PHDays 2013 - Java everyday

  • Published on
    20-Jun-2015

  • View
    679

  • Download
    2

Embed Size (px)

DESCRIPTION

Системный анализ эксплойтов нулевого дня

Transcript

<ul><li> 1. Java Everyday Java @dukebarman 2013</li></ul> <p> 2. Java ? 3. Java-0day.com 4. - 5. Java 6. 7. Private Protected Public Package 8. - Java () 9. Security Manager. Policy Server Applet () Application Java.policyC:Program FilesJavajre7libsecurity 10. Security Manager.Classloader Java . , java 11. Security Manager.Namespace 12. 7u10 java ( ) 13. ( . reflexio - ) - .: Class c = Class.forName("com.mysql.jdbc.Driver"); Method method = c.getMethod("getCalculateRating", paramTypes) 14. / - - , BlackBox b=new BlackBox(); // target Applet instanceByteArrayOutputStream baos=new ByteArrayOutputStream();ObjectOutputStream oos=new ObjectOutputStream(baos);oos.writeObject(b);FileOutputStream fos=new FileOutputStream("BlackBox.ser");fos.write(baos.toByteArray());fos.close(); 15. 16. JDK Eclipse 4.2 - : Jd-gui Jad 17. http://feeling.sourceforge.net/update: Jad + JD-core- 18. http://sourceforge.net/projects/drgarbagetools/files/eclipse/4.2/stable- 19. JDK Window -&gt; Preferences -&gt; Java -&gt; InstalledJREs Edit , rt.jar, Source Attachment -&gt; External Location , :C:Program FilesJavajdk1.7.0_10src.zip 20. 21. Security Manager C:Program FilesJavajre7libsecurity bin java.policy.applet -Djava.security.manager -Djava.security.policy=java.policy 22. Linux: terminal -&gt; cd /java/jre1.6.0_24 -&gt; ./ControlPanel Windows: 23. : http://cve.mitre.org http://cvedetails.com http://osvdb.org https://bugzilla.redhat.com: http://grepcode.com/ http://openjdk.java.net/ 24. 2013-0422 25. 1 26. 2 jar 27. 3 28. 29. 30. 31. .class 32. , 33. Class Payload -&gt; Class Sdfuhw Array shellcode -&gt; Array qdjghheg 34. String art=artexploit;String art=art,art1=exp,art2=loit; String art=art111exp1111lo111it;art.replace(111,); xor, etc. 35. 36. 37. 38. java.lang.Class public static Class forName(String className) throwsClassNotFoundException public Method getMethod(String name, Class...parameterTypes) throws NoSuchMethodException,SecurityException public Object newInstance() throws InstantiationException,IllegalAccessException java.lang.reflect.Method public Object invoke(Object obj, Object[] args) throwsIllegalAccessException, IllegalArgumentException,InvocationTargetException 39. 40. 41. 42. Metasploit, canvas, , Ruby metasploit Perl, python Java, metasploit , 43. ? 44. TZOR.ru!b.ryutin@tzor.ru</p>