Package com.jsql.model.accessible
Class ResourceAccess
java.lang.Object
com.jsql.model.accessible.ResourceAccess
Resource access object.
Get information from file system, commands, webpage.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionintcallAdminPage(CompletionService<CallableHttpHead> taskCompletionService, int nbAdminPagesFound) callCommand(String urlCommand) checkUrls(String urlExploit, String nameExploit, BinaryOperator<String> biFuncGetRequest) intcreateAdminPages(String urlInjection, List<String> pageNames) Check if every page in the list responds 200 Success.getResultWithCatch(String query, String metadata) booleanCheck if current user can read files.booleanbooleanvoidlogSearchAdminPage(int nbAdminPagesFound, int submittedTasks, int tasksHandled) Attempt to read files in parallel by their path from the website using injection.Execute SQL request into terminal defined by URL path, eventually override with database user/pass identifiers.runSqlShell(String command, UUID uuidShell, String urlExploit, String username, String password, boolean isResultSentToView) runWebShell(String command, UUID uuidShell, String urlExploit) Run a shell command on host.voidsetScanStopped(boolean isScanStopped) voidvoidMark the search of files to stop.upload(File file, String url, InputStream streamToUpload)
-
Field Details
-
WEB_CONFIRM_CMD
-
WEB_CONFIRM_RESULT
- See Also:
-
SQL_CONFIRM_CMD
- See Also:
-
SQL_CONFIRM_RESULT
- See Also:
-
SQL_DOT_PHP
- See Also:
-
EXPLOIT_DOT_UPL
- See Also:
-
EXPLOIT_DOT_WEB
- See Also:
-
UPLOAD_SUCCESSFUL
- See Also:
-
UPLOAD_FAILURE
- See Also:
-
LOID_NOT_FOUND
- See Also:
-
ADD_LOID
- See Also:
-
WRITE_LOID
- See Also:
-
READ_LOID
- See Also:
-
ADD_FUNC
- See Also:
-
RUN_FUNC
- See Also:
-
BODY_CONFIRM
- See Also:
-
UDF_RUN_CMD
- See Also:
-
TBL_CREATE
- See Also:
-
TBL_FILL
- See Also:
-
TBL_DUMP
- See Also:
-
TBL_DROP
- See Also:
-
TBL_READ
- See Also:
-
FILE_READ
- See Also:
-
TEMPLATE_ERROR
- See Also:
-
-
Constructor Details
-
ResourceAccess
-
-
Method Details
-
createAdminPages
Check if every page in the list responds 200 Success.- Parameters:
pageNames- List of admin pages to test
-
callAdminPage
public int callAdminPage(CompletionService<CallableHttpHead> taskCompletionService, int nbAdminPagesFound) -
logSearchAdminPage
public void logSearchAdminPage(int nbAdminPagesFound, int submittedTasks, int tasksHandled) -
checkUrls
public String checkUrls(String urlExploit, String nameExploit, BinaryOperator<String> biFuncGetRequest) -
callCommand
-
runWebShell
Run a shell command on host.- Parameters:
command- The command to executeuuidShell- An unique identifier for terminalurlExploit- Web path of the shell
-
runSqlShell
public String runSqlShell(String command, UUID uuidShell, String urlExploit, String username, String password) Execute SQL request into terminal defined by URL path, eventually override with database user/pass identifiers.- Parameters:
command- SQL request to executeuuidShell- Identifier of terminal sending the requesturlExploit- URL to send SQL request againstusername- Username [optional]password- password [optional]
-
runSqlShell
-
upload
public HttpResponse<String> upload(File file, String url, InputStream streamToUpload) throws IOException, JSqlException, InterruptedException -
isMysqlReadDenied
Check if current user can read files.- Returns:
- True if user can read file, false otherwise
- Throws:
JSqlException- when an error occurs during injection
-
readFile
public List<String> readFile(List<String> pathsFiles) throws JSqlException, InterruptedException, ExecutionException Attempt to read files in parallel by their path from the website using injection. Reading file needs a FILE right on the server. The user can interrupt the process at any time.- Parameters:
pathsFiles- List of file paths to read- Throws:
JSqlException- when an error occurs during injectionInterruptedException- if the current thread was interrupted while waitingExecutionException- if the computation threw an exception
-
getResult
- Throws:
JSqlException
-
getResultWithCatch
-
stopSearchFile
public void stopSearchFile()Mark the search of files to stop. Any ongoing file reading is interrupted and any new file read is cancelled. -
stopSearchAdmin
public void stopSearchAdmin() -
getExploitSqlite
-
getExploitMysql
-
getExploitOracle
-
getExploitPostgres
-
isSearchAdminStopped
public boolean isSearchAdminStopped() -
setScanStopped
public void setScanStopped(boolean isScanStopped) -
isScanStopped
public boolean isScanStopped() -
getExploitHsqldb
-
getExploitH2
-
getExploitDerby
-