Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/chains-project/exploits-for-sbom.exe

that's the sound of sbom.exe

https://github.com/chains-project/exploits-for-sbom.exe

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (2.1%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

that's the sound of sbom.exe

Basic Info
  • Host: GitHub
  • Owner: chains-project
  • Language: Java
  • Default Branch: main
  • Homepage:
  • Size: 455 MB
Statistics
  • Stars: 0
  • Watchers: 6
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created about 2 years ago · Last pushed 12 months ago
Metadata Files
Readme

README.md

Exploits for sbom.exe

The commands needed to run the the fingerprint phase and the agent.

commons-configuration (CVE-2022-33980)

fingerprint

shell java -jar classfile-fingerprint/target/classfile-fingerprint-0.13.1-SNAPSHOT.jar jdk -o ./sb2.jsonl java -jar classfile-fingerprint/target/classfile-fingerprint-0.13.1-SNAPSHOT. jar supply-chain -i ./sb2.jsonl -s rq2/commons-configuration-2022-33980/src/main/resources/bom.json java -jar classfile-fingerprint/target/classfile-fingerprint-0.13.1-SNAPSHOT. jar runtime -i ./sb2.jsonl -mj commons-configuration-2022-33980 --cleanup -p rq2/

agent

shell java -javaagent:../../sbom.exe-artifacts/watchdog-agent-0.14.0-jar=skipShutdown=false,sbom=rq2/commons-configuration-2022-33980/index.jsonl @src/main/resources/payload.txt

h2-console (CVE-2021-42392)

fingerprint

shell java -jar ../../sbom.exe-artifacts/classfile-fingerprint-0.14.0.jar jdk -o ./sb.jsonl java -jar ../../sbom.exe-artifacts/classfile-fingerprint-0.14.0.jar -i ./sb1.jsonl -s rq2/h2-console-2021-42392/src/main/resources/bom.json java -jar ../../sbom.exe-artifacts/classfile-fingerprint-0.14.0.jar runtime -i ./sb1.jsonl -mj h2-console-2021-42392 --cleanup -p rq2

agent

shell java -javaagent:../../sbom.exe-artifacts/watchdog-agent-0.14.0-jar=skipShutdown=false,sbom=sb1.jsonl -jar rq2/h2-console-2021-42392/target/h2-console-2021-42392-1.0-SNAPSHOT.jar

log4shell (CVE-2021-44228)

fingerprint

shell java -jar ../../sbom.exe-artifacts/classfile-fingerprint-0.14.0.jar jdk -o ./sb.jsonl java -jar ../../sbom.exe-artifacts/classfile-fingerprint-0.14.0.jar supply-chain -i ./sb.jsonl -s ../log4shell-poc/client/src/main/resources/bom.json java -jar ../../sbom.exe-artifacts/classfile-fingerprint-0.14.0.jar runtime -i ./sb.jsonl -mj log4shell-poc --cleanup -p rq2/log4shell-2021-44228

agent

shell java -javaagent:../../sbom.exe-artifacts/watchdog-agent-0.14.0.jar=skipShutdown=true,sbom=sb.jsonl -jar ../log4shell-poc/client/target/log4shell-poc-1.0-SNAPSHOT.jar

Starting up of the JNDI server

shell cd rogue-jndi java -jar target/RogueJndi-1.1.jar --command "gedit /etc/passwd"

Owner

  • Name: CHAINS research project at KTH Royal Institute of Technology
  • Login: chains-project
  • Kind: organization

"Consistent Hardening and Analysis of Software Supply Chains" at KTH, funded by SSF

GitHub Events

Total
  • Delete event: 1
  • Issue comment event: 3
  • Push event: 14
  • Pull request event: 4
  • Create event: 2
Last Year
  • Delete event: 1
  • Issue comment event: 3
  • Push event: 14
  • Pull request event: 4
  • Create event: 2

Committers

Last synced: about 1 year ago

All Time
  • Total Commits: 69
  • Total Committers: 1
  • Avg Commits per committer: 69.0
  • Development Distribution Score (DDS): 0.0
Past Year
  • Commits: 69
  • Committers: 1
  • Avg Commits per committer: 69.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
Aman Sharma m****0@g****m 69

Issues and Pull Requests

Last synced: over 1 year ago

All Time
  • Total issues: 0
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 0
  • Total pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
  • algomaster99 (2)
Top Labels
Issue Labels
Pull Request Labels

Dependencies

pom.xml maven
  • org.junit.jupiter:junit-jupiter-api 5.10.2 test
rq1/pom.xml maven
rq2/pom.xml maven
rq2/commons-configuration-2022-33980/pom.xml maven
  • org.apache.commons:commons-configuration2
rq2/h2-console-2021-42392/pom.xml maven
  • com.h2database:h2
rq2/log4shell-2021-44228/pom.xml maven
  • org.apache.logging.log4j:log4j-core
rq3_rq4/avrora/pom.xml maven
  • org.openjdk.jmh:jmh-core
  • org.openjdk.jmh:jmh-generator-annprocess
rq3_rq4/batik/pom.xml maven