| 1 | /******************************************************************************* | |
| 2 | * Copyhacked (H) 2012-2025. | |
| 3 | * This program and the accompanying materials | |
| 4 | * are made available under no term at all, use it like | |
| 5 | * you want, but share and discuss it | |
| 6 | * every time possible with every body. | |
| 7 | * | |
| 8 | * Contributors: | |
| 9 | * ron190 at ymail dot com - initial implementation | |
| 10 | ******************************************************************************/ | |
| 11 | package com.jsql.view.swing.manager; | |
| 12 | ||
| 13 | import com.jsql.model.accessible.ExploitMode; | |
| 14 | import com.jsql.model.exception.JSqlException; | |
| 15 | import com.jsql.model.injection.vendor.model.Vendor; | |
| 16 | import com.jsql.util.I18nUtil; | |
| 17 | import com.jsql.util.LogLevelUtil; | |
| 18 | import com.jsql.view.swing.manager.util.*; | |
| 19 | import com.jsql.view.swing.text.JPasswordFieldPlaceholder; | |
| 20 | import com.jsql.view.swing.text.JPopupTextField; | |
| 21 | import com.jsql.view.swing.text.JTextFieldPlaceholder; | |
| 22 | import com.jsql.view.swing.text.JToolTipI18n; | |
| 23 | import com.jsql.view.swing.util.I18nViewUtil; | |
| 24 | import com.jsql.view.swing.util.MediatorHelper; | |
| 25 | import org.apache.commons.lang3.StringUtils; | |
| 26 | import org.apache.logging.log4j.LogManager; | |
| 27 | import org.apache.logging.log4j.Logger; | |
| 28 | ||
| 29 | import javax.swing.*; | |
| 30 | import java.awt.*; | |
| 31 | import java.awt.event.ActionEvent; | |
| 32 | import java.awt.event.ActionListener; | |
| 33 | import java.awt.event.ItemEvent; | |
| 34 | import java.awt.event.ItemListener; | |
| 35 | import java.io.File; | |
| 36 | import java.net.URI; | |
| 37 | import java.net.URISyntaxException; | |
| 38 | import java.util.Arrays; | |
| 39 | import java.util.Objects; | |
| 40 | import java.util.concurrent.atomic.AtomicReference; | |
| 41 | ||
| 42 | /** | |
| 43 | * Manager for uploading PHP SQL shell to the host and send queries. | |
| 44 | */ | |
| 45 | public class ManagerExploit extends AbstractManagerList { | |
| 46 | ||
| 47 | /** | |
| 48 | * Log4j logger sent to view. | |
| 49 | */ | |
| 50 | private static final Logger LOGGER = LogManager.getRootLogger(); | |
| 51 | public static final String SHELL_URL_TOOLTIP = "SHELL_URL_TOOLTIP"; | |
| 52 | ||
| 53 | private final AtomicReference<JTextField> username = new AtomicReference<>(); | |
| 54 | private final AtomicReference<JTextField> password = new AtomicReference<>(); | |
| 55 | private final AtomicReference<JTextField> netshare = new AtomicReference<>(); | |
| 56 | protected final JTextField textfieldUrlShell; | |
| 57 | ||
| 58 | public static final String EXPLOIT_UDF = "EXPLOIT_UDF"; | |
| 59 | public static final String EXPLOIT_WEB = "EXPLOIT_WEB"; | |
| 60 | public static final String EXPLOIT_SQL = "EXPLOIT_SQL"; | |
| 61 | public static final String EXPLOIT_UPLOAD = "EXPLOIT_UPLOAD"; | |
| 62 | ||
| 63 | private final JComboBox<Object> comboBoxExploitTypes = new JComboBox<>(new Object[]{ | |
| 64 | new ModelItemType(ManagerExploit.EXPLOIT_UDF, "EXPLOIT_UDF_TOOLTIP"), | |
| 65 | ComboBoxMethodRenderer.SEPARATOR, | |
| 66 | new ModelItemType(ManagerExploit.EXPLOIT_WEB, "EXPLOIT_WEB_TOOLTIP"), | |
| 67 | new ModelItemType(ManagerExploit.EXPLOIT_SQL, "EXPLOIT_SQL_TOOLTIP"), | |
| 68 | new ModelItemType(ManagerExploit.EXPLOIT_UPLOAD, "EXPLOIT_UPLOAD_TOOLTIP"), | |
| 69 | }); | |
| 70 | ||
| 71 | private final JComboBox<Object> comboBoxExploitModes = new JComboBox<>(new Object[]{ | |
| 72 | ExploitMode.AUTO, | |
| 73 | ComboBoxMethodRenderer.SEPARATOR, | |
| 74 | ExploitMode.QUERY_BODY, | |
| 75 | ExploitMode.TEMP_TABLE, | |
| 76 | ComboBoxMethodRenderer.SEPARATOR, | |
| 77 | ExploitMode.NETSHARE | |
| 78 | }); | |
| 79 | ||
| 80 | public ManagerExploit() { | |
| 81 | super("swing/list/payload.txt"); | |
| 82 | ||
| 83 | var tooltipShellUrl = new AtomicReference<>(new JToolTipI18n(I18nUtil.valueByKey(ManagerExploit.SHELL_URL_TOOLTIP))); | |
