1 | /******************************************************************************* | |
2 | * Copyhacked (H) 2012-2025. | |
3 | * This program and the accompanying materials | |
4 | * are made available under no term at all, use it like | |
5 | * you want, but share and discuss it | |
6 | * every time possible with every body. | |
7 | * | |
8 | * Contributors: | |
9 | * ron190 at ymail dot com - initial implementation | |
10 | ******************************************************************************/ | |
11 | package com.jsql.view.swing.manager; | |
12 | ||
13 | import com.jsql.model.accessible.ExploitMode; | |
14 | import com.jsql.model.exception.JSqlException; | |
15 | import com.jsql.model.injection.vendor.model.Vendor; | |
16 | import com.jsql.util.I18nUtil; | |
17 | import com.jsql.util.LogLevelUtil; | |
18 | import com.jsql.view.swing.manager.util.*; | |
19 | import com.jsql.view.swing.text.JPasswordFieldPlaceholder; | |
20 | import com.jsql.view.swing.text.JPopupTextField; | |
21 | import com.jsql.view.swing.text.JTextFieldPlaceholder; | |
22 | import com.jsql.view.swing.text.JToolTipI18n; | |
23 | import com.jsql.view.swing.util.I18nViewUtil; | |
24 | import com.jsql.view.swing.util.MediatorHelper; | |
25 | import org.apache.commons.lang3.StringUtils; | |
26 | import org.apache.logging.log4j.LogManager; | |
27 | import org.apache.logging.log4j.Logger; | |
28 | ||
29 | import javax.swing.*; | |
30 | import java.awt.*; | |
31 | import java.awt.event.ActionEvent; | |
32 | import java.awt.event.ActionListener; | |
33 | import java.awt.event.ItemEvent; | |
34 | import java.awt.event.ItemListener; | |
35 | import java.io.File; | |
36 | import java.net.URI; | |
37 | import java.net.URISyntaxException; | |
38 | import java.util.Arrays; | |
39 | import java.util.Objects; | |
40 | import java.util.concurrent.atomic.AtomicReference; | |
41 | ||
42 | /** | |
43 | * Manager for uploading PHP SQL shell to the host and send queries. | |
44 | */ | |
45 | public class ManagerExploit extends AbstractManagerList { | |
46 | ||
47 | private static final Logger LOGGER = LogManager.getRootLogger(); | |
48 | public static final String SHELL_URL_TOOLTIP = "SHELL_URL_TOOLTIP"; | |
49 | ||
50 | private final AtomicReference<JTextField> username = new AtomicReference<>(); | |
51 | private final AtomicReference<JTextField> password = new AtomicReference<>(); | |
52 | private final AtomicReference<JTextField> netshare = new AtomicReference<>(); | |
53 | protected final JTextField textfieldUrlShell; | |
54 | ||
55 | public static final String EXPLOIT_UDF = "EXPLOIT_UDF"; | |
56 | public static final String EXPLOIT_WEB = "EXPLOIT_WEB"; | |
57 | public static final String EXPLOIT_SQL = "EXPLOIT_SQL"; | |
58 | public static final String EXPLOIT_UPLOAD = "EXPLOIT_UPLOAD"; | |
59 | ||
60 | private final JComboBox<Object> comboBoxExploitTypes = new JComboBox<>(new Object[]{ | |
61 | new ModelItemType(ManagerExploit.EXPLOIT_UDF, "EXPLOIT_UDF_TOOLTIP"), | |
62 | ComboBoxMethodRenderer.SEPARATOR, | |
63 | new ModelItemType(ManagerExploit.EXPLOIT_WEB, "EXPLOIT_WEB_TOOLTIP"), | |
64 | new ModelItemType(ManagerExploit.EXPLOIT_SQL, "EXPLOIT_SQL_TOOLTIP"), | |
65 | new ModelItemType(ManagerExploit.EXPLOIT_UPLOAD, "EXPLOIT_UPLOAD_TOOLTIP"), | |
66 | }); | |
67 | ||
68 | private final JComboBox<Object> comboBoxExploitModes = new JComboBox<>(new Object[]{ | |
69 | ExploitMode.AUTO, | |
70 | ComboBoxMethodRenderer.SEPARATOR, | |
71 | ExploitMode.QUERY_BODY, | |
72 | ExploitMode.TEMP_TABLE, | |
73 | ComboBoxMethodRenderer.SEPARATOR, | |
74 | ExploitMode.NETSHARE | |
75 | }); | |
76 | ||
77 | public ManagerExploit() { | |
78 | super("swing/list/payload.txt"); | |
79 | ||
80 | var tooltipShellUrl = new AtomicReference<>(new JToolTipI18n(I18nUtil.valueByKey(ManagerExploit.SHELL_URL_TOOLTIP))); | |
81 | var placeholderResult = new JTextFieldPlaceholder(I18nUtil.valueByKey("SHELL_URL_LABEL")) { | |
82 | @Override | |
