| 1 | /******************************************************************************* | |
| 2 | * Copyhacked (H) 2012-2025. | |
| 3 | * This program and the accompanying materials | |
| 4 | * are made available under no term at all, use it like | |
| 5 | * you want, but share and discuss it | |
| 6 | * every time possible with every body. | |
| 7 | * | |
| 8 | * Contributors: | |
| 9 | * ron190 at ymail dot com - initial implementation | |
| 10 | ******************************************************************************/ | |
| 11 | package com.jsql.view.swing.manager; | |
| 12 | ||
| 13 | import com.jsql.model.accessible.ExploitMode; | |
| 14 | import com.jsql.model.exception.JSqlException; | |
| 15 | import com.jsql.model.injection.vendor.model.Vendor; | |
| 16 | import com.jsql.util.I18nUtil; | |
| 17 | import com.jsql.util.LogLevelUtil; | |
| 18 | import com.jsql.view.swing.manager.util.*; | |
| 19 | import com.jsql.view.swing.text.JPasswordFieldPlaceholder; | |
| 20 | import com.jsql.view.swing.text.JPopupTextField; | |
| 21 | import com.jsql.view.swing.text.JTextFieldPlaceholder; | |
| 22 | import com.jsql.view.swing.text.JToolTipI18n; | |
| 23 | import com.jsql.view.swing.util.I18nViewUtil; | |
| 24 | import com.jsql.view.swing.util.MediatorHelper; | |
| 25 | import org.apache.commons.lang3.StringUtils; | |
| 26 | import org.apache.logging.log4j.LogManager; | |
| 27 | import org.apache.logging.log4j.Logger; | |
| 28 | ||
| 29 | import javax.swing.*; | |
| 30 | import java.awt.*; | |
| 31 | import java.awt.event.ActionEvent; | |
| 32 | import java.awt.event.ActionListener; | |
| 33 | import java.awt.event.ItemEvent; | |
| 34 | import java.awt.event.ItemListener; | |
| 35 | import java.io.File; | |
| 36 | import java.net.URI; | |
| 37 | import java.net.URISyntaxException; | |
| 38 | import java.util.Arrays; | |
| 39 | import java.util.Objects; | |
| 40 | import java.util.concurrent.atomic.AtomicReference; | |
| 41 | ||
| 42 | /** | |
| 43 | * Manager for uploading PHP SQL shell to the host and send queries. | |
| 44 | */ | |
| 45 | public class ManagerExploit extends AbstractManagerList { | |
| 46 | ||
| 47 | private static final Logger LOGGER = LogManager.getRootLogger(); | |
| 48 | public static final String SHELL_URL_TOOLTIP = "SHELL_URL_TOOLTIP"; | |
| 49 | ||
| 50 | private final AtomicReference<JTextField> username = new AtomicReference<>(); | |
| 51 | private final AtomicReference<JTextField> password = new AtomicReference<>(); | |
| 52 | private final AtomicReference<JTextField> netshare = new AtomicReference<>(); | |
| 53 | protected final JTextField textfieldUrlShell; | |
| 54 | ||
| 55 | public static final String EXPLOIT_UDF = "EXPLOIT_UDF"; | |
| 56 | public static final String EXPLOIT_WEB = "EXPLOIT_WEB"; | |
| 57 | public static final String EXPLOIT_SQL = "EXPLOIT_SQL"; | |
| 58 | public static final String EXPLOIT_UPLOAD = "EXPLOIT_UPLOAD"; | |
| 59 | ||
| 60 | private final JComboBox<Object> comboBoxExploitTypes = new JComboBox<>(new Object[]{ | |
| 61 | new ModelItemType(ManagerExploit.EXPLOIT_UDF, "EXPLOIT_UDF_TOOLTIP"), | |
| 62 | ComboBoxMethodRenderer.SEPARATOR, | |
| 63 | new ModelItemType(ManagerExploit.EXPLOIT_WEB, "EXPLOIT_WEB_TOOLTIP"), | |
| 64 | new ModelItemType(ManagerExploit.EXPLOIT_SQL, "EXPLOIT_SQL_TOOLTIP"), | |
| 65 | new ModelItemType(ManagerExploit.EXPLOIT_UPLOAD, "EXPLOIT_UPLOAD_TOOLTIP"), | |
| 66 | }); | |
| 67 | ||
| 68 | private final JComboBox<Object> comboBoxExploitModes = new JComboBox<>(new Object[]{ | |
| 69 | ExploitMode.AUTO, | |
| 70 | ComboBoxMethodRenderer.SEPARATOR, | |
| 71 | ExploitMode.QUERY_BODY, | |
| 72 | ExploitMode.TEMP_TABLE, | |
| 73 | ComboBoxMethodRenderer.SEPARATOR, | |
| 74 | ExploitMode.NETSHARE | |
| 75 | }); | |
| 76 | ||
| 77 | public ManagerExploit() { | |
| 78 | super("swing/list/payload.txt"); | |
| 79 | ||
| 80 | var tooltipShellUrl = new AtomicReference<>(new JToolTipI18n(I18nUtil.valueByKey(ManagerExploit.SHELL_URL_TOOLTIP))); | |
| 81 | var placeholderResult = new JTextFieldPlaceholder(I18nUtil.valueByKey("SHELL_URL_LABEL")) { | |
| 82 | @Override | |
| 83 | public JToolTip createToolTip() { | |
| 84 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$1::createToolTip → NO_COVERAGE |
