From c6a8fc811e651e562a6e8749cb4a21cae4ec729f Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 07:48:40 +0100 Subject: [PATCH 01/19] Add distribution management plugins --- pom.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 9 deletions(-) diff --git a/pom.xml b/pom.xml index 5232c95..ed5f97b 100644 --- a/pom.xml +++ b/pom.xml @@ -33,6 +33,13 @@ https://github.com/qtc-de/remote-method-guesser/tree/master + + + ossrh + https://s01.oss.sonatype.org/content/repositories/snapshots + + + UTF-8 1.8 @@ -92,6 +99,7 @@ + maven-assembly-plugin @@ -132,16 +140,45 @@ - maven-jar-plugin - 3.2.0 - - - default-jar - none - - + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.13 + true + + ossrh + https://s01.oss.sonatype.org/ + true + - + + org.apache.maven.plugins + maven-source-plugin + 3.3.0 + + + attach-sources + + jar-no-fork + + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.6.3 + + + attach-javadocs + + jar + + + + + + From 03d8a8bfc2f950bdb34f46faef60568d4d442ff8 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 09:10:05 +0100 Subject: [PATCH 02/19] Start to fix JavaDoc --- src/eu/tneitzel/rmg/Starter.java | 5 + .../tneitzel/rmg/endpoints/KnownEndpoint.java | 48 ++ .../tneitzel/rmg/endpoints/Vulnerability.java | 30 ++ .../exceptions/MalformedPluginException.java | 8 + .../rmg/exceptions/SSRFException.java | 5 + .../UnexpectedCharacterException.java | 8 + .../rmg/internal/ArgumentHandler.java | 6 +- .../rmg/internal/CodebaseCollector.java | 2 +- .../rmg/internal/ExceptionHandler.java | 234 ++++++++++ .../rmg/internal/MethodArguments.java | 11 + .../rmg/internal/MethodCandidate.java | 6 +- src/eu/tneitzel/rmg/internal/Pair.java | 10 + src/eu/tneitzel/rmg/internal/RMGOption.java | 85 +++- .../tneitzel/rmg/internal/RMGOptionGroup.java | 10 +- .../tneitzel/rmg/internal/RMIComponent.java | 10 +- src/eu/tneitzel/rmg/io/Logger.java | 416 +++++++++++++++++- .../rmg/io/MaliciousOutputStream.java | 13 + src/eu/tneitzel/rmg/io/SampleWriter.java | 11 +- .../tneitzel/rmg/io/SingleOpOutputStream.java | 7 +- src/eu/tneitzel/rmg/io/WordlistHandler.java | 1 + .../rmg/networking/DGCClientSocket.java | 6 + .../networking/LoopbackSslSocketFactory.java | 2 + .../tneitzel/rmg/networking/RMIEndpoint.java | 36 +- .../rmg/networking/RMIRegistryEndpoint.java | 32 +- .../rmg/networking/SSRFResponseSocket.java | 19 +- .../networking/SSRFResponseSocketFactory.java | 5 + .../tneitzel/rmg/networking/SSRFSocket.java | 10 +- .../rmg/operations/ActivationClient.java | 12 +- src/eu/tneitzel/rmg/operations/DGCClient.java | 9 +- src/eu/tneitzel/rmg/operations/Operation.java | 45 +- .../rmg/operations/RegistryClient.java | 6 +- .../rmg/operations/RemoteObjectClient.java | 7 +- .../tneitzel/rmg/operations/ScanAction.java | 12 +- .../rmg/plugin/IArgumentProvider.java | 10 +- .../tneitzel/rmg/plugin/IPayloadProvider.java | 12 +- .../tneitzel/rmg/plugin/IResponseHandler.java | 9 +- .../rmg/plugin/ISocketFactoryProvider.java | 27 +- src/eu/tneitzel/rmg/plugin/PluginSystem.java | 13 +- .../rmg/utils/ActivatableWrapper.java | 22 +- src/eu/tneitzel/rmg/utils/RMGUtils.java | 29 +- .../rmg/utils/RemoteInvocationHolder.java | 12 + .../rmg/utils/RemoteObjectWrapper.java | 14 +- src/eu/tneitzel/rmg/utils/RogueJMX.java | 1 + src/eu/tneitzel/rmg/utils/Security.java | 40 +- .../rmg/utils/SpringRemotingWrapper.java | 9 + src/eu/tneitzel/rmg/utils/UnicastWrapper.java | 19 +- src/eu/tneitzel/rmg/utils/YsoIntegration.java | 5 +- 47 files changed, 1264 insertions(+), 85 deletions(-) diff --git a/src/eu/tneitzel/rmg/Starter.java b/src/eu/tneitzel/rmg/Starter.java index aedaac5..a8b17f7 100644 --- a/src/eu/tneitzel/rmg/Starter.java +++ b/src/eu/tneitzel/rmg/Starter.java @@ -13,6 +13,11 @@ */ public class Starter { + /** + * Main method :) + * + * @param argv arguments passed to the program + */ public static void main(String[] argv) { ArgumentHandler handler = new ArgumentHandler(argv); diff --git a/src/eu/tneitzel/rmg/endpoints/KnownEndpoint.java b/src/eu/tneitzel/rmg/endpoints/KnownEndpoint.java index 698bd7b..853d50f 100644 --- a/src/eu/tneitzel/rmg/endpoints/KnownEndpoint.java +++ b/src/eu/tneitzel/rmg/endpoints/KnownEndpoint.java @@ -27,61 +27,109 @@ public class KnownEndpoint private List vulnerabilities; + /** + * Set the name of the endpoint. + * + * @param name of the endpoint + */ public void setName(String name) { this.name = name; } + /** + * Set the class name of the endpoint. + * + * @param className of the endpoint. + */ public void setClassName(List className) { this.className = className; } + /** + * Set the description of the endpoint. + * + * @param description of the endpoint. + */ public void setDescription(String description) { this.description = description; } + /** + * Set the remote methods for the endpoint. + * + * @param remoteMethods list of remote methods + */ public void setRemoteMethods(List remoteMethods) { this.remoteMethods = remoteMethods; } + /** + * Set the references for the endpoint. + * + * @param references list of references + */ public void setReferences(List references) { this.references = references; } + /** + * Set the vulnerabilities for the endpoint. + * + * @param vulnerabilities list of vulnerabilities. + */ public void setVulnerabilities(List vulnerabilities) { this.vulnerabilities = vulnerabilities; } + /** + * @return name + */ public String getName() { return name; } + /** + * @return class name + */ public List getClassName() { return className; } + /** + * @return description + */ public String getDescription() { return description; } + /** + * @return list of methods + */ public List getRemoteMethods() { return remoteMethods; } + /** + * @return list of references + */ public List getReferences() { return references; } + /** + * @return list of vulnerabilities + */ public List getVulnerabilities() { return vulnerabilities; diff --git a/src/eu/tneitzel/rmg/endpoints/Vulnerability.java b/src/eu/tneitzel/rmg/endpoints/Vulnerability.java index 076f829..22534b9 100644 --- a/src/eu/tneitzel/rmg/endpoints/Vulnerability.java +++ b/src/eu/tneitzel/rmg/endpoints/Vulnerability.java @@ -17,31 +17,61 @@ public class Vulnerability private List references; + /** + * Set vulnerability name + * + * @param name of the vulnerability + */ public void setName(String name) { this.name = name; } + /** + * Set the description of the vulnerability. + * + * @param description vulnerability description + */ public void setDescription(String description) { this.description = description; } + /** + * Set the references of the vulnerability. + * + * @param references vulnerability references + */ public void setReferences(List references) { this.references = references; } + /** + * Get the vulnerability name. + * + * @return name + */ public String getName() { return name; } + /** + * Get the vulnerability description. + * + * @return description + */ public String getDescription() { return description; } + /** + * Get the vulnerability references. + * + * @return references + */ public List getReferences() { return references; diff --git a/src/eu/tneitzel/rmg/exceptions/MalformedPluginException.java b/src/eu/tneitzel/rmg/exceptions/MalformedPluginException.java index 28b0371..e2ba881 100644 --- a/src/eu/tneitzel/rmg/exceptions/MalformedPluginException.java +++ b/src/eu/tneitzel/rmg/exceptions/MalformedPluginException.java @@ -12,8 +12,16 @@ public class MalformedPluginException extends Exception { private static final long serialVersionUID = 1L; + /** + * Constructor with zero arguments. + */ public MalformedPluginException() {} + /** + * Constructor with message argument. + * + * @param message exception message. + */ public MalformedPluginException(String message) { super(message); diff --git a/src/eu/tneitzel/rmg/exceptions/SSRFException.java b/src/eu/tneitzel/rmg/exceptions/SSRFException.java index 30f18f9..db3614e 100644 --- a/src/eu/tneitzel/rmg/exceptions/SSRFException.java +++ b/src/eu/tneitzel/rmg/exceptions/SSRFException.java @@ -2,6 +2,11 @@ import java.io.Serializable; +/** + * Custom Exception class used to generate SSRF payloads. When an + * SSRFException is thrown, remote-method-guesser knows that the + * --ssrf option was used. + */ public class SSRFException extends Exception implements Serializable { private static final long serialVersionUID = 1L; diff --git a/src/eu/tneitzel/rmg/exceptions/UnexpectedCharacterException.java b/src/eu/tneitzel/rmg/exceptions/UnexpectedCharacterException.java index b271fe1..7de789f 100644 --- a/src/eu/tneitzel/rmg/exceptions/UnexpectedCharacterException.java +++ b/src/eu/tneitzel/rmg/exceptions/UnexpectedCharacterException.java @@ -16,8 +16,16 @@ @SuppressWarnings("serial") public class UnexpectedCharacterException extends Exception { + /** + * Constructor with zero arguments. + */ public UnexpectedCharacterException() {} + /** + * Constructor with message argument. + * + * @param message exception message. + */ public UnexpectedCharacterException(String message) { super(message); diff --git a/src/eu/tneitzel/rmg/internal/ArgumentHandler.java b/src/eu/tneitzel/rmg/internal/ArgumentHandler.java index aede6a9..d494b15 100644 --- a/src/eu/tneitzel/rmg/internal/ArgumentHandler.java +++ b/src/eu/tneitzel/rmg/internal/ArgumentHandler.java @@ -29,8 +29,8 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class ArgumentHandler { - +public class ArgumentHandler +{ private Namespace args; private ArgumentParser parser; private Properties config; @@ -403,7 +403,7 @@ public void addPorts(String portString, Set portList) /** * Helper function that handles port ranges. * - * @param portString user specified port string + * @param portRange user specified port string * @param portList Set of Integer where parsed ports are added */ public void addRange(String portRange, Set portList) diff --git a/src/eu/tneitzel/rmg/internal/CodebaseCollector.java b/src/eu/tneitzel/rmg/internal/CodebaseCollector.java index 1c3c22b..6977e2a 100644 --- a/src/eu/tneitzel/rmg/internal/CodebaseCollector.java +++ b/src/eu/tneitzel/rmg/internal/CodebaseCollector.java @@ -214,7 +214,7 @@ public static HashMap> getCodebases() } /** - * Add a new className<->serialVersionUID pair to the serialVersionUID map. + * Add a new className<->serialVersionUID pair to the serialVersionUID map. * * @param className the className to add to the map * @param serialVersionUID the serialVersionUID to add to the map diff --git a/src/eu/tneitzel/rmg/internal/ExceptionHandler.java b/src/eu/tneitzel/rmg/internal/ExceptionHandler.java index e075549..550c7db 100644 --- a/src/eu/tneitzel/rmg/internal/ExceptionHandler.java +++ b/src/eu/tneitzel/rmg/internal/ExceptionHandler.java @@ -27,6 +27,10 @@ private static void sslOption() Logger.eprintlnMixedYellow("You can retry the operation using the", "--ssl", "option."); } + /** + * @param functionName + * @param message + */ public static void internalError(String functionName, String message) { Logger.eprintlnMixedYellow("Internal error within the", functionName, "function."); @@ -34,6 +38,11 @@ public static void internalError(String functionName, String message) RMGUtils.exit(); } + /** + * @param e + * @param functionName + * @param exit + */ public static void internalException(Exception e, String functionName, boolean exit) { Logger.eprintMixedYellow("Internal error. Caught unexpected", e.getClass().getName(), "within the "); @@ -44,6 +53,12 @@ public static void internalException(Exception e, String functionName, boolean e RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + * @param exit + */ public static void unexpectedException(Exception e, String during1, String during2, boolean exit) { Logger.eprintMixedYellow("Caught unexpected", e.getClass().getName(), "during "); @@ -55,6 +70,10 @@ public static void unexpectedException(Exception e, String during1, String durin RMGUtils.exit(); } + /** + * @param e + * @param exit + */ public static void unknownCodebaseException(Throwable e, boolean exit) { Logger.eprintlnMixedYellow("Caught unexpected", e.getClass().getName(), "during codebase attack."); @@ -65,6 +84,10 @@ public static void unknownCodebaseException(Throwable e, boolean exit) RMGUtils.exit(); } + /** + * @param e + * @param boundName + */ public static void alreadyBoundException(Exception e, String boundName) { Logger.eprintlnMixedYellow("Bind operation", "was accepted", "by the server."); @@ -73,6 +96,11 @@ public static void alreadyBoundException(Exception e, String boundName) showStackTrace(e); } + /** + * @param e + * @param callName + * @param bypass + */ public static void nonLocalhost(Exception e, String callName, boolean bypass) { Logger.eprintlnMixedYellow("Registry", "rejected " + callName + " call", "because it was not sent from localhost."); @@ -85,6 +113,9 @@ public static void nonLocalhost(Exception e, String callName, boolean bypass) showStackTrace(e); } + /** + * @param e + */ public static void jep290(Exception e) { Logger.eprintlnMixedYellow("RMI registry", "rejected", "deserialization of the supplied gadget."); @@ -92,6 +123,9 @@ public static void jep290(Exception e) showStackTrace(e); } + /** + * @param e + */ public static void deserializeClassNotFound(Exception e) { Logger.eprintlnMixedYellow("Server", "accepted", "deserialization of the supplied gadget, but"); @@ -101,6 +135,12 @@ public static void deserializeClassNotFound(Exception e) showStackTrace(e); } + /** + * @param e + * @param during1 + * @param during2 + * @param className + */ public static void deserializeClassNotFoundRandom(Exception e, String during1, String during2, String className) { Logger.printlnMixedYellow("Caught", "ClassNotFoundException", "during " + during1 + " " + during2 + "."); @@ -109,6 +149,10 @@ public static void deserializeClassNotFoundRandom(Exception e, String during1, S showStackTrace(e); } + /** + * @param e + * @param wasString + */ public static void deserializeClassCast(Exception e, boolean wasString) { Logger.printlnMixedYellow("Caught", "ClassCastException", "during deserialization attack."); @@ -120,6 +164,10 @@ public static void deserializeClassCast(Exception e, boolean wasString) showStackTrace(e); } + /** + * @param e + * @param className + */ public static void codebaseClassNotFound(Exception e, String className) { Logger.eprintlnMixedYellow("Caught", "ClassNotFoundException", "during codebase attack."); @@ -130,6 +178,9 @@ public static void codebaseClassNotFound(Exception e, String className) showStackTrace(e); } + /** + * @param e + */ public static void codebaseSecurityManager(Exception e) { Logger.eprintlnMixedYellow("The class loader of the specified target is", "disabled."); @@ -137,6 +188,11 @@ public static void codebaseSecurityManager(Exception e) showStackTrace(e); } + /** + * @param e + * @param className + * @param payloadName + */ public static void codebaseClassNotFoundRandom(Exception e, String className, String payloadName) { Logger.printlnMixedBlue("Remote class loader attempted to load canary class", className); @@ -149,6 +205,10 @@ public static void codebaseClassNotFoundRandom(Exception e, String className, St showStackTrace(e); } + /** + * @param e + * @param wasString + */ public static void codebaseClassCast(Exception e, boolean wasString) { Logger.printlnMixedYellow("Caught", "ClassCastException", "during codebase attack."); @@ -160,6 +220,9 @@ public static void codebaseClassCast(Exception e, boolean wasString) showStackTrace(e); } + /** + * @param e + */ public static void codebaseClassFormat(Exception e) { Logger.eprintlnMixedYellow("Caught", "ClassFormatError", "during codebase attack."); @@ -168,6 +231,11 @@ public static void codebaseClassFormat(Exception e) showStackTrace(e); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void connectionRefused(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught unexpected", "ConnectException", "during " + during1 + " " + during2 + "."); @@ -177,6 +245,11 @@ public static void connectionRefused(Exception e, String during1, String during2 RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void noRouteToHost(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught unexpected", "NoRouteToHostException", "during " + during1 + " " + during2 + "."); @@ -185,6 +258,11 @@ public static void noRouteToHost(Exception e, String during1, String during2) RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void noJRMPServer(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught unexpected", "ConnectIOException", "during " + during1 + " " + during2 + "."); @@ -197,6 +275,11 @@ public static void noJRMPServer(Exception e, String during1, String during2) RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void sslError(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught unexpected", "SSLException", "during " + during1 + " " + during2 + "."); @@ -206,11 +289,20 @@ public static void sslError(Exception e, String during1, String during2) RMGUtils.exit(); } + /** + * @param e + * @param endpoint + */ public static void invalidClass(Exception e, String endpoint) { invalidClass(e, endpoint, true); } + /** + * @param e + * @param endpoint + * @param trace + */ public static void invalidClass(Exception e, String endpoint, boolean trace) { Logger.eprintlnMixedYellow(endpoint, "rejected", "deserialization of one of the transmitted classes."); @@ -220,6 +312,11 @@ public static void invalidClass(Exception e, String endpoint, boolean trace) showStackTrace(e); } + /** + * @param e + * @param operation + * @param className + */ public static void invalidClassBind(Exception e, String operation, String className) { Logger.eprintln(operation + " operation failed!"); @@ -232,6 +329,10 @@ public static void invalidClassBind(Exception e, String operation, String classN RMGUtils.exit(); } + /** + * @param e + * @param callName + */ public static void invalidClassEnum(Exception e, String callName) { Logger.printlnMixedYellow("- Caught", "InvalidClassException", "during " + callName + " call."); @@ -241,6 +342,10 @@ public static void invalidClassEnum(Exception e, String callName) showStackTrace(e); } + /** + * @param e + * @param callName + */ public static void unsupportedOperationException(Exception e, String callName) { Logger.eprintlnMixedYellow("Caught", "UnsupportedOperationException", "during " + callName + " call."); @@ -251,6 +356,10 @@ public static void unsupportedOperationException(Exception e, String callName) RMGUtils.exit(); } + /** + * @param e + * @param callName + */ public static void unsupportedOperationExceptionEnum(Exception e, String callName) { Logger.eprintlnMixedYellow("- Caught", "UnsupportedOperationException", "during " + callName + " call."); @@ -259,6 +368,11 @@ public static void unsupportedOperationExceptionEnum(Exception e, String callNam showStackTrace(e); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void accessControl(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught unexpected", "AccessControlException", "during " + during1 + " " + during2 + "."); @@ -266,6 +380,10 @@ public static void accessControl(Exception e, String during1, String during2) showStackTrace(e); } + /** + * @param e + * @param during1 + */ public static void singleEntryRegistry(Exception e, String during1) { Logger.eprintlnMixedYellow("- Caught", "AccessException", "during " + during1 + "call."); @@ -274,6 +392,11 @@ public static void singleEntryRegistry(Exception e, String during1) showStackTrace(e); } + /** + * @param e + * @param object + * @param exit + */ public static void noSuchObjectException(Exception e, String object, boolean exit) { Logger.eprintlnMixedYellow("Caught", "NoSuchObjectException", "during RMI call."); @@ -284,6 +407,11 @@ public static void noSuchObjectException(Exception e, String object, boolean exi RMGUtils.exit(); } + /** + * @param e + * @param objID + * @param exit + */ public static void noSuchObjectException(Exception e, ObjID objID, boolean exit) { Logger.eprintlnMixedYellow("Caught", "NoSuchObjectException", "during RMI call."); @@ -300,6 +428,9 @@ public static void noSuchObjectException(Exception e, ObjID objID, boolean exit) RMGUtils.exit(); } + /** + * + */ public static void noSuchObjectExceptionRegistryEnum() { Logger.printlnBlue("RMI Registry Enumeration"); @@ -310,6 +441,11 @@ public static void noSuchObjectExceptionRegistryEnum() Logger.decreaseIndent(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void eofException(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught unexpected", "EOFException", "during " + during1 + " " + during2 + "."); @@ -321,6 +457,9 @@ public static void eofException(Exception e, String during1, String during2) RMGUtils.exit(); } + /** + * @param gadget + */ public static void invalidListenerFormat(boolean gadget) { if(gadget) @@ -330,6 +469,9 @@ public static void invalidListenerFormat(boolean gadget) RMGUtils.exit(); } + /** + * @param format + */ public static void invalidHostFormat(String format) { Logger.eprintlnMixedYellow("The specified host format", format, "is invalid."); @@ -337,6 +479,9 @@ public static void invalidHostFormat(String format) RMGUtils.exit(); } + /** + * @param signature + */ public static void invalidSignature(String signature) { Logger.eprintlnMixedYellow("Encountered invalid function signature:", signature); @@ -344,6 +489,9 @@ public static void invalidSignature(String signature) RMGUtils.exit(); } + /** + * @param e + */ public static void unknownDeserializationException(Exception e) { Throwable cause = getCause(e); @@ -354,6 +502,11 @@ public static void unknownDeserializationException(Exception e) showStackTrace(e); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void unsupportedClassVersion(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught", "UnsupportedClassVersionError", "during " + during1 + " " + during2 + "."); @@ -361,6 +514,9 @@ public static void unsupportedClassVersion(Exception e, String during1, String d showStackTrace(e); } + /** + * @param e + */ public static void illegalArgument(Exception e) { Logger.printlnMixedYellow("Caught", "IllegalArgumentException", "during deserialization attack."); @@ -368,6 +524,9 @@ public static void illegalArgument(Exception e) showStackTrace(e); } + /** + * @param e + */ public static void illegalArgumentCodebase(Exception e) { Logger.printlnMixedYellow("Caught", "IllegalArgumentException", "during codebase attack."); @@ -375,6 +534,12 @@ public static void illegalArgumentCodebase(Exception e) showStackTrace(e); } + /** + * @param e + * @param during1 + * @param during2 + * @param exit + */ public static void cannotCompile(Exception e, String during1, String during2, boolean exit) { Logger.eprintlnMixedYellow("Caught", "CannotCompileException", "during " + during1 + " " + during2 + "."); @@ -384,6 +549,11 @@ public static void cannotCompile(Exception e, String during1, String during2, bo RMGUtils.exit(); } + /** + * @param e + * @param host + * @param exit + */ public static void unknownHost(Exception e, String host, boolean exit) { Logger.eprintlnMixedYellow("Caught", "UnknownHostException", "during connection setup."); @@ -394,6 +564,11 @@ public static void unknownHost(Exception e, String host, boolean exit) RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void networkUnreachable(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught", "SocketException", "during " + during1 + " " + during2 + "."); @@ -402,6 +577,9 @@ public static void networkUnreachable(Exception e, String during1, String during RMGUtils.exit(); } + /** + * @param e + */ public static void bindException(Exception e) { Throwable bindException = ExceptionHandler.getThrowable("BindException", e); @@ -414,6 +592,9 @@ public static void bindException(Exception e) RMGUtils.exit(); } + /** + * @param location + */ public static void ysoNotPresent(String location) { Logger.eprintlnMixedBlue("Unable to find ysoserial library in path", location); @@ -421,6 +602,9 @@ public static void ysoNotPresent(String location) RMGUtils.exit(); } + /** + * + */ public static void missingSignature() { Logger.eprintlnMixedYellow("The", "--signature", "option is required for the requested operation."); @@ -428,6 +612,9 @@ public static void missingSignature() RMGUtils.exit(); } + /** + * @param action + */ public static void missingTarget(String action) { Logger.eprintMixedYellow("Either", "--bound-name", "or "); @@ -436,6 +623,9 @@ public static void missingTarget(String action) RMGUtils.exit(); } + /** + * @param objID + */ public static void invalidObjectId(String objID) { Logger.eprintlnMixedYellow("The specified ObjID", objID, "is invalid."); @@ -444,6 +634,10 @@ public static void invalidObjectId(String objID) RMGUtils.exit(); } + /** + * @param expected + * @param is + */ public static void wrongArgumentCount(int expected, int is) { Logger.eprintlnMixedYellow("The specified method signature expects", String.valueOf(expected), "arguments,"); @@ -451,6 +645,11 @@ public static void wrongArgumentCount(int expected, int is) RMGUtils.exit(); } + /** + * @param e + * @param action + * @param signature + */ public static void unrecognizedMethodHash(Exception e, String action, String signature) { Logger.eprintlnMixedYellow("Caught", "UnmarshalException (unrecognized method hash)", "during " + action + " action."); @@ -459,6 +658,9 @@ public static void unrecognizedMethodHash(Exception e, String action, String sig RMGUtils.exit(); } + /** + * + */ public static void localhostBypassNoException() { Logger.printlnMixedYellow("- Server", "did not", "raise any exception during unbind operation."); @@ -466,6 +668,10 @@ public static void localhostBypassNoException() Logger.statusNonDefault(); } + /** + * @param e + * @param name + */ public static void lookupClassNotFoundException(Exception e, String name) { name = name.replace(" (no security manager: RMI class loader disabled)", ""); @@ -478,6 +684,10 @@ public static void lookupClassNotFoundException(Exception e, String name) RMGUtils.exit(); } + /** + * @param e + * @param boundName + */ public static void notBoundException(Exception e, String boundName) { Logger.eprintMixedYellow("Caught", "NotBoundException", "on bound name "); @@ -487,6 +697,11 @@ public static void notBoundException(Exception e, String boundName) RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void timeoutException(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught", "SocketTimeoutException", "during " + during1 + " " + during2 + "."); @@ -495,6 +710,11 @@ public static void timeoutException(Exception e, String during1, String during2) RMGUtils.exit(); } + /** + * @param e + * @param during1 + * @param during2 + */ public static void connectionReset(Exception e, String during1, String during2) { Logger.eprintlnMixedYellow("Caught", "Connection Reset", "during " + during1 + " " + during2 + "."); @@ -506,6 +726,9 @@ public static void connectionReset(Exception e, String during1, String during2) RMGUtils.exit(); } + /** + * @param e + */ public static void genericCall(Exception e) { Logger.printlnMixedYellow("Caught", e.getClass().getName(), "during generic call action."); @@ -513,6 +736,10 @@ public static void genericCall(Exception e) ExceptionHandler.stackTrace(e); } + /** + * @param e + * @param callName + */ public static void connectException(Exception e, String callName) { Throwable t = ExceptionHandler.getCause(e); @@ -546,6 +773,10 @@ else if (message.contains("Network is unreachable")) } } + /** + * @param e + * @param callName + */ public static void connectIOException(Exception e, String callName) { Throwable t = ExceptionHandler.getCause(e); @@ -576,6 +807,9 @@ public static void connectIOException(Exception e, String callName) } } + /** + * @param e + */ public static void invalidClassException(Exception e) { Logger.eprintlnMixedYellow("Caught", "InvalidClassException", "while unmarshalling an RMI stub."); diff --git a/src/eu/tneitzel/rmg/internal/MethodArguments.java b/src/eu/tneitzel/rmg/internal/MethodArguments.java index 772b603..124444a 100644 --- a/src/eu/tneitzel/rmg/internal/MethodArguments.java +++ b/src/eu/tneitzel/rmg/internal/MethodArguments.java @@ -36,6 +36,9 @@ public class MethodArguments implements Iterable>, Iterator

