Skip to content

Instantly share code, notes, and snippets.

Avatar

Ben Holland benjholla

View GitHub Profile
@benjholla
benjholla / LFSRQuineRelay.java
Last active Jan 27, 2016
A quine-relay with the state of a Linear Feedback Shift Register embedded in and updated by one shift operation for each successive output quine.
View LFSRQuineRelay.java
/**
* A quine-relay with the state of a Linear Feedback Shift Register embedded
* in and updated by one shift operation for each successive output quine.
*
* @author Ben Holland
*/
public class LFSRQuineRelay {
public static void main(String[] args) {
// initialize the register, any non-zero start state is valid
boolean[] register = {true, false, false, true, false, false, true, false, true, true, true};
@benjholla
benjholla / NondeterministicOuroboros_0.java
Last active Jan 26, 2016
Inspired by quine computing, this is a nondeterministic ouroboros program that produces a random program that in turn produces another random program. Currently, at most 2^64 unique programs could be produced, but since the JVM allows for up to 65535 characters (including most unicode characters) in valid class names this could easily be increased.
View NondeterministicOuroboros_0.java
public class NondeterministicOuroboros_0 {
public static void main(String[] args) {
Long id = 0L;
char quote = 34;
String[] code = {
"public class NondeterministicOuroboros_0 {",
" public static void main(String[] args) {",
" Long id = 0L;",
" char quote = 34;",
" String[] code = {",
@benjholla
benjholla / ExpandedDataFlowLaunder.java
Last active Aug 29, 2015
An expanded example of a dataflow laundering scheme
View ExpandedDataFlowLaunder.java
import java.math.BigInteger;
public class ExpandedDataFlowLaunder {
public static void main(String args[]) {
String sensitive = toHex("SECRET_DATA");
leak(launder(sensitive));
}
// a method that should never get sensitive data...
@benjholla
benjholla / ExpandedExceptionalLaunder.java
Created Apr 8, 2015
An expanded example of the exception based dataflow laundering example
View ExpandedExceptionalLaunder.java
public class ExpandedExceptionalLaunder {
public static void main(String[] args) {
String sensitive = "SECRET_DATA";
try {
pilfer(sensitive);
} catch (Exception e){
leak(errorReport(e));
}
}
@benjholla
benjholla / PrivateMethodReflection.java
Created Apr 8, 2015
An example of using Java Reflection to invoke a private API method
View PrivateMethodReflection.java
import java.lang.reflect.Method;
import java.util.Random;
public class PrivateMethodReflection {
public static void main(String[] args) throws Exception {
Person person = new Person("Bob");
System.out.println("Name: " + person.getName());
@benjholla
benjholla / SendmailCrackaddr.java
Last active Aug 29, 2015
A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
View SendmailCrackaddr.java
package sendmail_crackaddr;
/**
* A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
* Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf
*
* Outputs:
* Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200
* at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57)
* at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20)
@benjholla
benjholla / UnicodeEvil.java
Created Mar 6, 2015
Some fun with Unicode. The main method calls the print method 3 times.
View UnicodeEvil.java
public class UnicodeEvil {
public static void main(String[] args) {
print("Hello");
/*
* TODO: print World in unicode
* \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A
*/
print("World");
@benjholla
benjholla / InsideOut.java
Created Feb 13, 2015
An Java inner class that extends its outer class (cause...why not?)
View InsideOut.java
public class InsideOut {
public static void main(String[] args){
System.out.println(new OutsideIn().toString());
}
public InsideOut() {}
@Override
public String toString(){
@benjholla
benjholla / injection.py
Last active Aug 29, 2015
NCDC2015 WWW Command Injection
View injection.py
#!/usr/bin/python
import sys
import getopt
import urllib2
# define hexEncode function
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])
def main(argv):
@benjholla
benjholla / ExampleClass.java
Last active Aug 29, 2015
Using static and instance initializers to invoke a private method on an anonymous inner class
View ExampleClass.java
/**
* Playing around with inner classes and control flow
* @author Ben Holland
*/
public class ExampleClass {
// static initializer
static {
// anonymous inner class
new ExampleClass() {
You can’t perform that action at this time.