return tooltipShellUrl.get(); |
| 85 | } | |
| 86 | }; | |
| 87 | this.textfieldUrlShell = new JPopupTextField(placeholderResult).getProxy(); | |
| 88 |
1
1. <init> : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey("SHELL_URL_LABEL", this.textfieldUrlShell); |
| 89 |
1
1. <init> : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(ManagerExploit.SHELL_URL_TOOLTIP, tooltipShellUrl.get()); |
| 90 |
1
1. <init> : removed call to javax/swing/JTextField::setToolTipText → NO_COVERAGE |
this.textfieldUrlShell.setToolTipText(I18nUtil.valueByKey(ManagerExploit.SHELL_URL_TOOLTIP)); |
| 91 | ||
| 92 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::buildRunButton → NO_COVERAGE |
this.buildRunButton("SHELL_RUN_BUTTON_LABEL", "SHELL_RUN_BUTTON_TOOLTIP"); |
| 93 |
1
1. <init> : removed call to com/jsql/view/swing/manager/util/JButtonStateful::setEnabled → NO_COVERAGE |
this.run.setEnabled(false); |
| 94 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::buildPrivilege → NO_COVERAGE |
this.buildPrivilege(); |
| 95 | ||
| 96 | var southPanel = new JPanel(); | |
| 97 |
1
1. <init> : removed call to javax/swing/JPanel::setLayout → NO_COVERAGE |
southPanel.setLayout(new BoxLayout(southPanel, BoxLayout.Y_AXIS)); |
| 98 | southPanel.add(this.textfieldUrlShell); | |
| 99 | southPanel.add(this.lastLine); | |
| 100 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::add → NO_COVERAGE |
this.add(southPanel, BorderLayout.SOUTH); |
| 101 | ||
| 102 | var userPassPanel = new JPanel(); | |
| 103 | var groupLayout = new GroupLayout(userPassPanel); | |
| 104 |
1
1. <init> : removed call to javax/swing/JPanel::setLayout → NO_COVERAGE |
userPassPanel.setLayout(groupLayout); |
| 105 | ||
| 106 |
1
1. <init> : removed call to com/jsql/view/swing/manager/util/JButtonStateful::addActionListener → NO_COVERAGE |
this.run.addActionListener(new ActionExploit(this.comboBoxExploitTypes)); |
| 107 | ||
| 108 | Arrays.asList( | |
| 109 | new ModelExploit(this.netshare, "EXPLOIT_NETSHARE_LABEL", "EXPLOIT_NETSHARE_TOOLTIP"), | |
| 110 | new ModelExploit(this.username, "SQL_SHELL_USERNAME_LABEL", "SQL_SHELL_USERNAME_TOOLTIP"), | |
| 111 | new ModelExploit(this.password, "SQL_SHELL_PASSWORD_LABEL", "SQL_SHELL_PASSWORD_TOOLTIP", true) | |
| 112 |
1
1. <init> : removed call to java/util/List::forEach → NO_COVERAGE |
).forEach(model -> { |
| 113 | var tooltip = new AtomicReference<>(new JToolTipI18n(I18nUtil.valueByKey(model.tooltipI18n))); | |
| 114 |
1
1. lambda$new$0 : negated conditional → NO_COVERAGE |
if (model.isPassword) { |
| 115 |
1
1. lambda$new$0 : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
model.textfield.set(new JPopupTextField(new JPasswordFieldPlaceholder(I18nUtil.valueByKey(model.labelI18n)) { |
| 116 | @Override | |
| 117 | public JToolTip createToolTip() { | |
| 118 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$2::createToolTip → NO_COVERAGE |
return tooltip.get(); |
| 119 | } | |
| 120 | }).getProxy()); | |
| 121 | } else { | |
| 122 |
1
1. lambda$new$0 : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
model.textfield.set(new JPopupTextField(new JTextFieldPlaceholder(I18nUtil.valueByKey(model.labelI18n)) { |
| 123 | @Override | |
| 124 | public JToolTip createToolTip() { | |
| 125 |
1
1. createToolTip : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit$3::createToolTip → NO_COVERAGE |
return tooltip.get(); |
| 126 | } | |
| 127 | }).getProxy()); | |
| 128 | } | |
| 129 |
1
1. lambda$new$0 : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(model.labelI18n, model.textfield.get()); |
| 130 |
1
1. lambda$new$0 : removed call to com/jsql/view/swing/util/I18nViewUtil::addComponentForKey → NO_COVERAGE |
I18nViewUtil.addComponentForKey(model.tooltipI18n, tooltip.get()); |
| 131 |
1
1. lambda$new$0 : removed call to javax/swing/JTextField::setToolTipText → NO_COVERAGE |
model.textfield.get().setToolTipText(I18nUtil.valueByKey(model.tooltipI18n)); |
| 132 | }); | |
| 133 | ||
| 134 | Arrays.asList(this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell, this.netshare.get()) | |
| 135 |
2
1. <init> : removed call to java/util/List::forEach → NO_COVERAGE 2. lambda$new$1 : removed call to javax/swing/JComponent::setVisible → NO_COVERAGE |
