Government Security
Network Security Resources

Jump to content

Java In-Memory Class Loading

- - - - - bug exploit exploitation java exploiting apple payload
  • Please log in to reply
2 replies to this topic

#1 Guest_DiabloHorn_*

Guest_DiabloHorn_*
  • Guests

Posted 05 November 2010 - 09:50 AM

I'm sorry for linking to my blog, but i hate writing things down several times, perfer to write once read everywhere. This is all about custom class loaders in java and the fact that you can use them for some fun stuff when combining them with signed applet attacks. During the writing of the article I had some new ideas also but well...you can't have time to write a POC for everything. Here is a little introduction:

So, just when you think hypes don’t affect you, a new hype gets your attention. Lately Java has hit the news as one of the latest risks and it’s pretty well abused for exploitation. Luckily we all know that exploiting “bugs” is not the only way to abuse Java. You can also abuse the trust Java places in digitally signed code, I’ve blogged about this issue before. Nowadays metasploit/SET even has a ready to use module for it. If you are wondering what all this has to do, with in-memory class loading…well sometimes when executing a java attack you want to make it harder for someone to detect your payload and you also want to leave less traces behind. In terms of Java I think that class loading is the thing that comes the closest to traditional in-memory execution. So let’s get started on making it harder for an investigator to investigate.

Here is the lay-out of what we will be doing:

1. Create a digitally signed Java class loader;
2. Create the Java payload we want to load in-memory and obfuscate it;
3. Test it.
4. Conclusion and References

The fun part about all this, is the fact, that is has been around as long as digitally signing code for Java has been around. A lot of Java software out there uses class loading as a means of extending itself (plugins and such) and/or adding dynamic code functionality.


You can find the article over here:

http://diablohorn.wo...-class-loading/

#2 Juza

Juza

    Specialist

  • Sergeant Major
  • 149 posts

Posted 05 November 2010 - 02:47 PM

Very nice DiabloHorn!
I have something that does the same, but your way is better! (I will post it!)

Thanks for share!
Go to iamjuza.blogspot.com
Follow me twitter.com/iamjuza

The true beginning of our end.


#3 Guest_DiabloHorn_*

Guest_DiabloHorn_*
  • Guests

Posted 05 November 2010 - 03:43 PM

glad you like it :) still needs some ironing out the rough edges. Hope I made the main idea clear with the messy snippets I provided.





Also tagged with one or more of these keywords: bug, exploit, exploitation, java, exploiting, apple, payload