README

Dockerfile

@@ -0,0 +1,21 @@
+FROM maven:3-jdk-8 AS builder
+
+LABEL MAINTAINER="4ra1n"
+
+COPY ./ /usr/src/
+COPY ./settings.xml /root/.m2/settings.xml
+
+WORKDIR /usr/src
+
+RUN cd /usr/src; \
+ mvn -U clean package -Dmaven.test.skip=true
+
+FROM openjdk:8-jre
+
+LABEL MAINTAINER="4ra1n"
+
+COPY --from=builder /usr/src/fake-mysql-cli-0.0.1.jar /cli.jar
+
+EXPOSE 3306
+
+CMD ["java","-jar","/cli.jar","-p","3306"]

README.md

@@ -0,0 +1,88 @@
+# MySQL Fake Server
+
+![](https://img.shields.io/badge/build-passing-brightgreen)
+![](https://img.shields.io/badge/build-Java%208-orange)
+![](https://img.shields.io/github/downloads/4ra1n/mysql-fake-server/total)
+![](https://img.shields.io/github/v/release/4ra1n/mysql-fake-server)
+
+[English Version](doc/README.md)
+
+## 0x00 介绍
+
+该项目是 [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server) 高级版
+
+当`JDBC URL`可控时，特殊的`MySQL`服务端可以读取`JDBC`客户端任意文件或执行反序列化操作
+
+完全使用`Java`实现部分`MySQL`协议，内置常见`ysoserial`链，一键启动，自动生成可用的`payload`用于测试
+
+## 0x01 GUI
+
+使用`GUI`版本一键启动，启动后可以根据自己的环境输入参数，生成`payload`
+
+启动：`java -jar fake-mysql-gui.jar`
+
+![](img/001.png)
+
+## 0x02 CLI
+
+当你的环境不允许使用`GUI`版时，可以使用命令行版启动，同样可以使用`GUI`辅助生成`payload`
+
+启动：`java -jar fake-mysql-cli.jar -p [port]`
+
+![](img/002.png)
+
+## 0x03 Docker
+
+构建：`docker build -t fake-mysql-server .`
+
+启动：`docker run -p 3306:3306 fake-mysql-server -d`
+
+![](img/003.png)
+
+## 0x04 RPC
+
+本项目提供了`GRPC`调用的方式
+
+启动：`java -jar fake-mysql-rpc.jar`（默认启动端口9999）
+
+proto:
+
+```protobuf
+syntax = "proto3";
+
+option java_package = "me.n1ar4.fake.rpc";
+option java_outer_classname = "FakeServerRPC";
+option java_multiple_files = true;
+
+package me.n1ar4.fake.rpc;
+
+service RPCStart {
+ rpc start (RPCNull) returns (RPCResp) {}
+ rpc stop (RPCPort) returns(RPCResp) {}
+}
+
+message RPCNull{}
+
+message RPCResp {
+ string status = 1;
+ int32 port = 2;
+}
+
+message RPCPort {
+ int32 port = 1;
+}
+```
+
+## 0x05 免责申明
+
+本项目仅面向安全研究与学习，禁止任何非法用途
+
+如您在使用本项目的过程中存在任何非法行为，您需自行承担相应后果
+
+除非您已充分阅读、完全理解并接受本协议，否则，请您不要使用本项目
+
+## 0x06 致谢与参考
+
+- https://github.com/frohoff/ysoserial
+- https://github.com/fnmsd/MySQL_Fake_Server
+- https://pyn3rd.github.io/2022/06/06/Make-JDBC-Attacks-Brillian-Again-I/

doc/README.md

@@ -0,0 +1,86 @@
+# MySQL Fake Server
+
+![](https://img.shields.io/badge/build-passing-brightgreen)
+![](https://img.shields.io/badge/build-Java%208-orange)
+![](https://img.shields.io/github/downloads/4ra1n/mysql-fake-server/total)
+![](https://img.shields.io/github/v/release/4ra1n/mysql-fake-server)
+
+## 0x00 Introduction
+
+This project is an advanced version of [MySQL_Fake_Server](https://github.com/fnmsd/MySQL_Fake_Server).
+
+When the `JDBC URL` is controllable, a special `MySQL` server can read any file or perform deserialization operations on the `JDBC` client.
+
+The `MySQL` protocol is partially implemented entirely using `Java`, with built-in common `ysoserial` chains, one-click launch, and automatic generation of usable payloads for testing.
+
+## 0x01 GUI
+
+Use the `GUI` version to start with one click. After starting, you can enter parameters according to your environment to generate a payload.
+
+Launch: `java -jar fake-mysql-gui.jar`
+
+![](../img/001.png)
+
+## 0x02 CLI
+
+When your environment does not allow the use of the `GUI` version, you can use the command line version to start, and also use the `GUI` to generate a payload.
+
+Launch: `java -jar fake-mysql-cli.jar -p [port]`
+
+![](../img/002.png)
+
+## 0x03 Docker
+
+Build: `docker build -t fake-mysql-server .`
+
+Launch: `docker run -p 3306:3306 fake-mysql-server -d`
+
+![](../img/003.png)
+
+## 0x04 RPC
+
+This project provides a `GRPC` call method.
+
+Launch: `java -jar fake-mysql-rpc.jar` (default launch port 9999)
+
+proto:
+
+```protobuf
+syntax = "proto3";
+
+option java_package = "me.n1ar4.fake.rpc";
+option java_outer_classname = "FakeServerRPC";
+option java_multiple_files = true;
+
+package me.n1ar4.fake.rpc;
+
+service RPCStart {
+ rpc start (RPCNull) returns (RPCResp) {}
+ rpc stop (RPCPort) returns(RPCResp) {}
+}
+
+message RPCNull{}
+
+message RPCResp {
+ string status = 1;
+ int32 port = 2;
+}
+
+message RPCPort {
+ int32 port = 1;
+}
+```
+
+## 0x05 Disclaimer
+
+This project is only for security research and learning purposes. Any illegal use is prohibited.
+
+If you engage in any illegal behavior during the use of this project, you will be responsible for the consequences.
+
+Unless you have fully read, completely understood, and accepted this agreement, please do not use this project.
+
+## 0x06 Acknowledgments and References
+
+- https://github.com/frohoff/ysoserial
+- https://github.com/fnmsd/MySQL_Fake_Server
+- https://pyn3rd.github.io/2022/06/06/Make-JDBC-Attacks-Brillian-Again-I/

settings.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd">
+ <pluginGroups>
+ </pluginGroups>
+ <proxies>
+ </proxies>
+ <servers>
+ </servers>
+ <mirrors>
+ <mirror>
+ <id>aliyunmaven</id>
+ <mirrorOf>*</mirrorOf>
+ <name>aliyun</name>
+ <url>https://maven.aliyun.com/repository/public</url>
+ </mirror>
+ <mirror>
+ <id>maven-default-http-blocker</id>
+ <mirrorOf>external:http:*</mirrorOf>
+ <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
+ <url>http://0.0.0.0/</url>
+ <blocked>true</blocked>
+ </mirror>
+ </mirrors>
+ <profiles>
+ </profiles>
+</settings>