Friday, September 12, 2014

Java Hack --- external private method access

Using reflection, you can access the private methods out side the scope of the class and get the method values.
 Reference: Java World


Our victim class:
********************************

public class Victim
{
 private String getPassword() 
 {
  return "Password";
 }
 
 private int getAge() 
 {
  return 15;
 }
 
 private String getMyName()
 {
  return "Noob";
 }
 
}
 
********************************

Now lets get busy hacking the victim.
 
-------------------------------------------
import java.lang.reflect.Method;

public class HackVictim 
{
 public static void main(String[] args) 
 {
  try
  {
   Class cls = Class.forName("package.name.Victim");
   Object obj = cls.newInstance();
   Method[] methods =  cls.getDeclaredMethods();
   for( int i = 0 ; i < methods.length ; i++ )
   {
    System.out.println("Method Name--->>>"+methods[i].getName());
    System.out.println("Method Return Type--->>>"+methods[i].getReturnType());
    methods[i].setAccessible(true);
    System.out.println("Method Value--->>>"+methods[i].invoke(obj));
   }
  }
  catch( Exception e )
  {
   e.printStackTrace();
  }
 }
}
---------------------------------------------
You are all set. :)

Music...