Browse Source

rm useless classes

master
Manvan33 8 months ago
parent
commit
07e463b004
  1. 13
      attacker/http/src/RCEMain.java
  2. 40
      attacker/http/src/SerializedClass.java

13
attacker/http/src/RCEMain.java

@ -1,13 +0,0 @@
// Demonstration main method for remote code execution
//
// TWO COPIES OF THIS FILE EXIST:
// * src/attacker_codebase/src/RCEMain.java
// * src/attacker_ldap_registry_setup/codebase/RCEMain.java
// The former is more up to date than the latter and should be trusted in case
// of discrepancy.
public class RCEMain {
public static void rceMain() {
System.out.println("Function rceMain called!");
}
}

40
attacker/http/src/SerializedClass.java

@ -1,40 +0,0 @@
// A class to demonstrate serialization
//
// This class serves to demonstrate an alternative to the factory-based
// approach. An object of this class is serialized and stored in the LDAP
// registry, then deserialized to have its `toString` method called.
//
// TWO COPIES OF THIS FILE EXIST:
// * src/attacker_codebase/src/SerializedClass.java
// * src/attacker_ldap_registry_setup/codebase/SerializedClass.java
// The former is more up to date than the latter and should be trusted in case
// of discrepancy.
import java.io.Serializable;
public class SerializedClass implements Serializable {
// Random serialization constant
public static final long serialVersionUID = 42L;
private String message;
public SerializedClass(String message) {
this.message = message;
}
@Override
public String toString() {
// Add instrumentation
System.out.println("RCE Acheived in SerializedClass::toString!");
// Do whatever we want
RCEMain.rceMain();
// We could choose not to return. However, the caller is expecting an
// object of String. I choose to give them something.
return "SerializedClass(\"" + message + "\")";
}
}
Loading…
Cancel
Save