Example 1 with ItemList
use of com.jsql.view.swing.list.ItemList in project jsql-injection by ron190.
the class RessourceAccess method readFile.
/**
* Attempt to read files in parallel by their path from the website using injection.
* Reading file needs a FILE right on the server.
* The user can interrupt the process at any time.
* @param pathsFiles List of file paths to read
* @throws JSqlException when an error occurs during injection
* @throws InterruptedException if the current thread was interrupted while waiting
* @throws ExecutionException if the computation threw an exception
*/
public static void readFile(List<ItemList> pathsFiles) throws JSqlException, InterruptedException, ExecutionException {
if (!RessourceAccess.isReadingAllowed()) {
return;
}
int countFileFound = 0;
ExecutorService taskExecutor = Executors.newFixedThreadPool(10, new ThreadFactoryCallable("CallableReadFile"));
CompletionService<CallableFile> taskCompletionService = new ExecutorCompletionService<>(taskExecutor);
for (ItemList pathFile : pathsFiles) {
CallableFile callableFile = new CallableFile(pathFile.toString());
taskCompletionService.submit(callableFile);
RessourceAccess.callablesReadFile.add(callableFile);
}
List<String> duplicate = new ArrayList<>();
int submittedTasks = pathsFiles.size();
int tasksHandled;
for (tasksHandled = 0; tasksHandled < submittedTasks && !RessourceAccess.isSearchFileStopped; tasksHandled++) {
CallableFile currentCallable = taskCompletionService.take().get();
if (!"".equals(currentCallable.getSourceFile())) {
String name = currentCallable.getPathFile().substring(currentCallable.getPathFile().lastIndexOf('/') + 1, currentCallable.getPathFile().length());
String content = currentCallable.getSourceFile();
String path = currentCallable.getPathFile();
Request request = new Request();
request.setMessage(Interaction.CREATE_FILE_TAB);
request.setParameters(name, content, path);
MediatorModel.model().sendToViews(request);
if (!duplicate.contains(path.replace(name, ""))) {
LOGGER.info("Shell might be possible in folder " + path.replace(name, ""));
}
duplicate.add(path.replace(name, ""));
countFileFound++;
}
}
// Force ongoing suspendables to stop immediately
for (CallableFile callableReadFile : RessourceAccess.callablesReadFile) {
callableReadFile.getSuspendableReadFile().stop();
}
RessourceAccess.callablesReadFile.clear();
taskExecutor.shutdown();
taskExecutor.awaitTermination(5, TimeUnit.SECONDS);
RessourceAccess.isSearchFileStopped = false;
String result = "Found " + countFileFound + " file" + (countFileFound > 1 ? 's' : "") + " " + (tasksHandled != submittedTasks ? "of " + tasksHandled + " processed " : "") + "on " + submittedTasks + " files checked";
if (countFileFound > 0) {
LOGGER.debug(result);
} else {
LOGGER.warn(result);
}
Request request = new Request();
request.setMessage(Interaction.END_FILE_SEARCH);
MediatorModel.model().sendToViews(request);
}
Also used :
ItemList(com.jsql.view.swing.list.ItemList)
ExecutorService(java.util.concurrent.ExecutorService)
ArrayList(java.util.ArrayList)
Request(com.jsql.model.bean.util.Request)
ExecutorCompletionService(java.util.concurrent.ExecutorCompletionService)
ThreadFactoryCallable(com.jsql.model.suspendable.callable.ThreadFactoryCallable)
Example 2 with ItemList
use of com.jsql.view.swing.list.ItemList in project jsql-injection by ron190.
the class AbstractManagerList method addToList.
/**
* Add a new string to the list if it's not a duplicate.
* @param element The string to add to the list
*/
public void addToList(String element) {
boolean isFound = false;
DefaultListModel<ItemList> listModel = (DefaultListModel<ItemList>) this.listPaths.getModel();
for (int i = 0; i < listModel.size(); i++) {
if (listModel.get(i).toString().equals(element)) {
isFound = true;
}
}
if (!isFound) {
ItemList itemList = new ItemList(element);
listModel.addElement(itemList);
}
}
Also used :
ItemList(com.jsql.view.swing.list.ItemList)
DefaultListModel(javax.swing.DefaultListModel)
Example 3 with ItemList
use of com.jsql.view.swing.list.ItemList in project jsql-injection by ron190.
the class RessourceAccess method createAdminPages.
/**
* Check if every page in the list responds 200 Success.
