View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    * 
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   ******************************************************************************/
11  package com.jsql.view.swing.terminal;
12  
13  import com.jsql.util.LogLevelUtil;
14  import org.apache.logging.log4j.LogManager;
15  import org.apache.logging.log4j.Logger;
16  
17  import java.io.IOException;
18  import java.net.URISyntaxException;
19  import java.util.UUID;
20  
21  /**
22   * A terminal for web shell injection.
23   */
24  public class ExploitReverseShell extends AbstractExploit {
25  
26      /**
27       * Log4j logger sent to view.
28       */
29      private static final Logger LOGGER = LogManager.getRootLogger();
30  
31      private final transient ServerInput serverInput;
32  
33      /**
34       * Build a webshell instance.
35       *
36       * @param terminalID Unique identifier to discriminate beyond multiple opened terminals
37       * @param port
38       */
39      public ExploitReverseShell(UUID terminalID, String port) throws IOException, URISyntaxException {
40          super(terminalID, null, "reverse", false);
41  
42          this.serverInput = new ServerInput(this, Integer.parseInt(port));
43          new Thread(() -> {
44              try {
45                  this.serverInput.startServer();
46              } catch (IOException e) {
47                  LOGGER.log(LogLevelUtil.CONSOLE_ERROR, e.getMessage());
48              }
49          }).start();
50      }
51  
52      @Override
53      public void action(String command, UUID terminalID, String urlShell, String... arg) {
54          this.serverInput.getServerInputConnection().setCommand(command);
55      }
56  }