[] methodArguments; + /** + * @param capacity + */ @SuppressWarnings("unchecked") public MethodArguments(int capacity) { @@ -43,6 +46,10 @@ public MethodArguments(int capacity) this.methodArguments = new Pair[capacity]; } + /** + * @param argumentObject + * @param argumentClass + */ @SuppressWarnings("unchecked") public MethodArguments(Object argumentObject, Class argumentClass) { @@ -70,6 +77,10 @@ public Pair next() return methodArguments[currentIndex++]; } + /** + * @param argumentObject + * @param argumentClass + */ public void add(Object argumentObject, Class argumentClass) { if (size < capacity) diff --git a/src/eu/tneitzel/rmg/internal/MethodCandidate.java b/src/eu/tneitzel/rmg/internal/MethodCandidate.java index db4f60a..57e4755 100644 --- a/src/eu/tneitzel/rmg/internal/MethodCandidate.java +++ b/src/eu/tneitzel/rmg/internal/MethodCandidate.java @@ -175,9 +175,11 @@ private static long computeMethodHash(String methodSignature) * - If the function expects a primitive argument as first parameter, we should write an object * - If the function expects a non primitive argument as first parameter, we should write a primitive * - * This function returns the corresponding argument type depending on the corresponding method definition. + * This function puts the corresponding argument type depending on the corresponding method definition + * into the specified ObjectOutputStream. + * + * @param oo ObjectOutputStream to write the confused argument to * - * @return confused parameter for method invocation * @throws IOException */ @SuppressWarnings("restriction") diff --git a/src/eu/tneitzel/rmg/internal/Pair.java b/src/eu/tneitzel/rmg/internal/Pair.java index 232a652..550b27e 100644 --- a/src/eu/tneitzel/rmg/internal/Pair.java +++ b/src/eu/tneitzel/rmg/internal/Pair.java @@ -14,17 +14,27 @@ public class Pair { private K left; private V right; + /** + * @param left + * @param right + */ public Pair(K left, V right) { this.left = left; this.right = right; } + /** + * @return left value + */ public K left() { return this.left; } + /** + * @return right value + */ public V right() { return this.right; diff --git a/src/eu/tneitzel/rmg/internal/RMGOption.java b/src/eu/tneitzel/rmg/internal/RMGOption.java index 9210622..076bc23 100644 --- a/src/eu/tneitzel/rmg/internal/RMGOption.java +++ b/src/eu/tneitzel/rmg/internal/RMGOption.java @@ -23,102 +23,178 @@ * * @author Tobias Neitzel (@qtc_de) */ -public enum RMGOption { - - // Global arguments +public enum RMGOption +{ + /** path to a configuration file */ GLOBAL_CONFIG("--config", "path to a configuration file", Arguments.store(), RMGOptionGroup.GENERAL, "path"), + /** enable verbose output */ GLOBAL_VERBOSE("--verbose", "enable verbose output", Arguments.storeTrue(), RMGOptionGroup.GENERAL), + /** file system path to a rmg plugin */ GLOBAL_PLUGIN("--plugin", "file system path to a rmg plugin", Arguments.store(), RMGOptionGroup.GENERAL, "path"), + /** disable colored output */ GLOBAL_NO_COLOR("--no-color", "disable colored output", Arguments.storeTrue(), RMGOptionGroup.GENERAL), + /** display stack traces for caught exceptions */ GLOBAL_STACK_TRACE("--stack-trace", "display stack traces for caught exceptions", Arguments.storeTrue(), RMGOptionGroup.GENERAL), + /** target host */ TARGET_HOST("host", "target host", Arguments.store(), RMGOptionGroup.NONE, "host"), + /** target port */ TARGET_PORT("port", "target port", Arguments.store(), RMGOptionGroup.NONE, "port"), + /** target RMI component */ TARGET_COMPONENT("--component", "target RMI component", Arguments.store(), RMGOptionGroup.TARGET, "component"), + /** target bound name within an RMI registry */ TARGET_BOUND_NAME("--bound-name", "target bound name within an RMI registry", Arguments.store(), RMGOptionGroup.TARGET, "name"), + /** target ObjID */ TARGET_OBJID("--objid", "target ObjID", Arguments.store(), RMGOptionGroup.TARGET, "objid"), + /** target method signature */ TARGET_SIGNATURE("--signature", "target method signature", Arguments.store(), RMGOptionGroup.TARGET, "signature"), + /** follow redirects to different servers */ CONN_FOLLOW("--follow", "follow redirects to different servers", Arguments.storeTrue(), RMGOptionGroup.CONNECTION), + /** use SSL for connections */ CONN_SSL("--ssl", "use SSL for connections", Arguments.storeTrue(), RMGOptionGroup.CONNECTION), + /** scan timeout for read operation */ SCAN_TIMEOUT_READ("--timeout-read", "scan timeout for read operation", Arguments.store(), RMGOptionGroup.CONNECTION, "sec"), + /** scan timeout for connect operation */ SCAN_TIMEOUT_CONNECT("--timeout-connect", "scan timeout for connect operation", Arguments.store(), RMGOptionGroup.CONNECTION, "sec"), + /** print SSRF content as gopher payload */ SSRF_GOPHER("--gopher", "print SSRF content as gopher payload", Arguments.storeTrue(), RMGOptionGroup.SSRF), + /** print SSRF payload instead of contacting a server */ SSRF("--ssrf", "print SSRF payload instead of contacting a server", Arguments.storeTrue(), RMGOptionGroup.SSRF), + /** evaluate SSRF response from the server */ SSRFRESPONSE("--ssrf-response", "evaluate SSRF response from the server", Arguments.store(), RMGOptionGroup.SSRF, "hex"), + /** double URL encode the SSRF payload */ SSRF_ENCODE("--encode", "double URL encode the SSRF payload", Arguments.storeTrue(), RMGOptionGroup.SSRF), + /** print payload without color and without additional text */ SSRF_RAW("--raw", "print payload without color and without additional text", Arguments.storeTrue(), RMGOptionGroup.SSRF), + /** use the stream protocol instead of single operation */ SSRF_STREAM_PROTOCOL("--stream-protocol", "use the stream protocol instead of single operation", Arguments.storeTrue(), RMGOptionGroup.SSRF), + /** ObjID of the bound object. */ BIND_OBJID("--bind-objid", "ObjID of the bound object.", Arguments.store(), RMGOptionGroup.ACTION, "objid"), + /** host specifications the bound remote object should point to */ BIND_ADDRESS("bind-host", "host specifications the bound remote object should point to", Arguments.store(), RMGOptionGroup.ACTION, "host:port"), + /** Bound name to use for (un)bind action */ BIND_BOUND_NAME("bound-name", "Bound name to use for (un)bind action", Arguments.store(), RMGOptionGroup.ACTION, "name"), + /** attempt localhost bypass (CVE-2019-2684) */ BIND_BYPASS("--localhost-bypass", "attempt localhost bypass (CVE-2019-2684)", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** attempt to bind the specified gadget instead of JMXServer */ BIND_GADGET_NAME("--gadget-name", "attempt to bind the specified gadget instead of JMXServer", Arguments.store(), RMGOptionGroup.ACTION, "gadget"), + /** command for a custom gadget */ BIND_GADGET_CMD("--gadget-cmd", "command for a custom gadget", Arguments.store(), RMGOptionGroup.ACTION, "cmd"), + /** classname to load during codebase attack */ CODEBASE_CLASS("classname", "classname to load during codebase attack", Arguments.store(), RMGOptionGroup.ACTION, "classname"), + /** codebase URL to load the payload from */ CODEBASE_URL("url", "codebase URL to load the payload from", Arguments.store(), RMGOptionGroup.ACTION, "url"), + /** IP address to start the listener on */ LISTEN_IP("ip", "IP address to start the listener on", Arguments.store(), RMGOptionGroup.ACTION, "ip"), + /** port number to start the listener on */ LISTEN_PORT("port", "port number to start the listener on", Arguments.store(), RMGOptionGroup.ACTION, "port"), + /** ObjID to use for the JMX listener */ ROGUEJMX_OBJID("--objid", "ObjID to use for the JMX listener", Arguments.store(), RMGOptionGroup.ACTION, "objid"), + /** host to forward incoming JMX connections to */ ROGUEJMX_FORWARD_HOST("--forward-host", "host to forward incoming JMX connections to", Arguments.store(), RMGOptionGroup.ACTION, "host"), + /** port to forward incoming JMX connections to */ ROGUEJMX_FORWARD_PORT("--forward-port", "port to forward incoming JMX connections to", Arguments.store(), RMGOptionGroup.ACTION, "port"), + /** bound name to forward incoming JMX connections to */ ROGUEJMX_FORWARD_BOUND_NAME("--forward-bound-name", "bound name to forward incoming JMX connections to", Arguments.store(), RMGOptionGroup.ACTION, "name"), + /** ObjID to forward incoming JMX connections to */ ROGUEJMX_FORWARD_OBJID("--forward-objid", "ObjID to forward incoming JMX connections to", Arguments.store(), RMGOptionGroup.ACTION, "objid"), + /** wordlist