| 84 | var placeholderResult = new JTextFieldPlaceholder(I18nUtil.valueByKey("SHELL_URL_LABEL")) { | |
| 85 | @Override | |
| 86 | public JToolTip createToolTip() { | |
| 87 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$1::createToolTip → NO_COVERAGE |
return tooltipShellUrl.get(); |
| 88 | } | |
| 89 | }; | |
| 90 | this.textfieldUrlShell = new JPopupTextField(placeholderResult).getProxy(); | |
| 91 |
1
1. <init> : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey("SHELL_URL_LABEL", this.textfieldUrlShell); |
| 92 |
1
1. <init> : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(ManagerExploit.SHELL_URL_TOOLTIP, tooltipShellUrl.get()); |
| 93 |
1
1. <init> : removed call to javax/swing/JTextField::setToolTipText → NO_COVERAGE |
this.textfieldUrlShell.setToolTipText(I18nUtil.valueByKey(ManagerExploit.SHELL_URL_TOOLTIP)); |
| 94 | ||
| 95 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::buildRunButton → NO_COVERAGE |
this.buildRunButton("SHELL_RUN_BUTTON_LABEL", "SHELL_RUN_BUTTON_TOOLTIP"); |
| 96 |
1
1. <init> : removed call to com/jsql/view/swing/manager/util/JButtonStateful::setEnabled → NO_COVERAGE |
this.run.setEnabled(false); |
| 97 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::buildPrivilege → NO_COVERAGE |
this.buildPrivilege(); |
| 98 | ||
| 99 | var southPanel = new JPanel(); | |
| 100 |
1
1. <init> : removed call to javax/swing/JPanel::setLayout → NO_COVERAGE |
southPanel.setLayout(new BoxLayout(southPanel, BoxLayout.Y_AXIS)); |
| 101 | southPanel.add(this.textfieldUrlShell); | |
| 102 | southPanel.add(this.lastLine); | |
| 103 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::add → NO_COVERAGE |
this.add(southPanel, BorderLayout.SOUTH); |
| 104 | ||
| 105 | var userPassPanel = new JPanel(); | |
| 106 | var groupLayout = new GroupLayout(userPassPanel); | |
| 107 |
1
1. <init> : removed call to javax/swing/JPanel::setLayout → NO_COVERAGE |
userPassPanel.setLayout(groupLayout); |
| 108 | ||
| 109 |
1
1. <init> : removed call to com/jsql/view/swing/manager/util/JButtonStateful::addActionListener → NO_COVERAGE |
this.run.addActionListener(new ActionExploit(this.comboBoxExploitTypes)); |
| 110 | ||
| 111 | Arrays.asList( | |
| 112 | new ModelExploit(this.netshare, "EXPLOIT_NETSHARE_LABEL", "EXPLOIT_NETSHARE_TOOLTIP"), | |
| 113 | new ModelExploit(this.username, "SQL_SHELL_USERNAME_LABEL", "SQL_SHELL_USERNAME_TOOLTIP"), | |
| 114 | new ModelExploit(this.password, "SQL_SHELL_PASSWORD_LABEL", "SQL_SHELL_PASSWORD_TOOLTIP", true) | |
| 115 |
1
1. <init> : removed call to java/util/List::forEach → NO_COVERAGE |
).forEach(model -> { |
| 116 | var tooltip = new AtomicReference<>(new JToolTipI18n(I18nUtil.valueByKey(model.tooltipI18n))); | |
| 117 |
1
1. lambda$new$0 : negated conditional → NO_COVERAGE |
if (model.isPassword) { |
| 118 |
1
1. lambda$new$0 : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
model.textfield.set(new JPopupTextField(new JPasswordFieldPlaceholder(I18nUtil.valueByKey(model.labelI18n)) { |
| 119 | @Override | |
| 120 | public JToolTip createToolTip() { | |
| 121 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$2::createToolTip → NO_COVERAGE |
return tooltip.get(); |
| 122 | } | |
| 123 | }).getProxy()); | |
| 124 | } else { | |
| 125 |
1
1. lambda$new$0 : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
model.textfield.set(new JPopupTextField(new JTextFieldPlaceholder(I18nUtil.valueByKey(model.labelI18n)) { |
| 126 | @Override | |
| 127 | public JToolTip createToolTip() { | |
| 128 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$3::createToolTip → NO_COVERAGE |
return tooltip.get(); |
| 129 | } | |
| 130 | }).getProxy()); | |
| 131 | } | |
| 132 |
1
1. lambda$new$0 : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(model.labelI18n, model.textfield.get()); |
| 133 |
1
1. lambda$new$0 : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(model.tooltipI18n, tooltip.get()); |
| 134 |
1
1. lambda$new$0 : removed call to javax/swing/JTextField::setToolTipText → NO_COVERAGE |
model.textfield.get().setToolTipText(I18nUtil.valueByKey(model.tooltipI18n)); |
| 135 | }); | |
