Vulnerability Development mailing list archives
RE: JavaSecurity
From: "Cushing, David" <David.Cushing () hitachisoftware com>
Date: Wed, 13 Mar 2002 09:38:48 -0500
This might be better suited to a java newsgroup, but... Your prompt is c:\, your CLASSPATH is ../../... That seems incorrect. Did you put a package statement in your rogue class (i,e, package java.lang)? Did you re-package rt.jar or try to use it in "un-jarred" form? Where are rt.jar or the unjarred files? This exception always means the object could not be found. Check your classpath, check your jar files, file permissions, etc. If you're not familiar with how classpath finds classes, check out: http://java.sun.com/j2se/1.4/docs/tooldocs/findingclasses.html HTH, David
-----Original Message----- From: r s [mailto:richard.scott () bestbuy com] Sent: Tuesday, March 12, 2002 2:15 PM To: vuln-dev () securityfocus com Subject: JavaSecurity I am trying to replace a class in Java's runtime rt.jar file. I compiled the rogue class, placed it in the extracted jar file with zero compression. now when I compile code aginst it I get: C:\>javac -classpath ../../.. String.java Error occurred during initialization of VM java/lang/NoClassDefFoundError: java/lang/Object This "exploit" was tailored around what Scott Oaks mentioned in his book JavaSecurity. however, I seem not to be able to exploit it. Any tips?
Current thread:
- JavaSecurity r s (Mar 12)
- <Possible follow-ups>
- RE: JavaSecurity Scott, Richard (Mar 13)
- Re: JavaSecurity KF (Mar 13)
- RE: JavaSecurity Cushing, David (Mar 13)