.forEach(component -> component.setVisible(false)); |
| 136 | ||
| 137 |
1
1. <init> : removed call to javax/swing/JComboBox::setRenderer → NO_COVERAGE |
this.comboBoxExploitTypes.setRenderer(new ComboBoxTypeRenderer()); |
| 138 |
1
1. <init> : removed call to javax/swing/JComboBox::addActionListener → NO_COVERAGE |
this.comboBoxExploitTypes.addActionListener(new SeparatorListener(this.comboBoxExploitTypes)); |
| 139 |
1
1. <init> : removed call to javax/swing/JComboBox::addItemListener → NO_COVERAGE |
this.comboBoxExploitTypes.addItemListener(this.getTypesItemListener()); |
| 140 |
1
1. <init> : removed call to javax/swing/JComboBox::addItemListener → NO_COVERAGE |
this.comboBoxExploitModes.addItemListener(this.getModesItemListener()); |
| 141 | ||
| 142 |
1
1. <init> : removed call to javax/swing/JComboBox::setRenderer → NO_COVERAGE |
this.comboBoxExploitModes.setRenderer(new ComboBoxMethodRenderer()); |
| 143 |
1
1. <init> : removed call to javax/swing/JComboBox::addActionListener → NO_COVERAGE |
this.comboBoxExploitModes.addActionListener(new SeparatorListener(this.comboBoxExploitModes)); |
| 144 | var labelUsing = new JLabel("via"); | |
| 145 |
1
1. <init> : removed call to javax/swing/JLabel::setBorder → NO_COVERAGE |
labelUsing.setBorder(BorderFactory.createEmptyBorder(5, 0, 5, 0)); |
| 146 |
1
1. <init> : removed call to javax/swing/GroupLayout::setHorizontalGroup → NO_COVERAGE |
groupLayout.setHorizontalGroup( |
| 147 | groupLayout | |
| 148 | .createParallelGroup() | |
| 149 | .addGroup( | |
| 150 | groupLayout | |
| 151 | .createSequentialGroup() | |
| 152 | .addComponent(this.comboBoxExploitTypes) | |
| 153 | .addComponent(labelUsing, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) | |
| 154 | .addComponent(this.comboBoxExploitModes, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE) | |
| 155 | ) | |
| 156 | .addGroup( | |
| 157 | groupLayout.createParallelGroup() | |
| 158 | .addComponent(this.netshare.get()) | |
| 159 | .addComponent(this.username.get()) | |
| 160 | .addComponent(this.password.get()) | |
| 161 | ) | |
| 162 | ); | |
| 163 | ||
| 164 |
1
1. <init> : removed call to javax/swing/GroupLayout::setVerticalGroup → NO_COVERAGE |
groupLayout.setVerticalGroup( |
| 165 | groupLayout | |
| 166 | .createSequentialGroup() | |
| 167 | .addGroup( | |
| 168 | groupLayout | |
| 169 | .createParallelGroup(GroupLayout.Alignment.BASELINE) | |
| 170 | .addComponent(this.comboBoxExploitTypes) | |
| 171 | .addComponent(labelUsing) | |
| 172 | .addComponent(this.comboBoxExploitModes) | |
| 173 | ) | |
| 174 | .addGroup( | |
| 175 | groupLayout | |
| 176 | .createParallelGroup() | |
| 177 | .addComponent(this.netshare.get()) | |
| 178 | ) | |
| 179 | .addGroup( | |
| 180 | groupLayout | |
| 181 | .createParallelGroup() | |
| 182 | .addComponent(this.username.get()) | |
| 183 | ) | |
| 184 | .addGroup( | |
| 185 | groupLayout | |
| 186 | .createParallelGroup() | |
| 187 | .addComponent(this.password.get()) | |
| 188 | ) | |
| 189 | ); | |
| 190 | | |
| 191 |
1
1. <init> : removed call to com/jsql/view/swing/manager/ManagerExploit::add → NO_COVERAGE |
this.add(userPassPanel, BorderLayout.NORTH); |
| 192 | } | |
| 193 | ||
| 194 | private ItemListener getModesItemListener() { | |
| 195 |
1
1. getModesItemListener : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::getModesItemListener → NO_COVERAGE |
return itemEvent -> { |
| 196 |
2
1. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE 2. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE |
if (itemEvent.getStateChange() == ItemEvent.SELECTED && itemEvent.getItem() instanceof ExploitMode) { |
| 197 | ExploitMode selectedItem = (ExploitMode) itemEvent.getItem(); | |
| 198 |
1
1. lambda$getModesItemListener$2 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.netshare.get().setVisible(false); |
| 199 |
1
1. lambda$getModesItemListener$2 : negated conditional → NO_COVERAGE |
if (selectedItem.equals(ExploitMode.NETSHARE)) { |
| 200 |
1
1. lambda$getModesItemListener$2 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.netshare.get().setVisible(true); |
| 201 | } | |
| 202 |
1
1. lambda$getModesItemListener$2 : removed call to com/jsql/view/swing/manager/ManagerExploit::updateUI → NO_COVERAGE |