| 136 | ||
| 137 | Arrays.asList(this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell, this.netshare.get()) | |
| 138 |
2
1. <init> : removed call to java/util/List::forEach → NO_COVERAGE 2. lambda$new$1 : removed call to javax/swing/JComponent::setVisible → NO_COVERAGE |
.forEach(component -> component.setVisible(false)); |
| 139 | ||
| 140 |
1
1. <init> : removed call to javax/swing/JComboBox::setRenderer → NO_COVERAGE |
this.comboBoxExploitTypes.setRenderer(new ComboBoxTypeRenderer()); |
| 141 |
1
1. <init> : removed call to javax/swing/JComboBox::addActionListener → NO_COVERAGE |
this.comboBoxExploitTypes.addActionListener(new SeparatorListener(this.comboBoxExploitTypes)); |
| 142 |
1
1. <init> : removed call to javax/swing/JComboBox::addItemListener → NO_COVERAGE |
this.comboBoxExploitTypes.addItemListener(this.getTypesItemListener()); |
| 143 |
1
1. <init> : removed call to javax/swing/JComboBox::addItemListener → NO_COVERAGE |
this.comboBoxExploitModes.addItemListener(this.getModesItemListener()); |
| 144 | ||
| 145 |
1
1. <init> : removed call to javax/swing/JComboBox::setRenderer → NO_COVERAGE |
this.comboBoxExploitModes.setRenderer(new ComboBoxMethodRenderer()); |
| 146 |
1
1. <init> : removed call to javax/swing/JComboBox::addActionListener → NO_COVERAGE |
this.comboBoxExploitModes.addActionListener(new SeparatorListener(this.comboBoxExploitModes)); |
| 147 | var labelUsing = new JLabel("via"); | |
| 148 |
1
1. <init> : removed call to javax/swing/JLabel::setBorder → NO_COVERAGE |
labelUsing.setBorder(BorderFactory.createEmptyBorder(5, 0, 5, 0)); |
| 149 |
1
1. <init> : removed call to javax/swing/GroupLayout::setHorizontalGroup → NO_COVERAGE |
groupLayout.setHorizontalGroup( |
| 150 | groupLayout | |
| 151 | .createParallelGroup() | |
| 152 | .addGroup( | |
| 153 | groupLayout | |
| 154 | .createSequentialGroup() | |
| 155 | .addComponent(this.comboBoxExploitTypes) | |
| 156 | .addComponent(labelUsing, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) | |
| 157 | .addComponent(this.comboBoxExploitModes, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) | |
| 158 | ) | |
| 159 | .addGroup( | |
| 160 | groupLayout.createParallelGroup() | |
| 161 | .addComponent(this.netshare.get()) | |
| 162 | .addComponent(this.username.get()) | |
| 163 | .addComponent(this.password.get()) | |
| 164 | ) | |
| 165 | ); | |
| 166 | ||
| 167 |
1
1. <init> : removed call to javax/swing/GroupLayout::setVerticalGroup → NO_COVERAGE |
groupLayout.setVerticalGroup( |
| 168 | groupLayout | |
| 169 | .createSequentialGroup() | |
| 170 | .addGroup( | |
| 171 | groupLayout | |
| 172 | .createParallelGroup(GroupLayout.Alignment.BASELINE) | |
| 173 | .addComponent(this.comboBoxExploitTypes) | |
| 174 | .addComponent(labelUsing) | |
| 175 | .addComponent(this.comboBoxExploitModes) | |
| 176 | ) | |
| 177 | .addGroup( | |
| 178 | groupLayout | |
| 179 | .createParallelGroup() | |
| 180 | .addComponent(this.netshare.get()) | |
| 181 | ) | |
| 182 | .addGroup( | |
| 183 | groupLayout | |
| 184 | .createParallelGroup() | |
| 185 | .addComponent(this.username.get()) | |
| 186 | ) | |
| 187 | .addGroup( | |
| 188 | groupLayout | |
| 189 | .createParallelGroup() | |
| 190 | .addComponent(this.password.get()) | |
| 191 | ) | |
| 192 | ); | |
| 193 | | |
| 194 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::add → NO_COVERAGE |
this.add(userPassPanel, BorderLayout.NORTH); |
| 195 | } | |
| 196 | ||
| 197 | private ItemListener getModesItemListener() { | |
| 198 |
1
1. getModesItemListener : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::getModesItemListener → NO_COVERAGE |
return itemEvent -> { |
| 199 |
2
1. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE 2. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE |
if (itemEvent.getStateChange() == ItemEvent.SELECTED && itemEvent.getItem() instanceof ExploitMode) { |
| 200 | ExploitMode selectedItem = (ExploitMode) itemEvent.getItem(); | |
| 201 |
1
1. lambda$getModesItemListener$2 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.netshare.get().setVisible(false); |