file to use for method guessing */ GUESS_WORDLIST_FILE("--wordlist-file", "wordlist file to use for method guessing", Arguments.store(), RMGOptionGroup.ACTION, "path"), + /** location of the wordlist folder */ GUESS_WORDLIST_FOLDER("--wordlist-folder", "location of the wordlist folder", Arguments.store(), RMGOptionGroup.ACTION, "path"), + /** create sample classes for identified methods */ GUESS_CREATE_SAMPLES("--create-samples", "create sample classes for identified methods", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** folder used for sample generation */ GUESS_SAMPLE_FOLDER("--sample-folder", "folder used for sample generation", Arguments.store(), RMGOptionGroup.ACTION, "path"), + /** location of the template folder */ GUESS_TEMPLATE_FOLDER("--template-folder", "location of the template folder", Arguments.store(), RMGOptionGroup.ACTION, "path"), + /** disable bound name filtering */ GUESS_TRUSTED("--trusted", "disable bound name filtering", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** force guessing on known remote objects */ GUESS_FORCE_GUESSING("--force-guessing", "force guessing on known remote objects", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** guess duplicate remote classes */ GUESS_DUPLICATES("--guess-duplicates", "guess duplicate remote classes", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** update wordlist file with method hashes */ GUESS_UPDATE("--update", "update wordlist file with method hashes", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** allow guessing on void functions (dangerous) */ GUESS_ZERO_ARG("--zero-arg", "allow guessing on void functions (dangerous)", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** gadget name to use for the deserialization attack */ GADGET_NAME("gadget", "gadget name to use for the deserialization attack", Arguments.store(), RMGOptionGroup.ACTION, "gadget"), + /** command to pass for the specified gadget */ GADGET_CMD("cmd", "command to pass for the specified gadget", Arguments.store(), RMGOptionGroup.ACTION, "cmd"), + /** attempt localhost bypass during enum */ ENUM_BYPASS("--localhost-bypass", "attempt localhost bypass during enum", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** scan actions to perform during the enumeration */ ENUM_ACTION("--scan-action", "scan actions to perform during the enumeration", Arguments.store(), RMGOptionGroup.ACTION, "action"), + /** host to perform the scan on */ SCAN_HOST("host", "host to perform the scan on", Arguments.store(), RMGOptionGroup.ACTION, "host"), + /** port specifications to perform the portscan on */ SCAN_PORTS("--ports", "port specifications to perform the portscan on", Arguments.store(), RMGOptionGroup.ACTION, "port"), + /** argument string to use for the call */ CALL_ARGUMENTS("arguments", "argument string to use for the call", Arguments.store(), RMGOptionGroup.ACTION, "args"), + /** ObjID string to parse */ OBJID_OBJID("objid", "ObjID string to parse", Arguments.store(), RMGOptionGroup.ACTION, "objid"), + /** classname to check within the database */ KNOWN_CLASS("classname", "classname to check within the database", Arguments.store(), RMGOptionGroup.ACTION, "classname"), + /** enable activation for ActivatableRef */ ACTIVATION("--activate", "enable activation for ActivatableRef", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** force activation of ActivatableRef */ FORCE_ACTIVATION("--force-activation", "force activation of ActivatableRef", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** payload argument position */ ARGUMENT_POS("--position", "payload argument position", Arguments.store(), RMGOptionGroup.ACTION, "pos"), + /** do not use a canary during RMI attacks */ NO_CANARY("--no-canary", "do not use a canary during RMI attacks", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** disable progress bars */ NO_PROGRESS("--no-progress", "disable progress bars", Arguments.storeTrue(), RMGOptionGroup.ACTION), + /** maximum number of threads (default: 5) */ THREADS("--threads", "maximum number of threads (default: 5)", Arguments.store(), RMGOptionGroup.ACTION, "threads"), + /** location of ysoserial.jar for deserialization attacks */ YSO("--yso", "location of ysoserial.jar for deserialization attacks", Arguments.store(), RMGOptionGroup.ACTION, "yso-path"), + /** method to use for dgc operations */ DGC_METHOD("--dgc-method", "method to use for dgc operations", Arguments.store(), RMGOptionGroup.ACTION, "method"), + /** method to use for registry operations */ REG_METHOD("--registry-method", "method to use for registry operations", Arguments.store(), RMGOptionGroup.ACTION, "method"), + /** serialVersionUID to use for RMI stubs */ SERIAL_VERSION_UID("--serial-version-uid", "serialVersionUID to use for RMI stubs", Arguments.store(), RMGOptionGroup.ACTION, "uid"), + /** serialVersionUID to use for payload classes */ PAYLOAD_SERIAL_VERSION_UID("--payload-serial-version-uid", "serialVersionUID to use for payload classes", Arguments.store(), RMGOptionGroup.ACTION, "uid"), + /** enforce plaintext connections from dynamically created socket factories */ SOCKET_FACTORY_PLAIN("--socket-factory-plain", "enforce plaintext connections from dynamically created socket factories", Arguments.storeTrue(), RMGOptionGroup.CONNECTION), + /** enforce SSL connections from dynamically created socket factories */ SOCKET_FACTORY_SSL("--socket-factory-ssl", "enforce SSL connections from dynamically created socket factories", Arguments.storeTrue(), RMGOptionGroup.CONNECTION), + /** dynamically create a socket factory class with the specified name */ SOCKET_FACTORY("--socket-factory", "dynamically create a socket factory class with the specified name", Arguments.store(), RMGOptionGroup.CONNECTION, "classname"), + /** enforce method calls to be dispatched via spring remoting */ SPRING_REMOTING("--spring-remoting", "enforce method calls to be dispatched via spring remoting", Arguments.storeTrue(), RMGOptionGroup.CONNECTION), + /** attempt to output the return value using GenericPrint */ GENERIC_PRINT("--return-value", "attempt to output the return value using GenericPrint", Arguments.storeTrue(), RMGOptionGroup.ACTION); + /** the name of the option */ public final String name; + /** description of the option */ public final String description; + /** metavar of the option */ public final String metavar; + /** argumentAction of the option */ public final ArgumentAction argumentAction; + /** RMGOptionGroup of the option */ public RMGOptionGroup optionGroup = null; + /** the value of the option */ public Object value = null; private final static EnumSet intOptions = EnumSet.of(RMGOption.THREADS, RMGOption.ARGUMENT_POS, RMGOption.SCAN_TIMEOUT_CONNECT, @@ -251,7 +327,8 @@ public void setValue(Object value, Object def) * Attempts to set an option value obtained from an argparse4j Namespace object. * If the corresponding option was not specified, use the default value. * - * @param value + * @param args argparse4j namespace + * @param def value to set for the current option */ public void setValue(Namespace args, Object def) { diff --git a/src/eu/tneitzel/rmg/internal/RMGOptionGroup.java b/src/eu/tneitzel/rmg/internal/RMGOptionGroup.java index 6d36494..ac873c8 100644 --- a/src/eu/tneitzel/rmg/internal/RMGOptionGroup.java +++ b/src/eu/tneitzel/rmg/internal/RMGOptionGroup.java @@ -15,13 +15,19 @@ * * @author Tobias Neitzel (@qtc_de) */ -public enum RMGOptionGroup { - +public enum RMGOptionGroup +{ + /** SSRF related arguments */ SSRF("ssrf arguments"), + /** target related arguments */ TARGET("target arguments"), + /** connection related arguments */ CONNECTION("connection arguments"), + /** general arguments */ GENERAL("general arguments"), + /** action related arguments */ ACTION("action arguments"), + /** no option group */ NONE(""); private final String name; diff --git a/src/eu/tneitzel/rmg/internal/RMIComponent.java b/src/eu/tneitzel/rmg/internal/RMIComponent.java index 36045ea..67ec33b 100644 --- a/src/eu/tneitzel/rmg/internal/RMIComponent.java +++ b/src/eu/tneitzel/rmg/internal/RMIComponent.java @@ -8,14 +8,20 @@ * * @author Tobias Neitzel (@qtc_de) */ -public enum RMIComponent { - +public enum RMIComponent +{ + /** RMI Activation System */ ACTIVATOR("Activator", "act"), + /** Distributed Garbage Collector */ DGC("DGC", "dgc"), + /** RMI Registry */ REGISTRY("Registry", "reg"), + /** custom RMI endpoint */ CUSTOM("RMI Endpoint", "endpoint"); + /** name of the RMI component */ public String name; + /** short name of the RMI component */ public String shortName; /** diff --git a/src/eu/tneitzel/rmg/io/Logger.java b/src/eu/tneitzel/rmg/io/Logger.java index 7469b50..bf67c72 100644 --- a/src/eu/tneitzel/rmg/io/Logger.java +++ b/src/eu/tneitzel/rmg/io/Logger.java @@ -11,8 +11,8 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class Logger { - +public class Logger +{ private static String ANSI_RESET = "\u001B[0m"; private static String ANSI_YELLOW = "\u001B[33m"; private static String ANSI_BLUE = "\u001B[34m"; @@ -20,62 +20,117 @@ public class Logger { private static String ANSI_GREEN = "\u001B[32m"; private static String