Package com.jsql.model.accessible

Class ResourceAccess

java.lang.Object
com.jsql.model.accessible.ResourceAccess
public class ResourceAccess extends Object
Resource access object. Get information from file system, commands, webpage.

  • Field Details

    • filenameWebshell

      public final String filenameWebshell
      File name for web shell.

    • filenameSqlshell

      public final String filenameSqlshell
      File name for sql shell.

    • filenameUpload

      public final String filenameUpload
      File name for upload form.

  • Constructor Details

    • ResourceAccess

      public ResourceAccess(InjectionModel injectionModel)

  • Method Details

    • createAdminPages

      public int createAdminPages(String urlInjection, List<String> pageNames)
      Check if every page in the list responds 200 Success.
      Parameters:
      urlInjection -
      pageNames - List of admin pages to test
      Returns:

    • callAdminPage

      public int callAdminPage(CompletionService<CallableHttpHead> taskCompletionService, int nbAdminPagesFound)

    • logSearchAdminPage

      public void logSearchAdminPage(int nbAdminPagesFound, int submittedTasks, int tasksHandled)

    • createWebShell

      public void createWebShell(String pathShell, String urlShell) throws JSqlException
      Throws:
      JSqlException

    • createSqlShell

      public void createSqlShell(String pathShell, String urlShell, String username, String password) throws JSqlException
      Throws:
      JSqlException

    • createShell

      public void createShell(String pathShell, String urlShell, String property, String filename, BiFunction<String,String,Request> biFunctionGetRequest) throws JSqlException
      Create shell on remote server
      Parameters:
      pathShell - Script to create on the server
      urlShell - URL for the script (used for url rewriting)
      Throws:
      JSqlException

    • runCommandShell

      public String runCommandShell(String urlCommand)
      Parameters:
      urlCommand -
      Returns:

    • runWebShell

      public String runWebShell(String command, UUID uuidShell, String urlShell)
      Run a shell command on host.
      Parameters:
      command - The command to execute
      uuidShell - An unique identifier for terminal
      urlShell - Web path of the shell

    • runSqlShell

      public String runSqlShell(String command, UUID uuidShell, String urlShell, String username, String password)
      Execute SQL request into terminal defined by URL path, eventually override with database user/pass identifiers.
      Parameters:
      command - SQL request to execute
      uuidShell - Identifier of terminal sending the request
      urlShell - URL to send SQL request against
      username - User name [optional]
      password - USEr password [optional]

    • uploadFile

      public void uploadFile(String pathFile, String urlFile, File file) throws JSqlException, IOException, InterruptedException
      Upload a file to the server.
      Parameters:
      pathFile - Remote path of the file to upload
      urlFile - URL of uploaded file
      file - File to upload
      Throws:
      JSqlException
      IOException
      InterruptedException

    • isReadingNotAllowed

      public boolean isReadingNotAllowed() throws JSqlException
      Check if current user can read files.
      Returns:
      True if user can read file, false otherwise
      Throws:
      JSqlException - when an error occurs during injection

    • readFile

      public List<String> readFile(List<String> pathsFiles) throws JSqlException, InterruptedException, ExecutionException
      Attempt to read files in parallel by their path from the website using injection. Reading file needs a FILE right on the server. The user can interrupt the process at any time.
      Parameters:
      pathsFiles - List of file paths to read
      Throws:
      JSqlException - when an error occurs during injection
      InterruptedException - if the current thread was interrupted while waiting
      ExecutionException - if the computation threw an exception

    • stopSearchingFile

      public void stopSearchingFile()
      Mark the search of files to stop. Any ongoing file reading is interrupted and any new file read is cancelled.

    • isSearchAdminStopped

      public boolean isSearchAdminStopped()

    • setSearchAdminStopped

      public void setSearchAdminStopped(boolean isSearchAdminStopped)

    • setScanStopped

      public void setScanStopped(boolean isScanStopped)

    • isScanStopped

      public boolean isScanStopped()

    • isSearchFileStopped

      public boolean isSearchFileStopped()

    • setSearchFileStopped

      public void setSearchFileStopped(boolean isSearchFileStopped)

    • getCallablesReadFile

      public List<CallableFile> getCallablesReadFile()