| 202 |
1
1. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE |
if (selectedItem.equals(ExploitMode.NETSHARE)) { |
| 203 |
1
1. lambda$getModesItemListener$2 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.netshare.get().setVisible(true); |
| 204 | } | |
| 205 |
1
1. lambda$getModesItemListener$2 : removed call to com/jsql/view/swing/manager/ManagerExploit::updateUI → NO_COVERAGE |
this.updateUI(); // required to adapt panel |
| 206 | } | |
| 207 | }; | |
| 208 | } | |
| 209 | ||
| 210 | private ItemListener getTypesItemListener() { | |
| 211 |
1
1. getTypesItemListener : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::getTypesItemListener → NO_COVERAGE |
return itemEvent -> { |
| 212 |
2
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE 2. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (itemEvent.getStateChange() != ItemEvent.SELECTED || itemEvent.getItem() == ComboBoxMethodRenderer.SEPARATOR) { |
| 213 | return; | |
| 214 | } | |
| 215 | Arrays.asList( | |
| 216 | this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell | |
| 217 |
2
1. lambda$getTypesItemListener$4 : removed call to java/util/List::forEach → NO_COVERAGE 2. lambda$getTypesItemListener$3 : removed call to javax/swing/JComponent::setVisible → NO_COVERAGE |
).forEach(component -> component.setVisible(false)); |
| 218 | ModelItemType selectedItem = (ModelItemType) itemEvent.getItem(); | |
| 219 |
1
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (!ManagerExploit.EXPLOIT_UDF.equals(selectedItem.getKeyLabel())) { |
| 220 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JScrollPane::setVisible → NO_COVERAGE |
this.scrollListPaths.setVisible(true); |
| 221 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.textfieldUrlShell.setVisible(true); |
| 222 |
1
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_SQL.equals(selectedItem.getKeyLabel())) { |
| 223 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.username.get().setVisible(true); |
| 224 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.password.get().setVisible(true); |
| 225 | } | |
| 226 | } | |
| 227 |
1
1. lambda$getTypesItemListener$4 : removed call to com/jsql/view/swing/manager/ManagerExploit::updateUI → NO_COVERAGE |
this.updateUI(); // required to adapt panel |
| 228 | }; | |
| 229 | } | |
| 230 | ||
| 231 | protected class ActionExploit implements ActionListener { | |
| 232 | private final JComboBox<Object> comboBoxExploitTypes; | |
| 233 | ||
| 234 | public ActionExploit(JComboBox<Object> comboBoxExploitTypes) { | |
| 235 | this.comboBoxExploitTypes = comboBoxExploitTypes; | |
| 236 | } | |
| 237 | ||
| 238 | @Override | |
| 239 | public void actionPerformed(ActionEvent evt) { | |
| 240 | var modelSelectItem = (ModelItemType) this.comboBoxExploitTypes.getSelectedItem(); | |
| 241 | var labelSelectItem = Objects.requireNonNull(modelSelectItem).getKeyLabel(); | |
| 242 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (!ManagerExploit.isValid(labelSelectItem)) { |
| 243 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Currently unsupported for [{}], contribute and share exploit method on GitHub to improve the app", MediatorHelper.model().getMediatorVendor().getVendor()); | |
| 244 | return; | |
| 245 | } | |
| 246 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UDF.equals(labelSelectItem)) { |
| 247 | new SwingWorker<>() { | |
| 248 | @Override | |
| 249 |
1
1. doInBackground : removed call to java/lang/Thread::setName → NO_COVERAGE |
protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploit"); |
| 250 |
1
1. doInBackground : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit::start → NO_COVERAGE |
ActionExploit.this.start(null, null, null); |
| 251 | return null; | |
| 252 | } | |
| 253 | }.doInBackground(); | |
| 254 | return; | |
| 255 | } | |
| 256 | if ( | |
| 257 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
ManagerExploit.EXPLOIT_SQL.equals(labelSelectItem) |
| 258 |
2
1. actionPerformed : negated conditional → NO_COVERAGE 2. actionPerformed : negated conditional → NO_COVERAGE |