ANSI_PURPLE = "\u001B[35m"; + /** current indent of the logger */ public static int indent = 0; + /** how many lines have already be printed */ public static int printCount = 0; + /** whether stdout is enabled */ public static boolean stdout = true; + /** whether stderr is enabled */ public static boolean stderr = true; + /** + * + */ public static void disable() { Logger.stdout = false; Logger.stderr = false; } + /** + * + */ public static void disableStdout() { Logger.stdout = false; } + /** + * + */ public static void disableStderr() { Logger.stderr = false; } + /** + * + */ public static void disableIfNotVerbose() { if( !RMGOption.GLOBAL_VERBOSE.getBool() ) disable(); } + /** + * + */ public static void enable() { Logger.stdout = true; Logger.stderr = true; } + /** + * + */ public static void enableStdout() { Logger.stdout = true; } + /** + * + */ public static void enableStderr() { Logger.stderr = true; } + /** + * Format the specified string in blue. + * + * @param msg message to format + * @return formatted message + */ public static String blue(String msg) { return ANSI_BLUE + msg + ANSI_RESET; } + /** + * Format the specified string in yellow. + * + * @param msg message to format + * @return formatted message + */ public static String yellow(String msg) { return ANSI_YELLOW + msg + ANSI_RESET; } + /** + * Format the specified string in red. + * + * @param msg message to format + * @return formatted message + */ public static String red(String msg) { return ANSI_RED + msg + ANSI_RESET; } + /** + * Format the specified string in purple. + * + * @param msg message to format + * @return formatted message + */ public static String purple(String msg) { return ANSI_PURPLE + msg + ANSI_RESET; } + /** + * Format the specified string in green. + * + * @param msg message to format + * @return formatted message + */ public static String green(String msg) { return ANSI_GREEN + msg + ANSI_RESET; @@ -125,6 +180,9 @@ private static void elog(String msg, boolean newline) } } + /** + * + */ public static void lineBreak() { if( printCount != 0 ) { @@ -134,385 +192,696 @@ public static void lineBreak() } } + /** + * @param msg + */ public static void print(String msg) { log(prefix() + msg, false); } + /** + * @param msg + */ public static void printPlain(String msg) { log(msg, false); } + /** + * @param msg + */ public static void println(String msg) { log(prefix() + msg); } + /** + * @param msg + */ public static void printlnPlain(String msg) { log(msg, true); } + /** + * @param msg + */ public static void eprint(String msg) { elog(eprefix() + msg, false); } + /** + * @param msg + */ public static void eprintln(String msg) { elog(eprefix() + msg); } + /** + * @param msg + */ public static void eprintlnPlain(String msg) { elog(msg); } + /** + * @param msg + */ public static void printlnBlue(String msg) { log(prefix() + blue(msg)); } + /** + * @param msg + */ public static void eprintlnBlue(String msg) { elog(prefix() + blue(msg)); } + /** + * @param msg + */ public static void printlnYellow(String msg) { log(prefix() + yellow(msg)); } + /** + * @param msg + */ public static void eprintlnYellow(String msg) { elog(prefix() + yellow(msg)); } + /** + * @param msg + */ public static void printlnPlainBlue(String msg) { log(blue(msg)); } + /** + * @param msg + */ public static void printPlainBlue(String msg) { log(blue(msg), false); } + /** + * @param msg + */ public static void printPlainGreen(String msg) { log(green(msg), false); } + /** + * @param msg + */ public static void printlnPlainGreen(String msg) { log(green(msg), true); } + /** + * @param msg + */ public static void eprintlnPlainBlue(String msg) { elog(blue(msg)); } + /** + * @param msg + */ public static void printlnPlainYellow(String msg) { log(yellow(msg)); } + /** + * @param msg + */ public static void printPlainYellow(String msg) { log(yellow(msg), false); } + /** + * @param msg + */ public static void eprintlnPlainYellow(String msg) { elog(yellow(msg)); } + /** + * @param first + * @param second + */ public static void printlnMixedRed(String first, String second) { log(prefix() + first + " " + red(second)); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedRed(String first, String second) { log(first + " " + red(second)); } + /** + * @param first + * @param second + */ public static void printPlainMixedRed(String first, String second) { log(first + " " + red(second), false); } + /** + * @param first + * @param second + */ public static void printlnMixedGreen(String first, String second) { log(prefix() + first + " " + green(second)); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedGreen(String first, String second) { log(first + " " + green(second)); } + /** + * @param first + * @param second + */ public static void printPlainMixedGreen(String first, String second) { log(first + " " + green(second), false); } + /** + * @param first + * @param second + */ public static void printlnMixedPurple(String first, String second) { log(prefix() + first + " " + purple(second)); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedPurple(String first, String second) { log(first + " " + purple(second)); } + /** + * @param first + * @param second + */ public static void printPlainMixedPurple(String first, String second) { log(first + " " + purple(second), false); } + /** + * @param first + * @param second + */ public static void printlnMixedBlue(String first, String second) { log(prefix() + first + " " + blue(second)); } + /** + * @param first + * @param second + * @param third + */ public static void printlnMixedBlue(String first, String second, String third) { log(prefix() + first + " " + blue(second) + " " + third); } + /** + * @param first + * @param second + */ public static void printlnMixedYellow(String first, String second) { log(prefix() + first + " " + yellow(second)); } + /** + * @param first + * @param second + * @param third + */ public static void printlnMixedYellow(String first, String second, String third) { log(prefix() + first + " " + yellow(second) + " " + third); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedYellow(String first, String second) { log(first + " " + yellow(second)); } + /** + * @param first + * @param second + * @param third + */ public static void printlnPlainMixedYellow(String first, String second, String third) { log(first + " " + yellow(second) + " " + third); } + /** + * @param first + * @param second + */ public static void printPlainMixedYellowFirst(String first, String second) { log(yellow(first) + " " + second, false); } + /** + * @param first + * @param second + */ public static void eprintPlainMixedYellowFirst(String first, String second) { elog(yellow(first) + " " + second, false); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedYellowFirst(String first, String second) { log(yellow(first) + " " + second); } + /** + * @param first + * @param second + * @param third + */ public static void printlnPlainMixedYellowFirst(String first, String second, String third) { log(yellow(first) + " " + second + " " + yellow(third)); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedBlue(String first, String second) { log(first + " " + blue(second)); } + /** + * @param first + * @param second + */ public static void eprintlnPlainMixedBlue(String first, String second) { elog(first + " " + blue(second)); } + /** + * @param first + * @param second + * @param third + */ public static void printlnPlainMixedBlue(String first, String second, String third) { log(first + " " + blue(second) + " " + third); } + /** + * @param first + * @param second + * @param third + */ public static void eprintlnPlainMixedBlue(String first, String second, String third) { elog(first + " " + blue(second) + " " + third); } + /** + * @param first + * @param second + */ public static void printPlainMixedBlue(String first, String second) { log(first + " " + blue(second), false); } + /** + * @param first + * @param second + * @param third + */ public static void printPlainMixedBlueFirst(String first, String second, String third) { log(blue(first) + " " + second + " " + blue(third), false); } + /** + * @param first + * @param second + */ public static void eprintlnMixedBlue(String first, String second) { elog(eprefix() + first + " " + blue(second)); } + /** + * @param first + * @param second + * @param third + */ public static void eprintlnMixedBlue(String first, String second, String third) { elog(eprefix() + first + " " + blue(second) + " " + third); } + /** + * @param first + * @param second + */ public static void eprintlnMixedYellow(String first, String second) { elog(eprefix() + first + " " + yellow(second)); } + /** + * @param first + * @param second + * @param third + */ public static void eprintlnMixedYellow(String first, String second, String third) { elog(eprefix() + first + " " + yellow(second) + " " + third); } + /** + * @param first + * @param second + */ public static void printlnMixedBlueFirst(String first, String second) { log(prefix() + blue(first) + " " + second); } + /** + * @param first + * @param second + * @param third + */ public static void printlnMixedBlueFirst(String first, String