Ben Holland benjholla
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.awt.GraphicsDevice; | |
| import java.awt.GraphicsEnvironment; | |
| import java.io.File; | |
| import java.lang.management.ManagementFactory; | |
| import java.net.InetAddress; | |
| import java.net.NetworkInterface; | |
| import java.util.ArrayList; | |
| import java.util.Enumeration; | |
| import java.util.Locale; | |
| import java.util.TimeZone; |
benjholla
/ ExceptionalLaunder.java
Created
September 11, 2014 19:43
Dataflow laundering with exceptions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * A toy example of laundering data through the use of the program stack and exception control flow paths | |
| * The input data drives how two methods recursively call each other. If the next input value is a 0 then | |
| * the _0 method is called, likewise a 1 calls the _1 method. When there is no more data an Exception is thrown | |
| * with the following stack trace. The Exception is caught and the stack trace is used to recover the data. | |
| * | |
| * java.lang.StringIndexOutOfBoundsException: String index out of range: 0 | |
| * at java.lang.String.charAt(String.java:658) | |
| * at ExceptionalLaunder._0(ExceptionalLaunder.java:39) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * A toy example of laundering data through "implicit dataflow paths" | |
| * The launder method uses the input data to reconstruct a new result | |
| * with the same value as the original input. | |
| * | |
| * @author Ben Holland | |
| */ | |
| public class DataflowLaunder { |
benjholla
/ ExampleClass.java
Last active
August 29, 2015 14:14
Using static and instance initializers to invoke a private method on an anonymous inner class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Playing around with inner classes and control flow | |
| * @author Ben Holland | |
| */ | |
| public class ExampleClass { | |
| // static initializer | |
| static { | |
| // anonymous inner class | |
| new ExampleClass() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import getopt | |
| import urllib2 | |
| # define hexEncode function | |
| hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x]) | |
| def main(argv): |
benjholla
/ InsideOut.java
Created
February 13, 2015 18:01
An Java inner class that extends its outer class (cause...why not?)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class InsideOut { | |
| public static void main(String[] args){ | |
| System.out.println(new OutsideIn().toString()); | |
| } | |
| public InsideOut() {} | |
| @Override | |
| public String toString(){ |
benjholla
/ UnicodeEvil.java
Created
March 6, 2015 16:54
Some fun with Unicode. The main method calls the print method 3 times.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class UnicodeEvil { | |
| public static void main(String[] args) { | |
| print("Hello"); | |
| /* | |
| * TODO: print World in unicode | |
| * \u002A\u002F\u0070\u0072\u0069\u006E\u0074\u0028\u0022\u0043\u0072\u0075\u0065\u006C\u0022\u0029\u003B\u002F\u002A | |
| */ | |
| print("World"); |
benjholla
/ SendmailCrackaddr.java
Last active
August 29, 2015 14:17
A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package sendmail_crackaddr; | |
| /** | |
| * A Java implementation of the toy example of the Sendmail Crackaddr flaw created by Thomas Dullien | |
| * Source: https://bytebucket.org/mihaila/bindead/wiki/resources/crackaddr-talk.pdf | |
| * | |
| * Outputs: | |
| * Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 200 | |
| * at sendmail_crackaddr.SendmailCrackaddr.copyIt(SendmailCrackaddr.java:57) | |
| * at sendmail_crackaddr.SendmailCrackaddr.main(SendmailCrackaddr.java:20) |
benjholla
/ PrivateMethodReflection.java
Created
April 8, 2015 21:45
An example of using Java Reflection to invoke a private API method
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.lang.reflect.Method; | |
| import java.util.Random; | |
| public class PrivateMethodReflection { | |
| public static void main(String[] args) throws Exception { | |
| Person person = new Person("Bob"); | |
| System.out.println("Name: " + person.getName()); |
benjholla
/ ExpandedExceptionalLaunder.java
Created
April 8, 2015 21:51
An expanded example of the exception based dataflow laundering example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class ExpandedExceptionalLaunder { | |
| public static void main(String[] args) { | |
| String sensitive = "SECRET_DATA"; | |
| try { | |
| pilfer(sensitive); | |
| } catch (Exception e){ | |
| leak(errorReport(e)); | |
| } | |
| } |
OlderNewer