83 | public JToolTip createToolTip() { | |
84 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$1::createToolTip → NO_COVERAGE |
return tooltipShellUrl.get(); |
85 | } | |
86 | }; | |
87 | this.textfieldUrlShell = new JPopupTextField(placeholderResult).getProxy(); | |
88 |
1
1. <init> : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey("SHELL_URL_LABEL", this.textfieldUrlShell); |
89 |
1
1. <init> : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(ManagerExploit.SHELL_URL_TOOLTIP, tooltipShellUrl.get()); |
90 |
1
1. <init> : removed call to javax/swing/JTextField::setToolTipText → NO_COVERAGE |
this.textfieldUrlShell.setToolTipText(I18nUtil.valueByKey(ManagerExploit.SHELL_URL_TOOLTIP)); |
91 | ||
92 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::buildRunButton → NO_COVERAGE |
this.buildRunButton("SHELL_RUN_BUTTON_LABEL", "SHELL_RUN_BUTTON_TOOLTIP"); |
93 |
1
1. <init> : removed call to com/jsql/view/swing/manager/util/JButtonStateful::setEnabled → NO_COVERAGE |
this.run.setEnabled(false); |
94 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::buildPrivilege → NO_COVERAGE |
this.buildPrivilege(); |
95 | ||
96 | var southPanel = new JPanel(); | |
97 |
1
1. <init> : removed call to javax/swing/JPanel::setLayout → NO_COVERAGE |
southPanel.setLayout(new BoxLayout(southPanel, BoxLayout.Y_AXIS)); |
98 | southPanel.add(this.textfieldUrlShell); | |
99 | southPanel.add(this.lastLine); | |
100 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::add → NO_COVERAGE |
this.add(southPanel, BorderLayout.SOUTH); |
101 | ||
102 | var userPassPanel = new JPanel(); | |
103 | var groupLayout = new GroupLayout(userPassPanel); | |
104 |
1
1. <init> : removed call to javax/swing/JPanel::setLayout → NO_COVERAGE |
userPassPanel.setLayout(groupLayout); |
105 | ||
106 |
1
1. <init> : removed call to com/jsql/view/swing/manager/util/JButtonStateful::addActionListener → NO_COVERAGE |
this.run.addActionListener(new ActionExploit(this.comboBoxExploitTypes)); |
107 | ||
108 | Arrays.asList( | |
109 | new ModelExploit(this.netshare, "EXPLOIT_NETSHARE_LABEL", "EXPLOIT_NETSHARE_TOOLTIP"), | |
110 | new ModelExploit(this.username, "SQL_SHELL_USERNAME_LABEL", "SQL_SHELL_USERNAME_TOOLTIP"), | |
111 | new ModelExploit(this.password, "SQL_SHELL_PASSWORD_LABEL", "SQL_SHELL_PASSWORD_TOOLTIP", true) | |
112 |
1
1. <init> : removed call to java/util/List::forEach → NO_COVERAGE |
).forEach(model -> { |
113 | var tooltip = new AtomicReference<>(new JToolTipI18n(I18nUtil.valueByKey(model.tooltipI18n))); | |
114 |
1
1. lambda$new$0 : negated conditional → NO_COVERAGE |
if (model.isPassword) { |
115 |
1
1. lambda$new$0 : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
model.textfield.set(new JPopupTextField(new JPasswordFieldPlaceholder(I18nUtil.valueByKey(model.labelI18n)) { |
116 | @Override | |
117 | public JToolTip createToolTip() { | |
118 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$2::createToolTip → NO_COVERAGE |
return tooltip.get(); |
119 | } | |
120 | }).getProxy()); | |
121 | } else { | |
122 |
1
1. lambda$new$0 : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
model.textfield.set(new JPopupTextField(new JTextFieldPlaceholder(I18nUtil.valueByKey(model.labelI18n)) { |
123 | @Override | |
124 | public JToolTip createToolTip() { | |
125 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$3::createToolTip → NO_COVERAGE |
return tooltip.get(); |
126 | } | |
127 | }).getProxy()); | |
128 | } | |
129 |
1
1. lambda$new$0 : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(model.labelI18n, model.textfield.get()); |
130 |
1
1. lambda$new$0 : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(model.tooltipI18n, tooltip.get()); |
131 |
1
1. lambda$new$0 : removed call to javax/swing/JTextField::setToolTipText → NO_COVERAGE |
model.textfield.get().setToolTipText(I18nUtil.valueByKey(model.tooltipI18n)); |
132 | }); | |
133 | ||
134 | Arrays.asList(this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell, this.netshare.get()) | |