&& (ManagerExploit.this.password.get().getText().isEmpty() || ManagerExploit.this.username.get().getText().isEmpty()) |
| 259 | ) { | |
| 260 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing credentials (tips: search and read file containing hardcoded credentials)"); | |
| 261 | return; | |
| 262 | } | |
| 263 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (ManagerExploit.this.listPaths.getSelectedValuesList().isEmpty()) { |
| 264 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Select at least one directory in the list"); | |
| 265 | return; | |
| 266 | } | |
| 267 | ||
| 268 | String urlShell = this.validateAndNormalizeUrlShell(); | |
| 269 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (urlShell == null) { |
| 270 | return; | |
| 271 | } | |
| 272 | AtomicReference<File> fileToUpload = new AtomicReference<>(); | |
| 273 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (this.validateFileSelection(labelSelectItem, fileToUpload)) { |
| 274 | return; | |
| 275 | } | |
| 276 | ||
| 277 | new SwingWorker<>() { | |
| 278 | @Override | |
| 279 |
1
1. doInBackground : removed call to java/lang/Thread::setName → NO_COVERAGE |
protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploitNonUdf"); |
| 280 |
1
1. doInBackground : removed call to java/awt/Component::setVisible → NO_COVERAGE |
ManagerExploit.this.horizontalGlue.setVisible(false); |
| 281 |
1
1. doInBackground : removed call to javax/swing/JProgressBar::setVisible → NO_COVERAGE |
ManagerExploit.this.progressBar.setVisible(true); |
| 282 |
1
1. doInBackground : removed call to java/util/List::forEach → NO_COVERAGE |
ManagerExploit.this.listPaths.getSelectedValuesList().forEach(pathExploit -> { |
| 283 | LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, String.format("Checking path [%s]...", pathExploit)); | |
| 284 |
1
1. lambda$doInBackground$0 : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit::start → NO_COVERAGE |
ActionExploit.this.start(pathExploit.toString(), urlShell, fileToUpload.get()); |
| 285 | }); | |
| 286 |
1
1. doInBackground : removed call to com/jsql/view/swing/manager/ManagerExploit::endProcess → NO_COVERAGE |
ManagerExploit.this.endProcess(); |
| 287 | return null; | |
| 288 | } | |
| 289 | }.doInBackground(); | |
| 290 | } | |
| 291 | ||
| 292 | private boolean validateFileSelection(String labelSelectItem, AtomicReference<File> fileToUpload) { | |
| 293 |
1
1. validateFileSelection : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UPLOAD.equals(labelSelectItem)) { |
| 294 |
1
1. validateFileSelection : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
fileToUpload.set(ManagerExploit.chooseFile()); |
| 295 |
1
1. validateFileSelection : negated conditional → NO_COVERAGE |
if (fileToUpload.get() == null) { |
| 296 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing file, please select a file"); | |
| 297 |
1
1. validateFileSelection : replaced boolean return with false for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateFileSelection → NO_COVERAGE |
return true; |
| 298 | } | |
| 299 | } | |
| 300 |
1
1. validateFileSelection : replaced boolean return with true for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateFileSelection → NO_COVERAGE |
return false; |
| 301 | } | |
| 302 | ||
| 303 | private String validateAndNormalizeUrlShell() { | |
| 304 | String urlShell = ManagerExploit.this.textfieldUrlShell.getText(); | |
| 305 |
2
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE 2. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (!urlShell.isEmpty() && !urlShell.matches("(?i)^https?://.*")) { |
| 306 |
1
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (!urlShell.matches("(?i)^\\w+://.*")) { |
| 307 | LOGGER.log(LogLevelUtil.CONSOLE_INFORM, "Undefined shell URL protocol, forcing to [https://]"); | |
| 308 | urlShell = "https://"+ urlShell; | |
| 309 | } else { | |
| 310 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unknown URL protocol"); | |
| 311 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return null; |
| 312 | } | |
| 313 | } | |
| 314 |
1
