java-sec
diff --git a/‎README.md
Lines changed: 7 additions & 5 deletions b/‎README.md
Lines changed: 7 additions & 5 deletions
diff --git a/‎Serialization/ClassLoad/src/main/java/org/example/AppClassLoaderDemo.java
Lines changed: 28 additions & 0 deletions b/‎Serialization/ClassLoad/src/main/java/org/example/AppClassLoaderDemo.java
Lines changed: 28 additions & 0 deletions
diff --git a/‎Serialization/AttackJar/src/main/java/org/example/Exec.java renamed to ‎Serialization/ClassLoad/src/main/java/org/example/Exec.java b/‎Serialization/AttackJar/src/main/java/org/example/Exec.java renamed to ‎Serialization/ClassLoad/src/main/java/org/example/Exec.java
diff --git a/‎Serialization/AttackJar/src/main/java/org/example/ExecArg.java renamed to ‎Serialization/ClassLoad/src/main/java/org/example/ExecArg.java b/‎Serialization/AttackJar/src/main/java/org/example/ExecArg.java renamed to ‎Serialization/ClassLoad/src/main/java/org/example/ExecArg.java
diff --git a/‎Serialization/AttackJar/src/main/java/org/example/Run.java renamed to ‎Serialization/ClassLoad/src/main/java/org/example/URLClassLoaderDemo.java
Lines changed: 2 additions & 16 deletions b/‎Serialization/AttackJar/src/main/java/org/example/Run.java renamed to ‎Serialization/ClassLoad/src/main/java/org/example/URLClassLoaderDemo.java
Lines changed: 2 additions & 16 deletions
@@ -42,7 +42,7 @@ By. Whoopsunix
   - [Sqlite](#sqlite)
 - [0x06 Serialization](#0x06-serialization)
   - [BCEL](#bcel)
-  - [远程Jar加载](#remotejar)
+  - [远程类加载](#remotejar)
   - [XMLSerialization](#xmlserialization)
     - [JavaBean](#jarbean)
     - [XStream](#xstream)
@@ -216,11 +216,13 @@ Version Test
 - [x] 构造方法触发
 - [x] 方法触发
 
-## [RemoteJar](Serialization/AttackJar)
+## [RemoteJar](Serialization/ClassLoad)
 
-- [x] static 触发
-- [x] 构造方法触发
-- [x] 方法触发
+- [x] URLClassLoader
+  - [x] static 触发
+  - [x] 构造方法触发
+  - [x] 方法触发
+- [x] AppClassLoader
 
 ## [XMLSerialization](Serialization/XMLSerialization)
 
 
@@ -0,0 +1,28 @@
+package org.example;
+
+import java.lang.reflect.Method;
+import java.util.Base64;
+
+/**
+ * @author Whoopsunix
+ */
+public class AppClassLoaderDemo {
+    public static void main(String[] args) throws Exception{
+        /**
+         * Base64解密后加载
+         */
+        // generate
+//        String b64Str = new B64().encodeJavaClass(Exec.class);
+
+        String b64Str = "yv66vgAAADQAIgoABwAVCgAWABcIABgKABYAGQcAGgcAGwcAHAEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQASTG9yZy9leGFtcGxlL0V4ZWM7AQANU3RhY2tNYXBUYWJsZQcAGwcAGgEACDxjbGluaXQ+AQAKU291cmNlRmlsZQEACUV4ZWMuamF2YQwACAAJBwAdDAAeAB8BABZvcGVuIC1hIENhbGN1bGF0b3IuYXBwDAAgACEBABNqYXZhL2xhbmcvRXhjZXB0aW9uAQAQb3JnL2V4YW1wbGUvRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7ACEABgAHAAAAAAACAAEACAAJAAEACgAAAGoAAgACAAAAEiq3AAG4AAISA7YABFenAARMsQABAAQADQAQAAUAAwALAAAAFgAFAAAABwAEAAkADQALABAACgARAAwADAAAAAwAAQAAABIADQAOAAAADwAAABAAAv8AEAABBwAQAAEHABEAAAgAEgAJAAEACgAAAE8AAgABAAAADrgAAhIDtgAEV6cABEuxAAEAAAAJAAwABQADAAsAAAASAAQAAAAQAAkAEgAMABEADQATAAwAAAACAAAADwAAAAcAAkwHABEAAAEAEwAAAAIAFA==";
+
+        byte[] bytes = Base64.getDecoder().decode(b64Str);
+//        ClassLoader classLoader = this.getClass().getClassLoader();
+        ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+
+        Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
+        defineClassMethod.setAccessible(true);
+        Class<?> loadedClass = (Class<?>) defineClassMethod.invoke(classLoader, bytes, 0, bytes.length);
+        loadedClass.newInstance();
+    }
+}
@@ -5,8 +5,9 @@
 
 /**
  * @author Whoopsunix
+ * URLClassLoader 类加载
  */
-public class Run {
+public class URLClassLoaderDemo {
     public static void main(String[] args) throws Exception {
         /**
          * 调用 static
@@ -45,21 +46,6 @@ public static void main(String[] args) throws Exception {
 //        loadedClass.getMethod("exec", String.class).invoke(object, "open -a Calculator.app");
 
 
-        /**
-         * Base64解密后加载
-         */
-        // generate
-//        String b64Str = new B64().encodeJavaClass(Exec.class);
-
-        String b64Str = "yv66vgAAADQAIgoABwAVCgAWABcIABgKABYAGQcAGgcAGwcAHAEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQASTG9yZy9leGFtcGxlL0V4ZWM7AQANU3RhY2tNYXBUYWJsZQcAGwcAGgEACDxjbGluaXQ+AQAKU291cmNlRmlsZQEACUV4ZWMuamF2YQwACAAJBwAdDAAeAB8BABZvcGVuIC1hIENhbGN1bGF0b3IuYXBwDAAgACEBABNqYXZhL2xhbmcvRXhjZXB0aW9uAQAQb3JnL2V4YW1wbGUvRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABFqYXZhL2xhbmcvUnVudGltZQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsBAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7ACEABgAHAAAAAAACAAEACAAJAAEACgAAAGoAAgACAAAAEiq3AAG4AAISA7YABFenAARMsQABAAQADQAQAAUAAwALAAAAFgAFAAAABwAEAAkADQALABAACgARAAwADAAAAAwAAQAAABIADQAOAAAADwAAABAAAv8AEAABBwAQAAEHABEAAAgAEgAJAAEACgAAAE8AAgABAAAADrgAAhIDtgAEV6cABEuxAAEAAAAJAAwABQADAAsAAAASAAQAAAAQAAkAEgAMABEADQATAAwAAAACAAAADwAAAAcAAkwHABEAAAEAEwAAAAIAFA==";
-
-        byte[] bytes = Base64.getDecoder().decode(b64Str);
-//        ClassLoader classLoader = this.getClass().getClassLoader();
-        ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
 
-        Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
-        defineClassMethod.setAccessible(true);
-        Class<?> loadedClass = (Class<?>) defineClassMethod.invoke(classLoader, bytes, 0, bytes.length);
-        loadedClass.newInstance();
     }
 }