135 |
2
1. <init> : removed call to java/util/List::forEach → NO_COVERAGE 2. lambda$new$1 : removed call to javax/swing/JComponent::setVisible → NO_COVERAGE |
.forEach(component -> component.setVisible(false)); |
136 | ||
137 |
1
1. <init> : removed call to javax/swing/JComboBox::setRenderer → NO_COVERAGE |
this.comboBoxExploitTypes.setRenderer(new ComboBoxTypeRenderer()); |
138 |
1
1. <init> : removed call to javax/swing/JComboBox::addActionListener → NO_COVERAGE |
this.comboBoxExploitTypes.addActionListener(new SeparatorListener(this.comboBoxExploitTypes)); |
139 |
1
1. <init> : removed call to javax/swing/JComboBox::addItemListener → NO_COVERAGE |
this.comboBoxExploitTypes.addItemListener(this.getTypesItemListener()); |
140 |
1
1. <init> : removed call to javax/swing/JComboBox::addItemListener → NO_COVERAGE |
this.comboBoxExploitModes.addItemListener(this.getModesItemListener()); |
141 | ||
142 |
1
1. <init> : removed call to javax/swing/JComboBox::setRenderer → NO_COVERAGE |
this.comboBoxExploitModes.setRenderer(new ComboBoxMethodRenderer()); |
143 |
1
1. <init> : removed call to javax/swing/JComboBox::addActionListener → NO_COVERAGE |
this.comboBoxExploitModes.addActionListener(new SeparatorListener(this.comboBoxExploitModes)); |
144 | var labelUsing = new JLabel("via"); | |
145 |
1
1. <init> : removed call to javax/swing/JLabel::setBorder → NO_COVERAGE |
labelUsing.setBorder(BorderFactory.createEmptyBorder(5, 0, 5, 0)); |
146 |
1
1. <init> : removed call to javax/swing/GroupLayout::setHorizontalGroup → NO_COVERAGE |
groupLayout.setHorizontalGroup( |
147 | groupLayout | |
148 | .createParallelGroup() | |
149 | .addGroup( | |
150 | groupLayout | |
151 | .createSequentialGroup() | |
152 | .addComponent(this.comboBoxExploitTypes) | |
153 | .addComponent(labelUsing, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) | |
154 | .addComponent(this.comboBoxExploitModes, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) | |
155 | ) | |
156 | .addGroup( | |
157 | groupLayout.createParallelGroup() | |
158 | .addComponent(this.netshare.get()) | |
159 | .addComponent(this.username.get()) | |
160 | .addComponent(this.password.get()) | |
161 | ) | |
162 | ); | |
163 | ||
164 |
1
1. <init> : removed call to javax/swing/GroupLayout::setVerticalGroup → NO_COVERAGE |
groupLayout.setVerticalGroup( |
165 | groupLayout | |
166 | .createSequentialGroup() | |
167 | .addGroup( | |
168 | groupLayout | |
169 | .createParallelGroup(GroupLayout.Alignment.BASELINE) | |
170 | .addComponent(this.comboBoxExploitTypes) | |
171 | .addComponent(labelUsing) | |
172 | .addComponent(this.comboBoxExploitModes) | |
173 | ) | |
174 | .addGroup( | |
175 | groupLayout | |
176 | .createParallelGroup() | |
177 | .addComponent(this.netshare.get()) | |
178 | ) | |
179 | .addGroup( | |
180 | groupLayout | |
181 | .createParallelGroup() | |
182 | .addComponent(this.username.get()) | |
183 | ) | |
184 | .addGroup( | |
185 | groupLayout | |
186 | .createParallelGroup() | |
187 | .addComponent(this.password.get()) | |
188 | ) | |
189 | ); | |
190 | | |
191 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::add → NO_COVERAGE |
this.add(userPassPanel, BorderLayout.NORTH); |
192 | } | |
193 | ||
194 | private ItemListener getModesItemListener() { | |
195 |
1
1. getModesItemListener : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::getModesItemListener → NO_COVERAGE |
return itemEvent -> { |
196 |
2
1. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE 2. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE |
if (itemEvent.getStateChange() == ItemEvent.SELECTED && itemEvent.getItem() instanceof ExploitMode) { |
197 | ExploitMode selectedItem = (ExploitMode) itemEvent.getItem(); | |
198 |
1
1. lambda$getModesItemListener$2 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.netshare.get().setVisible(false); |
199 |
1
1. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE |
if (selectedItem.equals(ExploitMode.NETSHARE)) { |
200 |
1
1. lambda$getModesItemListener$2 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.netshare.get().setVisible(true); |
201 | } | |
202 |
1
1. lambda$getModesItemListener$2 : removed call to com/jsql/view/swing/manager/ManagerExploit::updateUI → NO_COVERAGE |
this.updateUI(); // required to adapt panel |
203 | } | |
204 | }; | |
205 | } | |
206 | ||
207 | private ItemListener getTypesItemListener() { | |
208 |
1
1. getTypesItemListener : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::getTypesItemListener → NO_COVERAGE |
return itemEvent -> { |
209 |
2
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE 2. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (itemEvent.getStateChange() != ItemEvent.SELECTED || itemEvent.getItem() == ComboBoxMethodRenderer.SEPARATOR) { |
210 | return; | |
211 | } | |
212 | Arrays.asList( | |
213 | this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell | |
214 |
2
1. lambda$getTypesItemListener$4 : removed call to java/util/List::forEach → NO_COVERAGE 2. lambda$getTypesItemListener$3 : removed call to javax/swing/JComponent::setVisible → NO_COVERAGE |
).forEach(component -> component.setVisible(false)); |
215 | ModelItemType selectedItem = (ModelItemType) itemEvent.getItem(); | |
216 |
1
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (!ManagerExploit.EXPLOIT_UDF.equals(selectedItem.getKeyLabel())) { |
217 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JScrollPane::setVisible → NO_COVERAGE |
this.scrollListPaths.setVisible(true); |
218 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.textfieldUrlShell.setVisible(true); |
219 |
1
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_SQL.equals(selectedItem.getKeyLabel())) { |
220 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.username.get().setVisible(true); |
221 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.password.get().setVisible(true); |
222 | } | |
223 | } | |
224 |
1
1. lambda$getTypesItemListener$4 : removed call to com/jsql/view/swing/manager/ManagerExploit::updateUI → NO_COVERAGE |
this.updateUI(); // required to adapt panel |
225 | }; | |
226 | } | |
227 | ||
228 | protected class ActionExploit implements ActionListener { | |
229 | private final JComboBox<Object> comboBoxExploitTypes; | |
230 | ||
231 | public ActionExploit(JComboBox<Object> comboBoxExploitTypes) { | |
232 | this.comboBoxExploitTypes = comboBoxExploitTypes; | |
233 | } | |
234 | ||
235 | @Override | |
236 | public void actionPerformed(ActionEvent evt) { | |
237 | var modelSelectItem = (ModelItemType) this.comboBoxExploitTypes.getSelectedItem(); | |
238 | var labelSelectItem = Objects.requireNonNull(modelSelectItem).getKeyLabel(); | |
239 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (!ManagerExploit.isValid(labelSelectItem)) { |
240 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Currently unsupported for [{}], contribute and share exploit method on GitHub to improve the app", MediatorHelper.model().getMediatorVendor().getVendor()); | |
241 | return; | |
242 | } | |
243 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UDF.equals(labelSelectItem)) { |
244 | new SwingWorker<>() { | |
245 | @Override | |
246 |
1
1. doInBackground : removed call to java/lang/Thread::setName → NO_COVERAGE |
protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploit"); |
247 |
1
1. doInBackground : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit::start → NO_COVERAGE |
ActionExploit.this.start(null, null, null); |
248 | return null; | |
249 | } | |
250 |
1
1. actionPerformed : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit$1::execute → NO_COVERAGE |
}.execute(); |
251 | return; | |
252 | } | |
253 | if ( | |
254 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
ManagerExploit.EXPLOIT_SQL.equals(labelSelectItem) |
255 |
2
1. actionPerformed : negated conditional → NO_COVERAGE 2. actionPerformed : negated conditional → NO_COVERAGE |
