forked from breenmachine/JavaUnserializeExploits
-
Notifications
You must be signed in to change notification settings - Fork 194
/
DecodeObject.java
49 lines (47 loc) · 1.36 KB
/
DecodeObject.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import java.util.Base64;
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;
import java.io.OptionalDataException;
import java.io.StreamCorruptedException;
import java.util.Arrays;
public class DecodeObject{
public static void main(String args[]) throws Exception{
int skip=0;
int remainder = 0;
String b64 = args[0];
byte[] bytes = Base64.getDecoder().decode(b64);
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
int origSize = bis.available();
System.out.println("Data Length: "+origSize);
Object o = null;
while(o == null){
try{
bis.reset();
bis.skip(skip);
ObjectInputStream ois = new ObjectInputStream(bis);
o = ois.readObject();
System.out.println("Object found...");
System.out.println(o.getClass().getName());
System.out.println("Bytes skipped: "+skip);
System.out.println("Bytes left: "+bis.available());
skip = origSize - bis.available();
}
catch (StreamCorruptedException ode){
skip = skip+1;
bis.skip(1);
}
catch (OptionalDataException ode){
bis.skip(1);
skip = skip+1;
}
catch (ClassNotFoundException cnf)
{
System.out.println("Object found..."+cnf.getMessage());
System.out.println("Bytes skipped: "+skip);
System.out.println("Bytes left: "+bis.available());
skip = origSize - bis.available();
}
}
}
}