View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    * 
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   ******************************************************************************/
11  package com.jsql.view.swing.terminal;
12  
13  import com.jsql.util.LogLevelUtil;
14  import org.apache.logging.log4j.LogManager;
15  import org.apache.logging.log4j.Logger;
16  
17  import java.io.IOException;
18  import java.net.URISyntaxException;
19  import java.util.UUID;
20  
21  /**
22   * A terminal for web shell injection.
23   */
24  public class ExploitReverseShell extends AbstractExploit {
25  
26      private static final Logger LOGGER = LogManager.getRootLogger();
27  
28      private final transient ServerInput serverInput;
29  
30      /**
31       * Build a webshell instance.
32       *
33       * @param terminalID Unique identifier to discriminate beyond multiple opened terminals
34       * @param port
35       */
36      public ExploitReverseShell(UUID terminalID, String port) throws IOException, URISyntaxException {
37          super(terminalID, null, "reverse", false);
38  
39          this.serverInput = new ServerInput(this, Integer.parseInt(port));
40          new Thread(() -> {
41              try {
42                  this.serverInput.startServer();
43              } catch (IOException e) {
44                  try {
45                      LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Socket connection failure: {}", e.getMessage());
46                      this.serverInput.close();
47                  } catch (IOException ex) {
48                      LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Socket closing failure: {}", ex.getMessage());
49                  }
50              }
51          }).start();
52      }
53  
54      @Override
55      public void action(String command, UUID terminalID, String urlShell, String... arg) {
56          this.serverInput.getServerInputConnection().setCommand(command);
57      }
58  }