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (StringUtils.isNotEmpty(urlShell)) { |
| 315 | try { | |
| 316 | new URI(urlShell); | |
| 317 | } catch (URISyntaxException e) { | |
| 318 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, String.format("Incorrect URL: %s", e.getMessage())); | |
| 319 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return null; |
| 320 | } | |
| 321 | } | |
| 322 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return urlShell; |
| 323 | } | |
| 324 | ||
| 325 | private void start(String pathExploit, String urlShellFinal, File fileToUpload) { | |
| 326 | try { | |
| 327 |
1
1. start : removed call to com/jsql/view/swing/manager/ManagerExploit::createPayload → NO_COVERAGE |
ManagerExploit.this.createPayload(pathExploit, urlShellFinal, fileToUpload); |
| 328 | } catch (JSqlException e) { | |
| 329 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, String.format("Payload creation failure: %s", e.getMessage())); | |
| 330 | } | |
| 331 | } | |
| 332 | } | |
| 333 | ||
| 334 | private static boolean isValid(String labelSelectItem) { | |
| 335 |
1
1. isValid : replaced boolean return with true for com/jsql/view/swing/manager/ManagerExploit::isValid → NO_COVERAGE |
return |
| 336 |
1
1. isValid : negated conditional → NO_COVERAGE |
ManagerExploit.EXPLOIT_UDF.equals(labelSelectItem) && Arrays.asList( |
| 337 | MediatorHelper.model().getMediatorVendor().getSqlite(), | |
| 338 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
| 339 | MediatorHelper.model().getMediatorVendor().getPostgres(), | |
| 340 | MediatorHelper.model().getMediatorVendor().getH2() | |
| 341 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()) |
| 342 |
1
1. isValid : negated conditional → NO_COVERAGE |
|| Arrays.asList(ManagerExploit.EXPLOIT_WEB, ManagerExploit.EXPLOIT_UPLOAD).contains(labelSelectItem) && Arrays.asList( |
| 343 | MediatorHelper.model().getMediatorVendor().getDerby(), | |
| 344 | MediatorHelper.model().getMediatorVendor().getHsqldb(), | |
| 345 | MediatorHelper.model().getMediatorVendor().getH2(), | |
| 346 | MediatorHelper.model().getMediatorVendor().getSqlite(), | |
| 347 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
| 348 | MediatorHelper.model().getMediatorVendor().getPostgres() | |
| 349 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()) |
| 350 |
1
1. isValid : negated conditional → NO_COVERAGE |
|| Arrays.asList(ManagerExploit.EXPLOIT_SQL).contains(labelSelectItem) && Arrays.asList( |
| 351 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
| 352 | MediatorHelper.model().getMediatorVendor().getPostgres() | |
| 353 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()); |
| 354 | } | |
| 355 | ||
| 356 | private static File chooseFile() { | |
| 357 | var filechooser = new JFileChooser(MediatorHelper.model().getMediatorUtils().getPreferencesUtil().getPathFile()); | |
| 358 |
1
1. chooseFile : removed call to javax/swing/JFileChooser::setDialogTitle → NO_COVERAGE |
filechooser.setDialogTitle(I18nUtil.valueByKey("UPLOAD_DIALOG_TEXT")); |
| 359 | int returnVal = filechooser.showOpenDialog(MediatorHelper.frame()); | |
| 360 |
1
1. chooseFile : negated conditional → NO_COVERAGE |
if (returnVal == JFileChooser.APPROVE_OPTION) { |
| 361 |
1
1. chooseFile : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::chooseFile → NO_COVERAGE |
return filechooser.getSelectedFile(); |
| 362 | } | |
| 363 | return null; | |
| 364 | } | |
| 365 | ||
| 366 | protected void createPayload(String pathExploit, String urlShell, File fileToUpload) throws JSqlException { | |
| 367 | var exploitMethod = ExploitMode.forName( | |
| 368 | Objects.requireNonNull(this.comboBoxExploitModes.getSelectedItem()).toString() | |
| 369 | ).orElse(ExploitMode.AUTO); | |
| 370 | ||
| 371 |
2
1. createPayload : negated conditional → NO_COVERAGE 2. createPayload : negated conditional → NO_COVERAGE |
if (pathExploit != null && !pathExploit.endsWith("/")) { |
| 372 | pathExploit += "/"; | |
| 373 | } | |
| 374 | String pathNetshare = this.netshare.get().getText(); | |
| 375 |
2
