update SPEL :)

Author: Whoopsunix

Command/src/main/java/org/command/exec/ScriptEngineDemo.java renamed to Command/src/main/java/org/command/code/ScriptEngineDemo.java

@@ -1,10 +1,12 @@
-package org.command.exec;
+package org.command.code;
 
 import org.command.resultGet.ExecResultGet;
 
 import javax.script.ScriptEngine;
+import javax.script.ScriptEngineFactory;
 import javax.script.ScriptEngineManager;
 import java.io.InputStream;
+import java.util.List;
 
 /**
  * @author Whoopsunix
@@ -50,8 +52,33 @@ public static InputStream exec(String cmd) throws Exception {
     }
 
     public static void main(String[] args) throws Exception {
-        InputStream inputStream = exec("ifconfig -a");
-        ExecResultGet execResultGet = new ExecResultGet();
-        System.out.println(execResultGet.scanner(inputStream));
+//        InputStream inputStream = exec("ifconfig -a");
+//        ExecResultGet execResultGet = new ExecResultGet();
+//        System.out.println(execResultGet.scanner(inputStream));
+        printScriptEngineManagerFactories();
+    }
+
+    /**
+     * 获取引擎信息
+     */
+    public static void printScriptEngineManagerFactories() {
+        ScriptEngineManager manager = new ScriptEngineManager();
+        List<ScriptEngineFactory> factories = manager.getEngineFactories();
+        for (ScriptEngineFactory factory: factories){
+            System.out.printf(
+                    "Name: %s%n" + "Version: %s%n" + "Language name: %s%n" +
+                            "Language version: %s%n" +
+                            "Extensions: %s%n" +
+                            "Mime types: %s%n" +
+                            "Names: %s%n",
+                    factory.getEngineName(),
+                    factory.getEngineVersion(),
+                    factory.getLanguageName(),
+                    factory.getLanguageVersion(),
+                    factory.getExtensions(),
+                    factory.getMimeTypes(),
+                    factory.getNames()
+            );
+        }
     }
 }

Expression/OGNLAttack/src/main/java/org/example/OGNL.java

@@ -84,6 +84,15 @@ public static Object ognlGetValue(String payload) {
         return null;
     }
 
+    public static Object ognlGetValueSafe(String payload) {
+        try {
+            System.out.println(payload);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
     /**
      * ognl.Ognl#setValue()
      */

Expression/SPELAttack/src/main/java/com/example/spelattack/SPEL.java

@@ -1,6 +1,11 @@
 package com.example.spelattack;
 
+import org.springframework.context.expression.MethodBasedEvaluationContext;
+import org.springframework.expression.EvaluationContext;
+import org.springframework.expression.Expression;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.SimpleEvaluationContext;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
 
 /**
  * @author Whoopsunix
@@ -29,11 +34,45 @@ public static void main(String[] args) {
          */
 
 
-        Object obj = spel(sleep);
+
+        Object obj = spel(runtime);
         System.out.println(obj);
     }
 
     public static Object spel(String payload) {
         return new SpelExpressionParser().parseExpression(payload).getValue();
     }
+
+    /**
+     * 默认也是用的 StandardEvaluationContext
+     */
+    public static Object spelStandardEvaluationContext(String payload) {
+        EvaluationContext evaluationContext = new StandardEvaluationContext();
+        return new SpelExpressionParser().parseExpression(payload).getValue(evaluationContext);
+    }
+
+    public static Object spelMethodBasedEvaluationContext(String payload) {
+
+        EvaluationContext evaluationContext = new MethodBasedEvaluationContext(new User(), null, null, null);
+        return new SpelExpressionParser().parseExpression(payload).getValue(evaluationContext);
+    }
+
+    /**
+     * safe
+     */
+
+    /**
+     * SimpleEvaluationContext
+     */
+    public static Object spelSimpleEvaluationContext(String payload) {
+        EvaluationContext evaluationContext = SimpleEvaluationContext.forReadOnlyDataBinding().build();
+        return new SpelExpressionParser().parseExpression(payload).getValue(evaluationContext);
+    }
+
+    public static Object spelSafe(String payload) {
+        StandardEvaluationContext context = new StandardEvaluationContext();
+        context.setVariable("payload", payload);
+        Expression expression = new SpelExpressionParser().parseExpression("#payload");
+        return expression.getValue(context);
+    }
 }

Expression/SPELAttack/src/main/java/com/example/spelattack/User.java

@@ -0,0 +1,7 @@
+package com.example.spelattack;
+
+/**
+ * @author Whoopsunix
+ */
+public class User {
+}

RceEcho/README.md

@@ -0,0 +1,37 @@
+# tomcat
+
+https://xz.aliyun.com/t/12388#toc-10
+
+## tomcat7
+
+报错
+
+```
+Caused by: java.lang.NoSuchMethodException: org.apache.catalina.deploy.WebXml addServlet
+	at org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:916)
+	at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:201)
+	at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1046)
+```
+
+修改安装目录 conf/context.xml ，添加
+
+```
+<Loader delegate="true" />
+```
+
+# spring
+
+
+
+# jetty
+
+https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/
+
+idea 插件 https://plugins.jetbrains.com/plugin/18721-jetty
+
+# Resin
+
+下载官方插件
+
+
+

Serialization/AttackJar/pom.xml renamed to Serialization/ClassLoad/pom.xml

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.example</groupId>
-    <artifactId>AttackJar</artifactId>
+    <artifactId>ClassLoad</artifactId>
     <version>1.0</version>
     <packaging>jar</packaging>
 

Serialization/pom.xml

@@ -10,7 +10,7 @@
     <name>Serialization</name>
 
     <modules>
-        <module>AttackJar</module>
+        <module>ClassLoad</module>
         <module>BCELAttack</module>
         <module>XMLSerialization</module>
     </modules>