second, String third) { log(prefix() + blue(first) + " " + second + " " + blue(third)); } + /** + * @param first + * @param second + */ public static void printlnPlainMixedBlueFirst(String first, String second) { log(blue(first) + " " + second); } + /** + * @param first + * @param second + */ public static void eprintlnPlainMixedBlueFirst(String first, String second) { elog(blue(first) + " " + second); } + /** + * @param first + * @param second + * @param third + */ public static void eprintlnPlainMixedBlueFirst(String first, String second, String third) { elog(blue(first) + " " + second + " " + blue(third)); } + /** + * @param first + * @param second + * @param third + */ public static void printlnPlainMixedBlueFirst(String first, String second, String third) { log(blue(first) + " " + second + " " + blue(third)); } + /** + * @param first + * @param second + */ public static void printlnMixedYellowFirst(String first, String second) { log(prefix() + yellow(first) + " " + second); } + /** + * @param first + * @param second + * @param third + */ public static void printlnMixedYellowFirst(String first, String second, String third) { log(prefix() + yellow(first) + " " + second + " " + yellow(third)); } + /** + * @param first + * @param second + */ public static void eprintlnMixedBlueFirst(String first, String second) { elog(eprefix() + blue(first) + " " + second); } + /** + * @param first + * @param second + * @param third + */ public static void eprintlnMixedBlueFirst(String first, String second, String third) { elog(eprefix() + blue(first) + " " + second + " " + blue(third)); } + /** + * @param first + * @param second + */ public static void eprintlnMixedYellowFirst(String first, String second) { elog(eprefix() + yellow(first) + " " + second); } + /** + * @param first + * @param second + * @param third + */ public static void eprintlnMixedYellowFirst(String first, String second, String third) { elog(eprefix() + yellow(first) + " " + second + " " + yellow(third)); } + /** + * @param first + * @param second + */ public static void printMixedBlue(String first, String second) { log(prefix() + first + " " + blue(second), false); } + /** + * @param first + * @param second + * @param third + */ public static void printMixedBlue(String first, String second, String third) { log(prefix() + first + " " + blue(second) + " " + third, false); } + /** + * @param first + * @param second + */ public static void printMixedYellow(String first, String second) { log(prefix() + first + " " + yellow(second), false); } + /** + * @param first + * @param second + * @param third + */ public static void printMixedYellow(String first, String second, String third) { log(prefix() + first + " " + yellow(second) + " " + third, false); } + /** + * @param first + * @param second + */ public static void eprintMixedBlue(String first, String second) { elog(eprefix() + first + " " + blue(second), false); } + /** + * @param first + * @param second + * @param third + */ public static void eprintMixedBlue(String first, String second, String third) { elog(eprefix() + first + " " + blue(second) + " " + third, false); } + /** + * @param first + * @param second + */ public static void eprintMixedYellow(String first, String second) { elog(eprefix() + first + " " + yellow(second), false); } + /** + * @param first + * @param second + * @param third + */ public static void eprintMixedYellow(String first, String second, String third) { elog(eprefix() + first + " " + yellow(second) + " " + third, false); } + /** + * @param first + * @param second + */ public static void printMixedBlueFirst(String first, String second) { log(prefix() + blue(first) + " " + second, false); } + /** + * @param first + * @param second + * @param third + */ public static void printMixedBlueFirst(String first, String second, String third) { log(prefix() + blue(first) + " " + second + " " + blue(third), false); } + /** + * @param first + * @param second + */ public static void printMixedYellowFirst(String first, String second) { log(prefix() + yellow(first) + " " + second, false); } + /** + * @param first + * @param second + * @param third + */ public static void printMixedYellowFirst(String first, String second, String third) { log(prefix() + yellow(first) + " " + second + " " + yellow(third), false); } + /** + * @param first + * @param second + */ public static void eprintMixedBlueFirst(String first, String second) { elog(eprefix() + blue(first) + " " + second, false); } + /** + * @param first + * @param second + * @param third + */ public static void eprintMixedBlueFirst(String first, String second, String third) { elog(eprefix() + blue(first) + " " + second + " " + blue(third), false); } + /** + * @param first + * @param second + */ public static void eprintMixedYellowFirst(String first, String second) { elog(eprefix() + yellow(first) + " " + second, false); } + /** + * @param first + * @param second + * @param third + */ public static void eprintMixedYellowFirst(String first, String second, String third) { elog(eprefix() + yellow(first) + " " + second + " " + yellow(third), false); } + /** + * + */ public static void printInfoBox() { Logger.lineBreak(); @@ -521,42 +890,66 @@ public static void printInfoBox() Logger.printlnBlue("--------------------------------"); } + /** + * + */ public static void statusVulnerable() { printlnMixedRed(" Vulnerability Status:", "Vulnerable"); } + /** + * + */ public static void statusOk() { printlnMixedGreen(" Vulnerability Status:", "Non Vulnerable"); } + /** + * + */ public static void statusOutdated() { printlnMixedPurple(" Configuration Status:", "Outdated"); } + /** + * + */ public static void statusDefault() { printlnMixedGreen(" Configuration Status:", "Current Default"); } + /** + * + */ public static void statusNonDefault() { printlnMixedRed(" Configuration Status:", "Non Default"); } + /** + * @param statusType + */ public static void statusUndecided(String statusType) { printlnMixedPurple(" " + statusType + " Status:", "Undecided"); } + /** + * + */ public static void increaseIndent() { if(Logger.printCount != 0) indent += 1; } + /** + * + */ public static void decreaseIndent() { indent -= 1; @@ -564,11 +957,17 @@ public static void decreaseIndent() indent = 0; } + /** + * @return the current Logger indent + */ public static String getIndent() { return " " + new String(new char[indent]).replace("\0", "\t"); } + /** + * + */ public static void disableColor() { ANSI_RESET = ""; @@ -579,6 +978,11 @@ public static void disableColor() ANSI_PURPLE = ""; } + /** + * @param endpointName + * @param callName + * @param className + */ public static void printCodebaseAttackIntro(String endpointName, String callName, String className) { Logger.printlnBlue("Attempting codebase attack on " + endpointName + " endpoint..."); @@ -589,6 +993,9 @@ public static void printCodebaseAttackIntro(String endpointName, String callName Logger.increaseIndent(); } + /** + * @param endpointName + */ public static void printGadgetCallIntro(String endpointName) { Logger.lineBreak(); @@ -597,6 +1004,11 @@ public static void printGadgetCallIntro(String endpointName) Logger.increaseIndent(); } + /** + * @param s the string to pad + * @param n the padding to apply + * @return padded string + */ public static String padRight(String s, int n) { return String.format("%-" + n + "s", s); } diff --git a/src/eu/tneitzel/rmg/io/MaliciousOutputStream.java b/src/eu/tneitzel/rmg/io/MaliciousOutputStream.java index b717996..ad1ff03 100644 --- a/src/eu/tneitzel/rmg/io/MaliciousOutputStream.java +++ b/src/eu/tneitzel/rmg/io/MaliciousOutputStream.java @@ -103,11 +103,21 @@ protected void writeLocation(String realLocation) throws IOException inner.writeObject(location); } + /** + * Set the location object to provide within the stream. + * + * @param payload object to use as location. + */ public static void setDefaultLocation(Object payload) { defaultLocation = payload; } + /** + * Return the class name of the currently configured location object. + * + * @return classname of the currently configured location. + */ public static String getDefaultLocation() { if(defaultLocation instanceof String) @@ -116,6 +126,9 @@ public static String getDefaultLocation() return defaultLocation.getClass().getName(); } + /** + * Reset the default location to null. + */ public static void resetDefaultLocation() { defaultLocation = null; diff --git a/src/eu/tneitzel/rmg/io/SampleWriter.java b/src/eu/tneitzel/rmg/io/SampleWriter.java index e932d55..97176fa 100644 --- a/src/eu/tneitzel/rmg/io/SampleWriter.java +++ b/src/eu/tneitzel/rmg/io/SampleWriter.java @@ -126,6 +126,12 @@ public String loadTemplateFile(String templateName) throws IOException /** * Wrapper around writeSamples with additional subfolder argument. + * + * @param sampleFolder + * @param sampleName + * @param sampleContent + * @throws UnexpectedCharacterException + * @throws IOException */ public void writeSample(String sampleFolder, String sampleName, String sampleContent) throws UnexpectedCharacterException, IOException { @@ -171,6 +177,7 @@ public void writeSample(String sampleFolder, String