&& (ManagerExploit.this.password.get().getText().isEmpty() || ManagerExploit.this.username.get().getText().isEmpty()) |
256 | ) { | |
257 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing credentials (tips: search and read file containing hardcoded credentials)"); | |
258 | return; | |
259 | } | |
260 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (ManagerExploit.this.listPaths.getSelectedValuesList().isEmpty()) { |
261 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Select at least one directory in the list"); | |
262 | return; | |
263 | } | |
264 | ||
265 | String urlShell = this.validateAndNormalizeUrlShell(); | |
266 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (urlShell == null) { |
267 | return; | |
268 | } | |
269 | AtomicReference<File> fileToUpload = new AtomicReference<>(); | |
270 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (this.validateFileSelection(labelSelectItem, fileToUpload)) { |
271 | return; | |
272 | } | |
273 | ||
274 | new SwingWorker<>() { | |
275 | @Override | |
276 |
1
1. doInBackground : removed call to java/lang/Thread::setName → NO_COVERAGE |
protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploitNonUdf"); |
277 |
1
1. doInBackground : removed call to java/awt/Component::setVisible → NO_COVERAGE |
ManagerExploit.this.horizontalGlue.setVisible(false); |
278 |
1
1. doInBackground : removed call to javax/swing/JProgressBar::setVisible → NO_COVERAGE |
ManagerExploit.this.progressBar.setVisible(true); |
279 |
1
1. doInBackground : removed call to java/util/List::forEach → NO_COVERAGE |
ManagerExploit.this.listPaths.getSelectedValuesList().forEach(pathExploit -> { |
280 | LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, String.format("Checking path [%s]...", pathExploit)); | |
281 |
1
1. lambda$doInBackground$0 : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit::start → NO_COVERAGE |
ActionExploit.this.start(pathExploit.toString(), urlShell, fileToUpload.get()); |
282 | }); | |
283 |
1
1. doInBackground : removed call to com/jsql/view/swing/manager/ManagerExploit::endProcess → NO_COVERAGE |
ManagerExploit.this.endProcess(); |
284 | return null; | |
285 | } | |
286 |
1
1. actionPerformed : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit$2::execute → NO_COVERAGE |
}.execute(); |
287 | } | |
288 | ||
289 | private boolean validateFileSelection(String labelSelectItem, AtomicReference<File> fileToUpload) { | |
290 |
1
1. validateFileSelection : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UPLOAD.equals(labelSelectItem)) { |
291 |
1
1. validateFileSelection : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
fileToUpload.set(ManagerExploit.chooseFile()); |
292 |
1
1. validateFileSelection : negated conditional → NO_COVERAGE |
if (fileToUpload.get() == null) { |
293 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing file, please select a file"); | |
294 |
1
1. validateFileSelection : replaced boolean return with false for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateFileSelection → NO_COVERAGE |
return true; |
295 | } | |
296 | } | |
297 |
1
1. validateFileSelection : replaced boolean return with true for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateFileSelection → NO_COVERAGE |
return false; |
298 | } | |
299 | ||
300 | private String validateAndNormalizeUrlShell() { | |
301 | String urlShell = ManagerExploit.this.textfieldUrlShell.getText(); | |
302 |
2
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE 2. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (!urlShell.isEmpty() && !urlShell.matches("(?i)^https?://.*")) { |
303 |
1
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (!urlShell.matches("(?i)^\\w+://.*")) { |
304 | LOGGER.log(LogLevelUtil.CONSOLE_INFORM, "Undefined shell URL protocol, forcing to [https://]"); | |
305 | urlShell = "https://"+ urlShell; | |
306 | } else { | |
307 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unknown URL protocol"); | |
