This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Preparatory Steps (Only needs to be done once!) | |
------------------------------------------------- | |
1. Install Java | |
----------- | |
(MAC) https://tejaksha-k.medium.com/a-step-by-step-guide-to-installing-java-on-macos-5188bfdf99d7 | |
(WIN) https://www.java.com/download/ie_manual.jsp | |
2. Install Maven | |
----------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Imagine you have an online store that's built using the Java programming language. Your developers used a popular library called Jackson to handle customer data, like names and addresses. Jackson is usually safe, but it has a hidden danger - under certain settings, hackers can sneak in malicious code along with regular customer information. If you're not careful, that hacker code will run on your servers, letting criminals take over your whole website! | |
Here's the scary part - turning on this dangerous setting is as easy as adding one line of code to your Java application. It's called "enableDefaultTyping" and it tells Jackson to accept any kind of data, even if it might be dangerous. A lot of other Java applications use Jackson too, and many of them had this risky setting turned on without realizing it. | |
If hackers successfully exploit this flaw in your online store, they could do all sorts of nasty things - steal your customers' private information, vandalize your website, or even use your servers to attack |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Build the project | |
# spin up a shell prompt | |
git clone https://github.com/conikeec/jackspoilt.git | |
cd jackspoilt | |
# compile and package | |
mvn clean package | |
# verify if gadgets are avaliable to exploit (refer blog) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"public_identifier": "conikee", | |
"profile_pic_url": "https://s3.us-west-000.backblazeb2.com/proxycurl/person/conikee/profile?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0004d7f56a0400b0000000001%2F20240319%2Fus-west-000%2Fs3%2Faws4_request&X-Amz-Date=20240319T185441Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=cf3cf67132f6d8abba1f6bfba67f9bc24db6986b4e117f1993b1c588de3b1775", | |
"background_cover_image_url": null, | |
"first_name": "Chetan", | |
"last_name": "Conikee", | |
"full_name": "Chetan Conikee", | |
"follower_count": 1618, | |
"occupation": "Founder and CTO at Qwiet", | |
"headline": "Founder and Chief Technology Officer at Qwiet.ai, Seed Investor", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package demo1 | |
import com.espertech.esper.client.EventBean | |
import com.espertech.esper.client.EPAdministrator | |
import com.espertech.esper.client.UpdateListener | |
import com.espertech.esper.client.EPListenable | |
import com.espertech.esper.client.EPServiceProvider | |
object EsperUtil { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# KAFKA INSTALLER: | |
# downloads, un-tars, moves to $HOME/local, simlinks from full versioned name | |
# to kafka, exports into path in `.zshrc`, and then starts | |
# zookeeper and kafka server | |
brew install sbt # ensure sbt is installed first! | |
# current kafka for scala 2.12: http://apache.claz.org/kafka/0.10.2.0/kafka_2.12-0.10.2.0.tgz | |
SCALA_VERSION="2.12" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.Properties | |
import kafka.server.KafkaServer | |
import kafka.server.KafkaConfig | |
import kafka.producer.ProducerConfig | |
import kafka.producer.Producer | |
import kafka.message.Message | |
import kafka.producer.ProducerData | |
import kafka.consumer.ConsumerConfig | |
import kafka.consumer.Consumer | |
import kafka.utils.Utils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.w3c.dom.Document; | |
import org.xml.sax.SAXException; | |
import javax.xml.parsers.DocumentBuilderFactory; | |
import javax.xml.parsers.ParserConfigurationException; | |
import java.io.ByteArrayInputStream; | |
import java.io.IOException; | |
class DocumentBuilder { | |
static Document getDocument(String content) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static Assembly Compile(string[] sources, bool isDebug, string tempDir, params AssemblyName[] referencedAssemblies) | |
{ | |
var assemblyFileName = tempDir + "gen" + Guid.NewGuid().ToString().Replace("-", "") + ".dll"; | |
var assemblyPath = Path.GetFullPath(assemblyFileName); | |
var compilation = Compilation.Create(assemblyFileName, | |
new CompilationOptions(OutputKind.DynamicallyLinkedLibrary)) | |
.AddSyntaxTrees(from source in sources | |
select SyntaxTree.ParseCompilationUnit(source)) | |
.AddReferences(from ass in referencedAssemblies |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public static Assembly Compile(string[] sources, bool isDebug, string tempDir, params AssemblyName[] referencedAssemblies) | |
{ | |
var codeProvider = new CSharpCodeProvider(new Dictionary<string, string> {{"CompilerVersion", "v4.0"}}); | |
var assemblyReferences = new[] | |
{ | |
"System.dll", | |
"System.Core.dll", | |
"mscorlib.dll" | |
} |
NewerOlder