View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    * 
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   ******************************************************************************/
11  package com.jsql.view.swing.terminal;
12  
13  import com.jsql.util.LogLevelUtil;
14  import org.apache.logging.log4j.LogManager;
15  import org.apache.logging.log4j.Logger;
16  
17  import java.io.IOException;
18  import java.net.URISyntaxException;
19  import java.util.UUID;
20  
21  /**
22   * A terminal for web shell injection.
23   */
24  public class ExploitReverseShell extends AbstractExploit {
25  
26      private static final Logger LOGGER = LogManager.getRootLogger();
27  
28      private final transient ServerInput serverInput;
29  
30      /**
31       * Build a webshell instance.
32       * @param terminalID Unique identifier to discriminate beyond multiple opened terminals
33       */
34      public ExploitReverseShell(UUID terminalID, String port) throws IOException, URISyntaxException {
35          super(terminalID, null, "reverse", false);
36  
37          this.serverInput = new ServerInput(this, Integer.parseInt(port));
38          new Thread(() -> {
39              try {
40                  this.serverInput.startServer();
41              } catch (IOException e) {
42                  try {
43                      LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Socket connection failure: {}", e.getMessage());
44                      this.serverInput.close();
45                  } catch (IOException ex) {
46                      LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Socket closing failure: {}", ex.getMessage());
47                  }
48              }
49          }).start();
50      }
51  
52      @Override
53      public void action(String command, UUID terminalID, String urlShell, String... arg) {
54          this.serverInput.getServerInputConnection().setCommand(command);
55      }
56  }