* @param urlInjection
* @param pageNames List of admin pages ot test
* @throws InterruptedException
*/
public static void createAdminPages(String urlInjection, List<ItemList> pageNames) throws InterruptedException {
String urlWithoutProtocol = urlInjection.replaceAll("^https?://[^/]*", "");
String urlProtocol = urlInjection.replace(urlWithoutProtocol, "");
String urlWithoutFileName = urlWithoutProtocol.replaceAll("[^/]*$", "");
List<String> directoryNames = new ArrayList<>();
if (urlWithoutFileName.split("/").length == 0) {
directoryNames.add("/");
}
for (String directoryName : urlWithoutFileName.split("/")) {
directoryNames.add(directoryName + "/");
}
ExecutorService taskExecutor = Executors.newFixedThreadPool(10, new ThreadFactoryCallable("CallableGetAdminPage"));
CompletionService<CallableHttpHead> taskCompletionService = new ExecutorCompletionService<>(taskExecutor);
StringBuilder urlPart = new StringBuilder();
for (String segment : directoryNames) {
urlPart.append(segment);
for (ItemList pageName : pageNames) {
taskCompletionService.submit(new CallableHttpHead(urlProtocol + urlPart.toString() + pageName.toString()));
}
}
int nbAdminPagesFound = 0;
int submittedTasks = directoryNames.size() * pageNames.size();
int tasksHandled;
for (tasksHandled = 0; tasksHandled < submittedTasks && !RessourceAccess.isSearchAdminStopped; tasksHandled++) {
try {
CallableHttpHead currentCallable = taskCompletionService.take().get();
if (currentCallable.isHttpResponseOk()) {
Request request = new Request();
request.setMessage(Interaction.CREATE_ADMIN_PAGE_TAB);
request.setParameters(currentCallable.getUrl());
MediatorModel.model().sendToViews(request);
nbAdminPagesFound++;
LOGGER.debug("Found admin page: " + currentCallable.getUrl());
}
} catch (InterruptedException | ExecutionException e) {
LOGGER.error("Interruption while checking Admin pages", e);
}
}
taskExecutor.shutdown();
taskExecutor.awaitTermination(5, TimeUnit.SECONDS);
RessourceAccess.isSearchAdminStopped = false;
String result = "Found " + nbAdminPagesFound + " admin page" + (nbAdminPagesFound > 1 ? 's' : "") + " " + (tasksHandled != submittedTasks ? "of " + tasksHandled + " processed " : "") + "on " + submittedTasks + " pages checked";
if (nbAdminPagesFound > 0) {
LOGGER.debug(result);
} else {
LOGGER.warn(result);
}
Request request = new Request();
request.setMessage(Interaction.END_ADMIN_SEARCH);
MediatorModel.model().sendToViews(request);
}
Also used :
ArrayList(java.util.ArrayList)
Request(com.jsql.model.bean.util.Request)
ExecutorCompletionService(java.util.concurrent.ExecutorCompletionService)
ThreadFactoryCallable(com.jsql.model.suspendable.callable.ThreadFactoryCallable)
ItemList(com.jsql.view.swing.list.ItemList)
ExecutorService(java.util.concurrent.ExecutorService)
ExecutionException(java.util.concurrent.ExecutionException)
Example 4 with ItemList
use of com.jsql.view.swing.list.ItemList in project jsql-injection by ron190.
the class RessourceAccess method scanList.
/**
* Start fast scan of URLs in sequence and display result.
* Unplug any existing view and plug a console-like view in order to
* respond appropriately to GUI message with simple text result instead of
* build complex graphical components during the multi website injections.
* At the end of the scan it plugs again the normal view.
* @param urlList contains a list of String URL
*/
public static void scanList(List<ItemList> urlList) {
// Erase everything in the view from a previous injection
Request requests = new Request();
requests.setMessage(Interaction.RESET_INTERFACE);
MediatorModel.model().sendToViews(requests);
// wait for ending of ongoing interaction between two injections
try {
Thread.sleep(500);
} catch (InterruptedException e) {
LOGGER.error("Interruption while sleeping during scan", e);
Thread.currentThread().interrupt();
}
// Display result only in console
MediatorModel.model().deleteObservers();
MediatorModel.model().addObserver(new ScanListTerminal());
MediatorModel.model().setIsScanning(true);
RessourceAccess.isScanStopped = false;
for (ItemList url : urlList) {
ItemListScan urlurl = (ItemListScan) url;
if (MediatorModel.model().isStoppedByUser() || RessourceAccess.isScanStopped) {
break;
}
LOGGER.info("Scanning " + urlurl.getBeanInjection().getUrl());
MediatorModel.model().controlInput(urlurl.getBeanInjection().getUrl(), urlurl.getBeanInjection().getRequest(), urlurl.getBeanInjection().getHeader(), urlurl.getBeanInjection().getInjectionTypeAsEnum(), urlurl.getBeanInjection().getRequestType(), true);
try {
Thread.sleep(500);
} catch (InterruptedException e) {
LOGGER.error("Interruption while sleeping between two scans", e);
Thread.currentThread().interrupt();
}
}
// Get back the normal view
// TODO Don't play with View on Model
MediatorModel.model().addObserver(MediatorGui.frame().getObserver());
MediatorModel.model().setIsScanning(false);
MediatorModel.model().setIsStoppedByUser(false);
RessourceAccess.isScanStopped = false;
Request request = new Request();
request.setMessage(Interaction.END_SCAN);
MediatorModel.model().sendToViews(request);
}
Also used :
ScanListTerminal(com.jsql.view.scan.ScanListTerminal)
ItemList(com.jsql.view.swing.list.ItemList)
Request(com.jsql.model.bean.util.Request)
ItemListScan(com.jsql.view.swing.list.ItemListScan)
Aggregations
ItemList (com.jsql.view.swing.list.ItemList)4
Request (com.jsql.model.bean.util.Request)3
ThreadFactoryCallable (com.jsql.model.suspendable.callable.ThreadFactoryCallable)2
ArrayList (java.util.ArrayList)2
ExecutorCompletionService (java.util.concurrent.ExecutorCompletionService)2
ExecutorService (java.util.concurrent.ExecutorService)2
ScanListTerminal (com.jsql.view.scan.ScanListTerminal)1
ItemListScan (com.jsql.view.swing.list.ItemListScan)1
ExecutionException (java.util.concurrent.ExecutionException)1
DefaultListModel (javax.swing.DefaultListModel)1
