Re: JavaSecurity

[KF <dotslash () snosoft com>]

Out of curriosity what are you trying to accomplish... I have worked 
with using java to make exploits several times, but I am not quite sure 
what you are trying to do. Are you trying to exploit a condition inside 
a JVM? or are you just trying to use java in general to make an exploit? 
Heres a generic java exploit code generator that may help you out if 
your just making a generic exploit.

http://d0tslash.def-con.org/cmdlnex.java

> This "exploit" was tailored around what Scott Oaks 
> mentioned in his book JavaSecurity.

Can you perhaps enlighten us with a brief snippet of this section of his 
book? (I just realised I have this book... got a page number?)

If you are trying to exploit some condition inside the VM iteself a 
little more information would be nice. 
-KF


Scott, Richard wrote:

> I actually packaged the classes in java.lang:
>
> Jar cvf0 new_rt.jar <dir1> <dir2> <dir3> <dir4> .......
>
> The reason why I am posting here is that I am working on an exploit.  I was
> hoping to see if anyone else has worked on replacing core classes in a
> package..... with a rogue one.
>
> Cheers
> r.
>
>
> Richard Scott
> INFORMATION SECURITY
> Best Buy World Headquarters
> 7075 Flying Cloud Drive
> Eden Prairie, MN 55344 USA
>
> The views expressed in this email do not represent Best Buy
> or any of its subsidiaries
>
> -----Original Message-----
> From: 	Cushing, David [mailto:David.Cushing () hitachisoftware com] 
> Sent:	Wednesday, March 13, 2002 8:39 AM
> To:     r s; vuln-dev () securityfocus com
> Subject:        RE: JavaSecurity
>
> This might be better suited to a java newsgroup, but...
>
> Your prompt is c:\, your CLASSPATH is ../../...  That seems incorrect.  
>
> Did you put a package statement in your rogue class (i,e, package
> java.lang)?
>
> Did you re-package rt.jar or try to use it in "un-jarred" form?
>
> Where are rt.jar or the unjarred files?
>
> This exception always means the object could not be found.  Check your
> classpath, check your jar files, file permissions, etc.
>
> If you're not familiar with how classpath finds classes, check out:
> http://java.sun.com/j2se/1.4/docs/tooldocs/findingclasses.html
>
> HTH,
> David
>
>
> > -----Original Message-----
> > From: r s [mailto:richard.scott () bestbuy com]
> > Sent: Tuesday, March 12, 2002 2:15 PM
> > To: vuln-dev () securityfocus com
> > Subject: JavaSecurity
> >
> >
> >
> >
> > I am trying to replace a class in Java's runtime rt.jar 
> >
> > file.
> >
> >
> >
> > I compiled the rogue class, placed it in the extracted 
> >
> > jar file with zero compression.
> >
> >
> >
> > now when I compile code aginst it I get:
> >
> >
> >
> > C:\>javac -classpath ../../.. String.java
> >
> > Error occurred during initialization of VM
> >
> > java/lang/NoClassDefFoundError: java/lang/Object
> >
> >
> >
> > This "exploit" was tailored around what Scott Oaks 
> >
> > mentioned in his book JavaSecurity.
> >
> >
> >
> > however, I seem not to be able to exploit it.
> >
> >
> >
> > Any tips?