this.updateUI(); // required to adapt panel |
| 203 | } | |
| 204 | }; | |
| 205 | } | |
| 206 | ||
| 207 | private ItemListener getTypesItemListener() { | |
| 208 |
1
1. getTypesItemListener : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::getTypesItemListener → NO_COVERAGE |
return itemEvent -> { |
| 209 |
2
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE 2. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (itemEvent.getStateChange() != ItemEvent.SELECTED || itemEvent.getItem() == ComboBoxMethodRenderer.SEPARATOR) { |
| 210 | return; | |
| 211 | } | |
| 212 | Arrays.asList( | |
| 213 | this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell | |
| 214 |
2
1. lambda$getTypesItemListener$4 : removed call to java/util/List::forEach → NO_COVERAGE 2. lambda$getTypesItemListener$3 : removed call to javax/swing/JComponent::setVisible → NO_COVERAGE |
).forEach(component -> component.setVisible(false)); |
| 215 | ModelItemType selectedItem = (ModelItemType) itemEvent.getItem(); | |
| 216 |
1
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (!ManagerExploit.EXPLOIT_UDF.equals(selectedItem.getKeyLabel())) { |
| 217 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JScrollPane::setVisible → NO_COVERAGE |
this.scrollListPaths.setVisible(true); |
| 218 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.textfieldUrlShell.setVisible(true); |
| 219 |
1
1. lambda$getTypesItemListener$4 : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_SQL.equals(selectedItem.getKeyLabel())) { |
| 220 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.username.get().setVisible(true); |
| 221 |
1
1. lambda$getTypesItemListener$4 : removed call to javax/swing/JTextField::setVisible → NO_COVERAGE |
this.password.get().setVisible(true); |
| 222 | } | |
| 223 | } | |
| 224 |
1
1. lambda$getTypesItemListener$4 : removed call to com/jsql/view/swing/manager/ManagerExploit::updateUI → NO_COVERAGE |
this.updateUI(); // required to adapt panel |
| 225 | }; | |
| 226 | } | |
| 227 | ||
| 228 | protected class ActionExploit implements ActionListener { | |
| 229 | private final JComboBox<Object> comboBoxExploitTypes; | |
| 230 | ||
| 231 | public ActionExploit(JComboBox<Object> comboBoxExploitTypes) { | |
| 232 | this.comboBoxExploitTypes = comboBoxExploitTypes; | |
| 233 | } | |
| 234 | ||
| 235 | @Override | |
| 236 | public void actionPerformed(ActionEvent evt) { | |
| 237 | var modelSelectItem = (ModelItemType) this.comboBoxExploitTypes.getSelectedItem(); | |
| 238 | var labelSelectItem = Objects.requireNonNull(modelSelectItem).getKeyLabel(); | |
| 239 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (!ManagerExploit.isValid(labelSelectItem)) { |
| 240 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Currently unsupported for [{}], contribute and share exploit method on GitHub to improve the app", MediatorHelper.model().getMediatorVendor().getVendor()); | |
| 241 | return; | |
| 242 | } | |
| 243 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UDF.equals(labelSelectItem)) { |
| 244 | new SwingWorker<>() { | |
| 245 | @Override | |
| 246 |
1
1. doInBackground : removed call to java/lang/Thread::setName → NO_COVERAGE |
protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploit"); |
| 247 |
1
1. doInBackground : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit::start → NO_COVERAGE |
ActionExploit.this.start(null, null, null); |
| 248 | return null; | |
| 249 | } | |
| 250 |
1
1. actionPerformed : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit$1::execute → NO_COVERAGE |
}.execute(); |
| 251 | return; | |
| 252 | } | |
| 253 | if ( | |
| 254 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
ManagerExploit.EXPLOIT_SQL.equals(labelSelectItem) |
| 255 |
2
1. actionPerformed : negated conditional → NO_COVERAGE 2. actionPerformed : negated conditional → NO_COVERAGE |
&& (ManagerExploit.this.password.get().getText().isEmpty() || ManagerExploit.this.username.get().getText().isEmpty()) |
| 256 | ) { | |
| 257 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing credentials (tips: search and read file containing hardcoded credentials)"); | |
| 258 | return; | |
| 259 | } | |