1. createPayload : negated conditional → NO_COVERAGE 2. createPayload : negated conditional → NO_COVERAGE |
if (exploitMethod == ExploitMode.NETSHARE && !pathNetshare.endsWith("\\")) { |
| 376 | pathNetshare += "\\"; | |
| 377 | } | |
| 378 | ||
| 379 | var modelItemType = (ModelItemType) Objects.requireNonNull(this.comboBoxExploitTypes.getSelectedItem()); | |
| 380 | var keyLabel = modelItemType.getKeyLabel(); | |
| 381 | var vendor = MediatorHelper.model().getMediatorVendor().getVendor(); | |
| 382 | ||
| 383 |
1
1. createPayload : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UDF.equals(keyLabel)) { |
| 384 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleUdfExploit → NO_COVERAGE |
ManagerExploit.handleUdfExploit(vendor, pathNetshare, exploitMethod); |
| 385 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_WEB.equals(keyLabel)) { |
| 386 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleWebExploit → NO_COVERAGE |
ManagerExploit.handleWebExploit(pathExploit, urlShell, vendor, pathNetshare, exploitMethod); |
| 387 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_SQL.equals(keyLabel)) { |
| 388 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleSqlExploit → NO_COVERAGE |
this.handleSqlExploit(pathExploit, urlShell, vendor, pathNetshare, exploitMethod); |
| 389 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_UPLOAD.equals(keyLabel)) { |
| 390 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleUploadExploit → NO_COVERAGE |
ManagerExploit.handleUploadExploit(pathExploit, urlShell, fileToUpload, vendor, pathNetshare, exploitMethod); |
| 391 | } | |
| 392 | } | |
| 393 | ||
| 394 | private static void handleUdfExploit(Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 395 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 396 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitMysql::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitMysql().createUdf(pathNetshare, exploitMethod); |
| 397 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 398 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createUdf(null); |
| 399 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
| 400 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitSqlite::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitSqlite().createUdf(); |
| 401 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
| 402 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitH2::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitH2().createUdf(); |
| 403 | } | |
| 404 | } | |
| 405 | ||
| 406 | private static void handleWebExploit(String pathExploit, String urlShell, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 407 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 408 | MediatorHelper.model().getResourceAccess().getExploitMysql().createWeb(pathExploit, urlShell, pathNetshare, exploitMethod); | |
| 409 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 410 |
1
1. handleWebExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createWeb → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createWeb(pathExploit, urlShell); |
| 411 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
| 412 | MediatorHelper.model().getResourceAccess().getExploitSqlite().createWeb(pathExploit, urlShell); | |
| 413 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getHsqldb()) { |
| 414 | MediatorHelper.model().getResourceAccess().getExploitHsqldb().createWeb(pathExploit, urlShell); | |
| 415 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
| 416 | MediatorHelper.model().getResourceAccess().getExploitH2().createWeb(pathExploit, urlShell); | |
| 417 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getDerby()) { |
| 418 | MediatorHelper.model().getResourceAccess().getExploitDerby().createWeb(pathExploit, urlShell); | |
| 419 | } | |
| 420 | } | |
| 421 | ||
| 422 | private void handleSqlExploit(String pathExploit, String urlShell, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 423 | String login = this.username.get().getText(); | |
| 424 | String pass = this.password.get().getText(); | |
| 425 |
1
1. handleSqlExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 426 | MediatorHelper.model().getResourceAccess().getExploitMysql().createSql(pathExploit, urlShell, pathNetshare, exploitMethod, login, pass); | |
| 427 |
1
1. handleSqlExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 428 | MediatorHelper.model().getResourceAccess().getExploitPostgres().createSql(pathExploit, urlShell, login, pass); | |
| 429 | } | |
| 430 | } | |
| 431 | ||
| 432 | private static void handleUploadExploit(String pathExploit, String urlShell, File fileToUpload, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 433 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 434 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitMysql::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitMysql().createUpload(pathExploit, urlShell, pathNetshare, exploitMethod, fileToUpload); |
| 435 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 436 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createUpload(pathExploit, urlShell, fileToUpload); |
| 437 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
| 438 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitSqlite::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitSqlite().createUpload(pathExploit, urlShell, fileToUpload); |
| 439 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getHsqldb()) { |
| 440 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitHsqldb::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitHsqldb().createUpload(pathExploit, urlShell, fileToUpload); |
| 441 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
| 442 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitH2::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitH2().createUpload(pathExploit, urlShell, fileToUpload); |
| 443 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getDerby()) { |
| 444 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitDerby::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitDerby().createUpload(pathExploit, urlShell, fileToUpload); |
| 445 | } | |
| 446 | } | |
| 447 | } | |
Mutations | ||
| 87 |
1.1 |
|
| 91 |
1.1 |
|
| 92 |
1.1 |
|
| 93 |
1.1 |
|
| 95 |
1.1 |
|
| 96 |
1.1 |
|
| 97 |
1.1 |
|
| 100 |
1.1 |
|
| 103 |
1.1 |
|
| 107 |
1.1 |
|
| 109 |
1.1 |
|
| 115 |
1.1 |
|
| 117 |
1.1 |
|
| 118 |
1.1 |
|
| 121 |
1.1 |
|
| 125 |
1.1 |
|
| 128 |
1.1 |
|
| 132 |
1.1 |
|
| 133 |
1.1 |
|
| 134 |
1.1 |
|
| 138 |
1.1 2.2 |
|
| 140 |
1.1 |
|
| 141 |
1.1 |
|
| 142 |
1.1 |
|
| 143 |
1.1 |
|
| 145 |
1.1 |
|
| 146 |
1.1 |
|
| 148 |
1.1 |
|
| 149 |
1.1 |
|
| 167 |
1.1 |
|
| 194 |
1.1 |
|
| 198 |
1.1 |
|
| 199 |
1.1 2.2 |
|
| 201 |
1.1 |
|
| 202 |
1.1 |
|
| 203 |
1.1 |
|
| 205 |
1.1 |
|
| 211 |
1.1 |
|
| 212 |
1.1 2.2 |
|
| 217 |
1.1 2.2 |
|
| 219 |
1.1 |
|
| 220 |
1.1 |
|
| 221 |
1.1 |
|
| 222 |
1.1 |
|
| 223 |
1.1 |
|
| 224 |
1.1 |
|
| 227 |
1.1 |
|
| 242 |
1.1 |
|
| 246 |
1.1 |
|
| 249 |
1.1 |
|
| 250 |
1.1 |
|
| 257 |
1.1 |
|
| 258 |
1.1 2.2 |
|
| 263 |
1.1 |
|
| 269 |
1.1 |
|
| 273 |
1.1 |
|
| 279 |
1.1 |
|
| 280 |
1.1 |
|
| 281 |
1.1 |
|
| 282 |
1.1 |
|
| 284 |
1.1 |
|
| 286 |
1.1 |
|
| 293 |
1.1 |
|
| 294 |
1.1 |
|
| 295 |
1.1 |
|
| 297 |
1.1 |
|
| 300 |
1.1 |
|
| 305 |
1.1 2.2 |
|
| 306 |
1.1 |
|
| 311 |
1.1 |
|
| 314 |
1.1 |
|
| 319 |
1.1 |
|
| 322 |
1.1 |
|
| 327 |
1.1 |
|
| 335 |
1.1 |
|
| 336 |
1.1 |
|
| 341 |
1.1 |
|
| 342 |
1.1 |
|
| 349 |
1.1 |
|
| 350 |
1.1 |
|
| 353 |
1.1 |
|
| 358 |
1.1 |
|
| 360 |
1.1 |
|
| 361 |
1.1 |
|
| 371 |
1.1 2.2 |
|
| 375 |
1.1 2.2 |
|
| 383 |
1.1 |
|
| 384 |
1.1 |
|
| 385 |
1.1 |
|
| 386 |
1.1 |
|
| 387 |
1.1 |
|
| 388 |
1.1 |
|
| 389 |
1.1 |
|
| 390 |
1.1 |
|
| 395 |
1.1 |
|
| 396 |
1.1 |
|
| 397 |
1.1 |
|
| 398 |
1.1 |
|
| 399 |
1.1 |
|
| 400 |
1.1 |
|
| 401 |
1.1 |
|
| 402 |
1.1 |
|
| 407 |
1.1 |
|
| 409 |
1.1 |
|
| 410 |
1.1 |
|
| 411 |
1.1 |
|
| 413 |
1.1 |
|
| 415 |
1.1 |
|
| 417 |
1.1 |
|
| 425 |
1.1 |
|
| 427 |
1.1 |
|
| 433 |
1.1 |
|
| 434 |
1.1 |
|
| 435 |
1.1 |
|
| 436 |
1.1 |
|
| 437 |
1.1 |
|
| 438 |
1.1 |
|
| 439 |
1.1 |
|
| 440 |
1.1 |
|
| 441 |
1.1 |
|
| 442 |
1.1 |
|
| 443 |
1.1 |
|
| 444 |
1.1 |