Skip to content

Instantly share code, notes, and snippets.

Ben Holland benjholla

Block or report user

Report or block benjholla

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@benjholla
benjholla / LFSRQuineRelay.java
Last active Jan 27, 2016
A quine-relay with the state of a Linear Feedback Shift Register embedded in and updated by one shift operation for each successive output quine.
View LFSRQuineRelay.java
/**
* A quine-relay with the state of a Linear Feedback Shift Register embedded
* in and updated by one shift operation for each successive output quine.
*
* @author Ben Holland
*/
public class LFSRQuineRelay {
public static void main(String[] args) {
// initialize the register, any non-zero start state is valid
boolean[] register = {true, false, false, true, false, false, true, false, true, true, true};
@benjholla
benjholla / NondeterministicOuroboros_0.java
Last active Jan 26, 2016
Inspired by quine computing, this is a nondeterministic ouroboros program that produces a random program that in turn produces another random program. Currently, at most 2^64 unique programs could be produced, but since the JVM allows for up to 65535 characters (including most unicode characters) in valid class names this could easily be increased.
View NondeterministicOuroboros_0.java
public class NondeterministicOuroboros_0 {
public static void main(String[] args) {
Long id = 0L;
char quote = 34;
String[] code = {
"public class NondeterministicOuroboros_0 {",
" public static void main(String[] args) {",
" Long id = 0L;",
" char quote = 34;",
" String[] code = {",
@benjholla
benjholla / ExpandedDataFlowLaunder.java
Last active Aug 29, 2015
An expanded example of a dataflow laundering scheme
View ExpandedDataFlowLaunder.java
import java.math.BigInteger;
public class ExpandedDataFlowLaunder {
public static void main(String args[]) {
String sensitive = toHex("SECRET_DATA");
leak(launder(sensitive));
}
// a method that should never get sensitive data...
@benjholla
benjholla / ExpandedExceptionalLaunder.java
Created Apr 8, 2015
An expanded example of the exception based dataflow laundering example
View ExpandedExceptionalLaunder.java
public class ExpandedExceptionalLaunder {
public static void main(String[] args) {
String sensitive = "SECRET_DATA";
try {
pilfer(sensitive);
} catch (Exception e){
leak(errorReport(e));
}
}
@benjholla
benjholla / PrivateMethodReflection.java
Created Apr 8, 2015
An example of using Java Reflection to invoke a private API method
View PrivateMethodReflection.java
import java.lang.reflect.Method;
import java.util.Random;
public class PrivateMethodReflection {
public static void main(String[] args) throws Exception {
Person person = new Person("Bob");
System.out.println("Name: " + person.getName());
@benjholla
benjholla / SendmailCrackaddr.java
Last active Aug 29, 2015
A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
View SendmailCrackaddr.java
package sendmail_crackaddr;
/**
* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
*
* Outputs:
* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
@benjholla
benjholla / UnicodeEvil.java
Created Mar 6, 2015
Some fun with Unicode. The main method calls the print method 3 times.
View UnicodeEvil.java
public class UnicodeEvil {
public static void main(String[] args) {
print("Hello");
/*
* TODO: print World in unicode
* \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A
*/
print("World");
@benjholla
benjholla / InsideOut.java
Created Feb 13, 2015
An Java inner class that extends its outer class (cause...why not?)
View InsideOut.java
public class InsideOut {
public static void main(String[] args){
System.out.println(new OutsideIn().toString());
}
public InsideOut() {}
@Override
public String toString(){
@benjholla
benjholla / injection.py
Last active Aug 29, 2015
NCDC2015 WWW Command Injection
View injection.py
#!/usr/bin/python
import sys
import getopt
import urllib2
# define hexEncode function
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])
def main(argv):
@benjholla
benjholla / ExampleClass.java
Last active Aug 29, 2015
Using static and instance initializers to invoke a private method on an anonymous inner class
View ExampleClass.java
/**
* Playing around with inner classes and control flow
* @author Ben Holland
*/
public class ExampleClass {
// static initializer
static {
// anonymous inner class
new ExampleClass() {
You can’t perform that action at this time.