| 260 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (ManagerExploit.this.listPaths.getSelectedValuesList().isEmpty()) { |
| 261 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Select at least one directory in the list"); | |
| 262 | return; | |
| 263 | } | |
| 264 | ||
| 265 | String urlShell = this.validateAndNormalizeUrlShell(); | |
| 266 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (urlShell == null) { |
| 267 | return; | |
| 268 | } | |
| 269 | AtomicReference<File> fileToUpload = new AtomicReference<>(); | |
| 270 |
1
1. actionPerformed : negated conditional → NO_COVERAGE |
if (this.validateFileSelection(labelSelectItem, fileToUpload)) { |
| 271 | return; | |
| 272 | } | |
| 273 | ||
| 274 | new SwingWorker<>() { | |
| 275 | @Override | |
| 276 |
1
1. doInBackground : removed call to java/lang/Thread::setName → NO_COVERAGE |
protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploitNonUdf"); |
| 277 |
1
1. doInBackground : removed call to java/awt/Component::setVisible → NO_COVERAGE |
ManagerExploit.this.horizontalGlue.setVisible(false); |
| 278 |
1
1. doInBackground : removed call to javax/swing/JProgressBar::setVisible → NO_COVERAGE |
ManagerExploit.this.progressBar.setVisible(true); |
| 279 |
1
1. doInBackground : removed call to java/util/List::forEach → NO_COVERAGE |
ManagerExploit.this.listPaths.getSelectedValuesList().forEach(pathExploit -> { |
| 280 | LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, String.format("Checking path [%s]...", pathExploit)); | |
| 281 |
1
1. lambda$doInBackground$0 : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit::start → NO_COVERAGE |
ActionExploit.this.start(pathExploit.toString(), urlShell, fileToUpload.get()); |
| 282 | }); | |
| 283 |
1
1. doInBackground : removed call to com/jsql/view/swing/manager/ManagerExploit::endProcess → NO_COVERAGE |
ManagerExploit.this.endProcess(); |
| 284 | return null; | |
| 285 | } | |
| 286 |
1
1. actionPerformed : removed call to com/jsql/view/swing/manager/ManagerExploit$ActionExploit$2::execute → NO_COVERAGE |
}.execute(); |
| 287 | } | |
| 288 | ||
| 289 | private boolean validateFileSelection(String labelSelectItem, AtomicReference<File> fileToUpload) { | |
| 290 |
1
1. validateFileSelection : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UPLOAD.equals(labelSelectItem)) { |
| 291 |
1
1. validateFileSelection : removed call to java/util/concurrent/atomic/AtomicReference::set → NO_COVERAGE |
fileToUpload.set(ManagerExploit.chooseFile()); |
| 292 |
1
1. validateFileSelection : negated conditional → NO_COVERAGE |
if (fileToUpload.get() == null) { |
| 293 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing file, please select a file"); | |
| 294 |
1
1. validateFileSelection : replaced boolean return with false for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateFileSelection → NO_COVERAGE |
return true; |
| 295 | } | |
| 296 | } | |
| 297 |
1
1. validateFileSelection : replaced boolean return with true for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateFileSelection → NO_COVERAGE |
return false; |
| 298 | } | |
| 299 | ||
| 300 | private String validateAndNormalizeUrlShell() { | |
| 301 | String urlShell = ManagerExploit.this.textfieldUrlShell.getText(); | |
| 302 |
2
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE 2. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (!urlShell.isEmpty() && !urlShell.matches("(?i)^https?://.*")) { |
| 303 |
1
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (!urlShell.matches("(?i)^\\w+://.*")) { |
| 304 | LOGGER.log(LogLevelUtil.CONSOLE_INFORM, "Undefined shell URL protocol, forcing to [https://]"); | |
| 305 | urlShell = "https://"+ urlShell; | |
| 306 | } else { | |
| 307 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unknown URL protocol"); | |
| 308 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return null; |
| 309 | } | |
| 310 | } | |
| 311 |
1
1. validateAndNormalizeUrlShell : negated conditional → NO_COVERAGE |
if (StringUtils.isNotEmpty(urlShell)) { |
| 312 | try { | |
| 313 | new URI(urlShell); | |
| 314 | } catch (URISyntaxException e) { | |
| 315 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, String.format("Incorrect URL: %s", e.getMessage())); | |
