|
|
|
Trusted Method Chaining for Network Interface details |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Here's yet another Trusted Method Chaining instance. This one can be used for listing network interface details. No need for anything tricky such as classes created with a custom compiler this time. However, since this is an information leak, it's not simply enough to call the method - we need to get our hands on the return value, as well. I'm not sure if it could be scraped off of the screen, but it's really simple to define our own renderer to which the GUI passes the information quite handily. By the way, this instance and the previous one along with some others were uncovered by a prototype of an automated tool that searches a set of classes for interesting chaining instances. This one's simple java.net.NetworkInterface.getNetworkInterfaces returns an Enumeration of network interfaces, in the form of NetworkInterface objects. NetworkInterface.toString calls getInetAddresses NetworkInterface.getInetAddresses has a security check, so it can't be called directly To create the chain Put all NetworkInterface objects in a JList Make JList visible To get the programmatic access to the values, we can set a DefaultListCellRenderer subclass as the renderer for the JList. The setText method of our renderer receives all displayed values. Here's an example that gets all the interface information and dumps it to the Java console. It probably gets repeated a few times because of how the Java GUI works 001 package ex6.chaining.networkinterfaces 002 003 import java.applet.Applet 004 import java.net.NetworkInterface 005 import java.util.Enumeration 006 import java.util.Vector 007 008 import javax.swing.DefaultListCellRenderer 009 import javax.swing.JList 010 011 public class Example extends Applet 012 public void start 013 Vector interfaceList new Vector 014 try 015 Enumeration en NetworkInterface.getNetworkInterfaces 016 while en.hasMoreElements 017 interfaceList.add en.nextElement 018 019 catch Exception e 020 e.printStackTrace 021 022 JList jlist new JList interfaceList 023 jlist.setCellRenderer new DefaultListCellRenderer 024 025 public void setText String text 026 System.out.println text 027 super.setText text 028 029 030 this.add jlist 031 032 It should vomit something like this on the Java console System.out Linux name eth1 eth1 index 3 addresses fe80 0 0 0 212 34ff fe56 789apourcents3 172.21.0.108 name lo lo index 1 addresses 0 0 0 0 0 0 0 1pourcents1 127.0.0.1 ... Windows name lo MS TCP Loopback interface index 1 addresses 127.0.0.1 name eth0 AMD PCNET Family PCI Ethernet Adapter - Miniporta do agendador de pacotes index 65539 addresses 172.21.0.110 ...
Les mots clés de la revue de presse pour cet article : network interface
Les videos sur SecuObs pour les mots clés : network interface
Les éléments de la revue Twitter pour les mots clé : network interface
Les derniers articles du site " Slightly Random Broken Thoughts" :
- Java 6 update 26 is out
- Inflated Java Malware Infection Rates
- Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
- Java JFileChooser Programmatic Manipulation Vulnerability
- Trusted Method Chaining for Network Interface details
- Trusted Method Chaining to a System.exit
- Hazards of Duke
- Java 6 Update 22 is out
- Breaking Defensive Serialization
- Why Complex Powerful is a bad combination for security
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