308 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return null; |
309 | } | |
310 | } | |
311 |
1
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (StringUtils.isNotEmpty(urlShell)) { |
312 | try { | |
313 | new URI(urlShell); | |
314 | } catch (URISyntaxException e) { | |
315 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, String.format("Incorrect URL: %s", e.getMessage())); | |
316 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return null; |
317 | } | |
318 | } | |
319 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return urlShell; |
320 | } | |
321 | ||
322 | private void start(String pathExploit, String urlShellFinal, File fileToUpload) { | |
323 | try { | |
324 |
1
1. start : removed call to com/jsql/view/swing/manager/ManagerExploit::createPayload → NO_COVERAGE |
ManagerExploit.this.createPayload(pathExploit, urlShellFinal, fileToUpload); |
325 | } catch (JSqlException | IllegalArgumentException e) { | |
326 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, String.format("Payload creation failure: %s", e.getMessage())); | |
327 | } | |
328 | } | |
329 | } | |
330 | ||
331 | private static boolean isValid(String labelSelectItem) { | |
332 |
1
1. isValid : replaced boolean return with true for com/jsql/view/swing/manager/ManagerExploit::isValid → NO_COVERAGE |
return |
333 |
1
1. isValid : negated conditional → NO_COVERAGE |
ManagerExploit.EXPLOIT_UDF.equals(labelSelectItem) && Arrays.asList( |
334 | MediatorHelper.model().getMediatorVendor().getSqlite(), | |
335 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
336 | MediatorHelper.model().getMediatorVendor().getPostgres(), | |
337 | MediatorHelper.model().getMediatorVendor().getH2() | |
338 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()) |
339 |
1
1. isValid : negated conditional → NO_COVERAGE |
|| Arrays.asList(ManagerExploit.EXPLOIT_WEB, ManagerExploit.EXPLOIT_UPLOAD).contains(labelSelectItem) && Arrays.asList( |
340 | MediatorHelper.model().getMediatorVendor().getDerby(), | |
341 | MediatorHelper.model().getMediatorVendor().getHsqldb(), | |
342 | MediatorHelper.model().getMediatorVendor().getH2(), | |
343 | MediatorHelper.model().getMediatorVendor().getSqlite(), | |
344 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
345 | MediatorHelper.model().getMediatorVendor().getPostgres() | |
346 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()) |
347 |
1
1. isValid : negated conditional → NO_COVERAGE |
|| Arrays.asList(ManagerExploit.EXPLOIT_SQL).contains(labelSelectItem) && Arrays.asList( |
348 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
349 | MediatorHelper.model().getMediatorVendor().getPostgres() | |
350 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()); |
351 | } | |
352 | ||
353 | private static File chooseFile() { | |
354 | var filechooser = new JFileChooser(MediatorHelper.model().getMediatorUtils().getPreferencesUtil().getPathFile()); | |
355 |
1
1. chooseFile : removed call to javax/swing/JFileChooser::setDialogTitle → NO_COVERAGE |
filechooser.setDialogTitle(I18nUtil.valueByKey("UPLOAD_DIALOG_TEXT")); |
356 | int returnVal = filechooser.showOpenDialog(MediatorHelper.frame()); | |
357 |
1
1. chooseFile : negated conditional → NO_COVERAGE |
if (returnVal == JFileChooser.APPROVE_OPTION) { |
358 |
1
1. chooseFile : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::chooseFile → NO_COVERAGE |
return filechooser.getSelectedFile(); |
359 | } | |
360 | return null; | |
361 | } | |
362 | ||
363 | protected void createPayload(String pathExploit, String urlShell, File fileToUpload) throws JSqlException { | |
364 | var exploitMethod = ExploitMode.forName( | |
365 | Objects.requireNonNull(this.comboBoxExploitModes.getSelectedItem()).toString() | |
366 | ).orElse(ExploitMode.AUTO); | |
367 | ||
368 |
2
1. createPayload : negated conditional → NO_COVERAGE 2. createPayload : negated conditional → NO_COVERAGE |
if (pathExploit != null && !pathExploit.endsWith("/")) { |