| 316 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return null; |
| 317 | } | |
| 318 | } | |
| 319 |
1
1. validateAndNormalizeUrlShell : replaced return value with "" for com/jsql/view/swing/manager/ManagerExploit$ActionExploit::validateAndNormalizeUrlShell → NO_COVERAGE |
return urlShell; |
| 320 | } | |
| 321 | ||
| 322 | private void start(String pathExploit, String urlShellFinal, File fileToUpload) { | |
| 323 | try { | |
| 324 |
1
1. start : removed call to com/jsql/view/swing/manager/ManagerExploit::createPayload → NO_COVERAGE |
ManagerExploit.this.createPayload(pathExploit, urlShellFinal, fileToUpload); |
| 325 | } catch (JSqlException | IllegalArgumentException e) { | |
| 326 | LOGGER.log(LogLevelUtil.CONSOLE_ERROR, String.format("Payload creation failure: %s", e.getMessage())); | |
| 327 | } | |
| 328 | } | |
| 329 | } | |
| 330 | ||
| 331 | private static boolean isValid(String labelSelectItem) { | |
| 332 |
1
1. isValid : replaced boolean return with true for com/jsql/view/swing/manager/ManagerExploit::isValid → NO_COVERAGE |
return |
| 333 |
1
1. isValid : negated conditional → NO_COVERAGE |
ManagerExploit.EXPLOIT_UDF.equals(labelSelectItem) && Arrays.asList( |
| 334 | MediatorHelper.model().getMediatorVendor().getSqlite(), | |
| 335 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
| 336 | MediatorHelper.model().getMediatorVendor().getPostgres(), | |
| 337 | MediatorHelper.model().getMediatorVendor().getH2() | |
| 338 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()) |
| 339 |
1
1. isValid : negated conditional → NO_COVERAGE |
|| Arrays.asList(ManagerExploit.EXPLOIT_WEB, ManagerExploit.EXPLOIT_UPLOAD).contains(labelSelectItem) && Arrays.asList( |
| 340 | MediatorHelper.model().getMediatorVendor().getDerby(), | |
| 341 | MediatorHelper.model().getMediatorVendor().getHsqldb(), | |
| 342 | MediatorHelper.model().getMediatorVendor().getH2(), | |
| 343 | MediatorHelper.model().getMediatorVendor().getSqlite(), | |
| 344 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
| 345 | MediatorHelper.model().getMediatorVendor().getPostgres() | |
| 346 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()) |
| 347 |
1
1. isValid : negated conditional → NO_COVERAGE |
|| Arrays.asList(ManagerExploit.EXPLOIT_SQL).contains(labelSelectItem) && Arrays.asList( |
| 348 | MediatorHelper.model().getMediatorVendor().getMysql(), | |
| 349 | MediatorHelper.model().getMediatorVendor().getPostgres() | |
| 350 |
1
1. isValid : negated conditional → NO_COVERAGE |
).contains(MediatorHelper.model().getMediatorVendor().getVendor()); |
| 351 | } | |
| 352 | ||
| 353 | private static File chooseFile() { | |
| 354 | var filechooser = new JFileChooser(MediatorHelper.model().getMediatorUtils().getPreferencesUtil().getPathFile()); | |
| 355 |
1
1. chooseFile : removed call to javax/swing/JFileChooser::setDialogTitle → NO_COVERAGE |
filechooser.setDialogTitle(I18nUtil.valueByKey("UPLOAD_DIALOG_TEXT")); |
| 356 | int returnVal = filechooser.showOpenDialog(MediatorHelper.frame()); | |
| 357 |
1
1. chooseFile : negated conditional → NO_COVERAGE |
if (returnVal == JFileChooser.APPROVE_OPTION) { |
| 358 |
1
1. chooseFile : replaced return value with null for com/jsql/view/swing/manager/ManagerExploit::chooseFile → NO_COVERAGE |
return filechooser.getSelectedFile(); |
| 359 | } | |
| 360 | return null; | |
| 361 | } | |
| 362 | ||
| 363 | protected void createPayload(String pathExploit, String urlShell, File fileToUpload) throws JSqlException { | |
| 364 | var exploitMethod = ExploitMode.forName( | |
| 365 | Objects.requireNonNull(this.comboBoxExploitModes.getSelectedItem()).toString() | |
| 366 | ).orElse(ExploitMode.AUTO); | |
| 367 | ||
| 368 |
2
1. createPayload : negated conditional → NO_COVERAGE 2. createPayload : negated conditional → NO_COVERAGE |
if (pathExploit != null && !pathExploit.endsWith("/")) { |
| 369 | pathExploit += "/"; | |
| 370 | } | |
| 371 | String pathNetshare = this.netshare.get().getText(); | |
| 372 |
2
1. createPayload : negated conditional → NO_COVERAGE 2. createPayload : negated conditional → NO_COVERAGE |
if (exploitMethod == ExploitMode.NETSHARE && !pathNetshare.endsWith("\\")) { |
| 373 | pathNetshare += "\\"; | |
