class PrivateMethodReflection { | |
public static void main(String[] args) throws Exception { | |
Person person = new Person("Bob"); | |
System.out.println("Name: " + person.getName()); |
OlderNewer