369 | pathExploit += "/"; | |
370 | } | |
371 | String pathNetshare = this.netshare.get().getText(); | |
372 |
2
1. createPayload : negated conditional → NO_COVERAGE 2. createPayload : negated conditional → NO_COVERAGE |
if (exploitMethod == ExploitMode.NETSHARE && !pathNetshare.endsWith("\\")) { |
373 | pathNetshare += "\\"; | |
374 | } | |
375 | ||
376 | var modelItemType = (ModelItemType) Objects.requireNonNull(this.comboBoxExploitTypes.getSelectedItem()); | |
377 | var keyLabel = modelItemType.getKeyLabel(); | |
378 | var vendor = MediatorHelper.model().getMediatorVendor().getVendor(); | |
379 | ||
380 |
1
1. createPayload : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UDF.equals(keyLabel)) { |
381 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleUdfExploit → NO_COVERAGE |
ManagerExploit.handleUdfExploit(vendor, pathNetshare, exploitMethod); |
382 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_WEB.equals(keyLabel)) { |
383 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleWebExploit → NO_COVERAGE |
ManagerExploit.handleWebExploit(pathExploit, urlShell, vendor, pathNetshare, exploitMethod); |
384 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_SQL.equals(keyLabel)) { |
385 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleSqlExploit → NO_COVERAGE |
this.handleSqlExploit(pathExploit, urlShell, vendor, pathNetshare, exploitMethod); |
386 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_UPLOAD.equals(keyLabel)) { |
387 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleUploadExploit → NO_COVERAGE |
ManagerExploit.handleUploadExploit(pathExploit, urlShell, fileToUpload, vendor, pathNetshare, exploitMethod); |
388 | } | |
389 | } | |
390 | ||
391 | private static void handleUdfExploit(Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
392 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
393 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitMysql::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitMysql().createUdf(pathNetshare, exploitMethod); |
394 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
395 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createUdf(null); |
396 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
397 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitSqlite::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitSqlite().createUdf(); |
398 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
399 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitH2::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitH2().createUdf(); |
400 | } | |
401 | } | |
402 | ||
403 | private static void handleWebExploit(String pathExploit, String urlShell, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
404 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
405 | MediatorHelper.model().getResourceAccess().getExploitMysql().createWeb(pathExploit, urlShell, pathNetshare, exploitMethod); | |
406 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
407 | MediatorHelper.model().getResourceAccess().getExploitPostgres().createWeb(pathExploit, urlShell); | |
408 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
409 | MediatorHelper.model().getResourceAccess().getExploitSqlite().createWeb(pathExploit, urlShell); | |
410 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getHsqldb()) { |
411 | MediatorHelper.model().getResourceAccess().getExploitHsqldb().createWeb(pathExploit, urlShell); | |
412 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
413 | MediatorHelper.model().getResourceAccess().getExploitH2().createWeb(pathExploit, urlShell); | |
414 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getDerby()) { |
415 | MediatorHelper.model().getResourceAccess().getExploitDerby().createWeb(pathExploit, urlShell); | |
416 | } | |
417 | } | |
418 | ||
419 | private void handleSqlExploit(String pathExploit, String urlShell, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
