This might be better suited to a java newsgroup, but... Your prompt is c:\, your CLASSPATH is ../../... That seems incorrect. Did you put a package statement in your rogue class (i,e, package java.lang)? Did you re-package rt.jar or try to use it in "un-jarred" form? Where are rt.jar or the unjarred files? This exception always means the object could not be found. Check your classpath, check your jar files, file permissions, etc. If you're not familiar with how classpath finds classes, check out: http://java.sun.com/j2se/1.4/docs/tooldocs/findingclasses.html HTH, David > -----Original Message----- > From: r s [mailto:richard.scottat_private] > Sent: Tuesday, March 12, 2002 2:15 PM > To: vuln-devat_private > Subject: JavaSecurity > > > > > I am trying to replace a class in Java's runtime rt.jar > > file. > > > > I compiled the rogue class, placed it in the extracted > > jar file with zero compression. > > > > now when I compile code aginst it I get: > > > > C:\>javac -classpath ../../.. String.java > > Error occurred during initialization of VM > > java/lang/NoClassDefFoundError: java/lang/Object > > > > This "exploit" was tailored around what Scott Oaks > > mentioned in his book JavaSecurity. > > > > however, I seem not to be able to exploit it. > > > > Any tips? > >
This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 09:16:37 PST