| 374 | } | |
| 375 | ||
| 376 | var modelItemType = (ModelItemType) Objects.requireNonNull(this.comboBoxExploitTypes.getSelectedItem()); | |
| 377 | var keyLabel = modelItemType.getKeyLabel(); | |
| 378 | var vendor = MediatorHelper.model().getMediatorVendor().getVendor(); | |
| 379 | ||
| 380 |
1
1. createPayload : negated conditional → NO_COVERAGE |
if (ManagerExploit.EXPLOIT_UDF.equals(keyLabel)) { |
| 381 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleUdfExploit → NO_COVERAGE |
ManagerExploit.handleUdfExploit(vendor, pathNetshare, exploitMethod); |
| 382 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_WEB.equals(keyLabel)) { |
| 383 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleWebExploit → NO_COVERAGE |
ManagerExploit.handleWebExploit(pathExploit, urlShell, vendor, pathNetshare, exploitMethod); |
| 384 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_SQL.equals(keyLabel)) { |
| 385 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleSqlExploit → NO_COVERAGE |
this.handleSqlExploit(pathExploit, urlShell, vendor, pathNetshare, exploitMethod); |
| 386 |
1
1. createPayload : negated conditional → NO_COVERAGE |
} else if (ManagerExploit.EXPLOIT_UPLOAD.equals(keyLabel)) { |
| 387 |
1
1. createPayload : removed call to com/jsql/view/swing/manager/ManagerExploit::handleUploadExploit → NO_COVERAGE |
ManagerExploit.handleUploadExploit(pathExploit, urlShell, fileToUpload, vendor, pathNetshare, exploitMethod); |
| 388 | } | |
| 389 | } | |
| 390 | ||
| 391 | private static void handleUdfExploit(Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 392 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 393 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitMysql::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitMysql().createUdf(pathNetshare, exploitMethod); |
| 394 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 395 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createUdf(null); |
| 396 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
| 397 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitSqlite::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitSqlite().createUdf(); |
| 398 |
1
1. handleUdfExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
| 399 |
1
1. handleUdfExploit : removed call to com/jsql/model/accessible/vendor/ExploitH2::createUdf → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitH2().createUdf(); |
| 400 | } | |
| 401 | } | |
| 402 | ||
| 403 | private static void handleWebExploit(String pathExploit, String urlShell, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 404 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 405 | MediatorHelper.model().getResourceAccess().getExploitMysql().createWeb(pathExploit, urlShell, pathNetshare, exploitMethod); | |
| 406 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 407 | MediatorHelper.model().getResourceAccess().getExploitPostgres().createWeb(pathExploit, urlShell); | |
| 408 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
| 409 | MediatorHelper.model().getResourceAccess().getExploitSqlite().createWeb(pathExploit, urlShell); | |
| 410 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getHsqldb()) { |
| 411 | MediatorHelper.model().getResourceAccess().getExploitHsqldb().createWeb(pathExploit, urlShell); | |
| 412 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
| 413 | MediatorHelper.model().getResourceAccess().getExploitH2().createWeb(pathExploit, urlShell); | |
| 414 |
1
1. handleWebExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getDerby()) { |
| 415 | MediatorHelper.model().getResourceAccess().getExploitDerby().createWeb(pathExploit, urlShell); | |
| 416 | } | |
| 417 | } | |
| 418 | ||
| 419 | private void handleSqlExploit(String pathExploit, String urlShell, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 420 | String login = this.username.get().getText(); | |
| 421 | String pass = this.password.get().getText(); | |
| 422 |
1
1. handleSqlExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 423 | MediatorHelper.model().getResourceAccess().getExploitMysql().createSql(pathExploit, urlShell, pathNetshare, exploitMethod, login, pass); | |
| 424 |
1
1. handleSqlExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 425 | MediatorHelper.model().getResourceAccess().getExploitPostgres().createSql(pathExploit, urlShell, login, pass); | |
| 426 | } | |
| 427 | } | |
| 428 | ||
| 429 | private static void handleUploadExploit(String pathExploit, String urlShell, File fileToUpload, Vendor vendor, String pathNetshare, ExploitMode exploitMethod) throws JSqlException { | |
| 430 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
if (vendor == MediatorHelper.model().getMediatorVendor().getMysql()) { |
| 431 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitMysql::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitMysql().createUpload(pathExploit, urlShell, pathNetshare, exploitMethod, fileToUpload); |
| 432 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getPostgres()) { |
| 433 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitPostgres::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitPostgres().createUpload(pathExploit, urlShell, fileToUpload); |
| 434 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getSqlite()) { |
| 435 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitSqlite::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitSqlite().createUpload(pathExploit, urlShell, fileToUpload); |
| 436 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getHsqldb()) { |
| 437 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitHsqldb::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitHsqldb().createUpload(pathExploit, urlShell, fileToUpload); |
| 438 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getH2()) { |
| 439 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitH2::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitH2().createUpload(pathExploit, urlShell, fileToUpload); |
| 440 |
1
1. handleUploadExploit : negated conditional → NO_COVERAGE |
} else if (vendor == MediatorHelper.model().getMediatorVendor().getDerby()) { |
| 441 |
1
1. handleUploadExploit : removed call to com/jsql/model/accessible/vendor/ExploitDerby::createUpload → NO_COVERAGE |
MediatorHelper.model().getResourceAccess().getExploitDerby().createUpload(pathExploit, urlShell, fileToUpload); |
| 442 | } | |
| 443 | } | |
| 444 | } | |
Mutations | ||
| 84 |
1.1 |
|
| 88 |
1.1 |
|
| 89 |
1.1 |
|
| 90 |
1.1 |
|
| 92 |
1.1 |
|
| 93 |
1.1 |
|
| 94 |
1.1 |
|
| 97 |
1.1 |
|
| 100 |
1.1 |
|
| 104 |
1.1 |
|
| 106 |
1.1 |
|
| 112 |
1.1 |
|
| 114 |
1.1 |
|
| 115 |
1.1 |
|
| 118 |
1.1 |
|
| 122 |
1.1 |
|
| 125 |
1.1 |
|
| 129 |
1.1 |
|
| 130 |
1.1 |
|
| 131 |
1.1 |
|
| 135 |
1.1 2.2 |
|
| 137 |
1.1 |
|
| 138 |
1.1 |
|
| 139 |
1.1 |
|
| 140 |
1.1 |
|
| 142 |
1.1 |
|
| 143 |
1.1 |
|
| 145 |
1.1 |
|
| 146 |
1.1 |
|
| 164 |
1.1 |
|
| 191 |
1.1 |
|
| 195 |
1.1 |
|
| 196 |
1.1 2.2 |
|
| 198 |
1.1 |
|
| 199 |
1.1 |
|
| 200 |
1.1 |
|
| 202 |
1.1 |
|
| 208 |
1.1 |
|
| 209 |
1.1 2.2 |
|
| 214 |
1.1 2.2 |
|
| 216 |
1.1 |
|
| 217 |
1.1 |
|
| 218 |
1.1 |
|
| 219 |
1.1 |
|
| 220 |
1.1 |
|
| 221 |
1.1 |
|
| 224 |
1.1 |
|
| 239 |
1.1 |
|
| 243 |
1.1 |
|
| 246 |
1.1 |
|
| 247 |
1.1 |
|
| 250 |
1.1 |
|
| 254 |
1.1 |
|
| 255 |
1.1 2.2 |
|
| 260 |
1.1 |
|
| 266 |
1.1 |
|
| 270 |
1.1 |
|
| 276 |
1.1 |
|
| 277 |
1.1 |
|
| 278 |
1.1 |
|
| 279 |
1.1 |
|
| 281 |
1.1 |
|
| 283 |
1.1 |
|
| 286 |
1.1 |
|
| 290 |
1.1 |
|
| 291 |
1.1 |
|
| 292 |
1.1 |
|
| 294 |
1.1 |
|
| 297 |
1.1 |
|
| 302 |
1.1 2.2 |
|
| 303 |
1.1 |
|
| 308 |
1.1 |
|
| 311 |
1.1 |
|
| 316 |
1.1 |
|
| 319 |
1.1 |
|
| 324 |
1.1 |
|
| 332 |
1.1 |
|
| 333 |
1.1 |
|
| 338 |
1.1 |
|
| 339 |
1.1 |
|
| 346 |
1.1 |
|
| 347 |
1.1 |
|
| 350 |
1.1 |
|
| 355 |
1.1 |
|
| 357 |
1.1 |
|
| 358 |
1.1 |
|
| 368 |
1.1 2.2 |
|
| 372 |
1.1 2.2 |
|
| 380 |
1.1 |
|
| 381 |
1.1 |
|
| 382 |
1.1 |
|
| 383 |
1.1 |
|
| 384 |
1.1 |
|
| 385 |
1.1 |
|
| 386 |
1.1 |
|
| 387 |
1.1 |
|
| 392 |
1.1 |
|
| 393 |
1.1 |
|
| 394 |
1.1 |
|
| 395 |
1.1 |
|
| 396 |
1.1 |
|
| 397 |
1.1 |
|
| 398 |
1.1 |
|
| 399 |
1.1 |
|
| 404 |
1.1 |
|
| 406 |
1.1 |
|
| 408 |
1.1 |
|
| 410 |
1.1 |
|
| 412 |
1.1 |
|
| 414 |
1.1 |
|
| 422 |
1.1 |
|
| 424 |
1.1 |
|
| 430 |
1.1 |
|
| 431 |
1.1 |
|
| 432 |
1.1 |
|
| 433 |
1.1 |
|
| 434 |
1.1 |
|
| 435 |
1.1 |
|
| 436 |
1.1 |
|
| 437 |
1.1 |
|
| 438 |
1.1 |
|
| 439 |
1.1 |
|
| 440 |
1.1 |
|
| 441 |
1.1 |