420 | String login = this.username.get().getText(); | |
421 | String pass = this.password.get().getText(); | |
422 |
1
1. handleSqlExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
423 | MediatorHelper.model().getResourceAccess().getExploitMysql().createSql(pathExploit, urlShell, pathNetshare, exploitMethod, login, pass); | |
424 |
1
1. handleSqlExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
425 | MediatorHelper.model().getResourceAccess().getExploitPostgres().createSql(pathExploit, urlShell, login, pass); | |
426 | } | |
427 | } | |
428 | ||
429 | private static void handleUploadExploit(String pathExploit, String urlShell, File fileToUpload, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
430 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
431 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitMysql::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitMysql().createUpload(pathExploit, urlShell, pathNetshare, exploitMethod, fileToUpload); |
432 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
433 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createUpload(pathExploit, urlShell, fileToUpload); |
434 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
435 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitSqlite::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitSqlite().createUpload(pathExploit, urlShell, fileToUpload); |
436 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getHsqldb()) { |
437 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitHsqldb::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitHsqldb().createUpload(pathExploit, urlShell, fileToUpload); |
438 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
439 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitH2::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitH2().createUpload(pathExploit, urlShell, fileToUpload); |
440 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getDerby()) { |
441 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitDerby::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitDerby().createUpload(pathExploit, urlShell, fileToUpload); |
442 | } | |
443 | } | |
444 | } | |
Mutations | ||
84 |
1.1 |
|
88 |
1.1 |
|
89 |
1.1 |
|
90 |
1.1 |
|
92 |
1.1 |
|
93 |
1.1 |
|
94 |
1.1 |
|
97 |
1.1 |
|
100 |
1.1 |
|
104 |
1.1 |
|
106 |
1.1 |
|
112 |
1.1 |
|
114 |
1.1 |
|
115 |
1.1 |
|
118 |
1.1 |
|
122 |
1.1 |
|
125 |
1.1 |
|
129 |
1.1 |
|
130 |
1.1 |
|
131 |
1.1 |
|
135 |
1.1 2.2 |
|
137 |
1.1 |
|
138 |
1.1 |
|
139 |
1.1 |
|
140 |
1.1 |
|
142 |
1.1 |
|
143 |
1.1 |
|
145 |
1.1 |
|
146 |
1.1 |
|
164 |
1.1 |
|
191 |
1.1 |
|
195 |
1.1 |
|
196 |
1.1 2.2 |
|
198 |
1.1 |
|
199 |
1.1 |
|
200 |
1.1 |
|
202 |
1.1 |
|
208 |
1.1 |
|
209 |
1.1 2.2 |
|
214 |
1.1 2.2 |
|
216 |
1.1 |
|
217 |
1.1 |
|
218 |
1.1 |
|
219 |
1.1 |
|
220 |
1.1 |
|
221 |
1.1 |
|
224 |
1.1 |
|
239 |
1.1 |
|
243 |
1.1 |
|
246 |
1.1 |
|
247 |
1.1 |
|
250 |
1.1 |
|
254 |
1.1 |
|
255 |
1.1 2.2 |
|
260 |
1.1 |
|
266 |
1.1 |
|
270 |
1.1 |
|
276 |
1.1 |
|
277 |
1.1 |
|
278 |
1.1 |
|
279 |
1.1 |
|
281 |
1.1 |
|
283 |
1.1 |
|
286 |
1.1 |
|
290 |
1.1 |
|
291 |
1.1 |
|
292 |
1.1 |
|
294 |
1.1 |
|
297 |
1.1 |
|
302 |
1.1 2.2 |
|
303 |
1.1 |
|
308 |
1.1 |
|
311 |
1.1 |
|
316 |
1.1 |
|
319 |
1.1 |
|
324 |
1.1 |
|
332 |
1.1 |
|
333 |
1.1 |
|
338 |
1.1 |
|
339 |
1.1 |
|
346 |
1.1 |
|
347 |
1.1 |
|
350 |
1.1 |
|
355 |
1.1 |
|
357 |
1.1 |
|
358 |
1.1 |
|
368 |
1.1 2.2 |
|
372 |
1.1 2.2 |
|
380 |
1.1 |
|
381 |
1.1 |
|
382 |
1.1 |
|
383 |
1.1 |
|
384 |
1.1 |
|
385 |
1.1 |
|
386 |
1.1 |
|
387 |
1.1 |
|
392 |
1.1 |
|
393 |
1.1 |
|
394 |
1.1 |
|
395 |
1.1 |
|
396 |
1.1 |
|
397 |
1.1 |
|
398 |
1.1 |
|
399 |
1.1 |
|
404 |
1.1 |
|
406 |
1.1 |
|
408 |
1.1 |
|
410 |
1.1 |
|
412 |
1.1 |
|
414 |
1.1 |
|
422 |
1.1 |
|
424 |
1.1 |
|
430 |
1.1 |
|
431 |
1.1 |
|
432 |
1.1 |
|
433 |
1.1 |
|
434 |
1.1 |
|
435 |
1.1 |
|
436 |
1.1 |
|
437 |
1.1 |
|
438 |
1.1 |
|
439 |
1.1 |
|
440 |
1.1 |
|
441 |
1.1 |