sampleName, String sampleCon * * @param boundName bound name to create the sample for * @param className underlying class name of the corresponding bound name (usually an interface) + * @param unknownClass whether the class to create is unknown * @param methods available remote methods represented by MethodCandidates * @param rmi RMIEndpoint to the currently targeted RMI endpoint * @throws UnexpectedCharacterException is thrown if class or bound names violate the security policies @@ -180,7 +187,8 @@ public void writeSample(String sampleFolder, String sampleName, String sampleCon */ public void createSamples(String boundName, String className, boolean unknownClass, List methods, RMIEndpoint rmi) throws UnexpectedCharacterException, NotFoundException, IOException, CannotCompileException { - for(MethodCandidate method : methods) { + for (MethodCandidate method : methods) + { createSample(className, unknownClass, boundName, method, rmi.host, rmi.port); } } @@ -190,6 +198,7 @@ public void createSamples(String boundName, String className, boolean unknownCla * is basically an ugly find an replace over the template files. * * @param className class name of the remote interface or the RMI stub (if legacy is used) + * @param unknownClass whether the class to create is unknown * @param boundName bound name where the corresponding class name is available * @param method MethodCandidate to create the sample for * @param remoteHost currently targeted RMI host diff --git a/src/eu/tneitzel/rmg/io/SingleOpOutputStream.java b/src/eu/tneitzel/rmg/io/SingleOpOutputStream.java index 3e9ea6c..514005c 100644 --- a/src/eu/tneitzel/rmg/io/SingleOpOutputStream.java +++ b/src/eu/tneitzel/rmg/io/SingleOpOutputStream.java @@ -15,10 +15,13 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class SingleOpOutputStream extends ByteArrayOutputStream { - +public class SingleOpOutputStream extends ByteArrayOutputStream +{ private int flushCount; + /** + * Simple constructor. + */ public SingleOpOutputStream() { super(); flushCount = 0; diff --git a/src/eu/tneitzel/rmg/io/WordlistHandler.java b/src/eu/tneitzel/rmg/io/WordlistHandler.java index 8971532..45fd5f7 100644 --- a/src/eu/tneitzel/rmg/io/WordlistHandler.java +++ b/src/eu/tneitzel/rmg/io/WordlistHandler.java @@ -39,6 +39,7 @@ public class WordlistHandler { * @param wordlistFile wordlist file to use (if not null, takes priority over wordlist Folder) * @param wordlistFolder wordlist folder to look for wordlist files * @param updateWordlists whether wordlists should be updated to the advanced format + * @param zeroArg whether to process zero argument methods */ public WordlistHandler(String wordlistFile, String wordlistFolder, boolean updateWordlists, boolean zeroArg) { diff --git a/src/eu/tneitzel/rmg/networking/DGCClientSocket.java b/src/eu/tneitzel/rmg/networking/DGCClientSocket.java index 2bf2845..be5d578 100644 --- a/src/eu/tneitzel/rmg/networking/DGCClientSocket.java +++ b/src/eu/tneitzel/rmg/networking/DGCClientSocket.java @@ -37,6 +37,12 @@ public class DGCClientSocket extends Socket { private int port; private String host; + /** + * Create a new DGCClientSocket. + * + * @param host remote host + * @param port remote port + */ public DGCClientSocket(String host, int port) { this.host = host; diff --git a/src/eu/tneitzel/rmg/networking/LoopbackSslSocketFactory.java b/src/eu/tneitzel/rmg/networking/LoopbackSslSocketFactory.java index 1b64a65..28c271b 100644 --- a/src/eu/tneitzel/rmg/networking/LoopbackSslSocketFactory.java +++ b/src/eu/tneitzel/rmg/networking/LoopbackSslSocketFactory.java @@ -36,7 +36,9 @@ */ public class LoopbackSslSocketFactory extends SSLSocketFactory implements RMIClientSocketFactory { + /** SSLSocketFactory used for socket creation */ public transient SSLSocketFactory fax; + /** Whether to print redirection information */ public transient boolean printInfo = true; /** diff --git a/src/eu/tneitzel/rmg/networking/RMIEndpoint.java b/src/eu/tneitzel/rmg/networking/RMIEndpoint.java index 045af61..634cb5b 100644 --- a/src/eu/tneitzel/rmg/networking/RMIEndpoint.java +++ b/src/eu/tneitzel/rmg/networking/RMIEndpoint.java @@ -36,9 +36,11 @@ * @author Tobias Neitzel (@qtc_de) */ @SuppressWarnings("restriction") -public class RMIEndpoint { - +public class RMIEndpoint +{ + /** remote port of the endpoint */ public int port; + /** remote host of the endpoint */ public String host; protected RMIClientSocketFactory csf; @@ -87,6 +89,14 @@ public UnicastRef getRemoteRef(ObjID objID) /** * Wrapper around the genericCall function specified below. + * + * @param objID + * @param callID + * @param methodHash + * @param callArguments + * @param locationStream + * @param callName + * @throws Exception */ public void genericCall(ObjID objID, int callID, long methodHash, MethodArguments callArguments, boolean locationStream, String callName) throws Exception { @@ -95,17 +105,36 @@ public void genericCall(ObjID objID, int callID, long methodHash, MethodArgument /** * Wrapper around the genericCall function specified below. + * + * @param objID + * @param callID + * @param methodHash + * @param callArguments + * @param locationStream + * @param callName + * @param ref + * @throws Exception */ public void genericCall(ObjID objID, int callID, long methodHash, MethodArguments callArguments, boolean locationStream, String callName, RemoteRef ref) throws Exception { genericCall(objID, callID, methodHash, callArguments, locationStream, callName, ref, null); } - /* + /** * From remote-method-guesser v4.0.0 on we moved the logic of the genericCall function to the unmanagedCall * function. This allows other parts of the code to perform RMI calls with their own exception handling. However, * this is usually not desired, as connection related exceptions should normally be handled in a unified way. Calling * genericCall is therefore the preferred solution to perform low level RMI calls. + * + * @param objID + * @param callID + * @param methodHash + * @param callArguments + * @param locationStream + * @param callName + * @param remoteRef + * @param rtype + * @throws Exception */ public void genericCall(ObjID objID, int callID, long methodHash, MethodArguments callArguments, boolean locationStream, String callName, RemoteRef remoteRef, CtClass rtype) throws Exception { @@ -209,7 +238,6 @@ public void guessingCall(MethodCandidate candidate, String callName, RemoteRef r * @param methodHash hash value of the method to call or interface hash for legacy calls * @param callArguments map of arguments for the call. Each argument must also ship a class it desires to be serialized to * @param locationStream if true, uses the MaliciousOutputStream class to write custom annotation objects - * @param callName the name of the RMI call you want to dispatch (only used for logging) * @param remoteRef optional remote reference to use for the call. If null, the specified ObjID and the host and port * of this class are used * @param rtype return type of the remote method. If specified, the servers response is forwarded to the ResponseHandler diff --git a/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java b/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java index 240874f..30a7e9b 100644 --- a/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java +++ b/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java @@ -19,7 +19,6 @@ import eu.tneitzel.rmg.plugin.PluginSystem; import eu.tneitzel.rmg.utils.RMGUtils; import eu.tneitzel.rmg.utils.RemoteObjectWrapper; -import javassist.tools.reflect.Reflection; /** * The RMIRegistryEndpoint represents an RMI Registry endpoint on the remote server. The class can be used @@ -60,7 +59,7 @@ public RMIRegistryEndpoint(String host, int port) { RMISocketFactory.setSocketFactory(PluginSystem.getDefaultSocketFactory(host, port)); } - + catch (IOException e) { Logger.eprintlnMixedBlue("Unable to set custom", "RMISocketFactory.", "Host redirection will probably not work."); @@ -74,7 +73,7 @@ public RMIRegistryEndpoint(String host, int port) { this.rmiRegistry = LocateRegistry.getRegistry(host, port, csf); } - + catch (RemoteException e) { ExceptionHandler.internalError("RMIRegistryEndpoint.locateRegistry", "Caught unexpected RemoteException."); @@ -99,6 +98,7 @@ public RMIRegistryEndpoint(RMIEndpoint rmi) * function of the RMI registry, but has error handling implemented. * * @return String array of available bound names. + * @throws java.rmi.NoSuchObjectException */ public String[] getBoundNames() throws java.rmi.NoSuchObjectException { @@ -113,28 +113,28 @@ public String[] getBoundNames() throws java.rmi.NoSuchObjectException { boundNames = rmiRegistry.list(); } - + catch (java.rmi.ConnectIOException e) { ExceptionHandler.connectIOException(e, "list"); } - + catch (java.rmi.ConnectException e) { ExceptionHandler.connectException(e, "list"); } - + catch (java.rmi.UnknownHostException e) { ExceptionHandler.unknownHost(e, host, true); } - + catch (java.rmi.NoSuchObjectException e) { throw e; } - - + + catch (Exception e) { Throwable cause = ExceptionHandler.getCause(e); @@ -143,7 +143,7 @@ public String[] getBoundNames() throws java.rmi.NoSuchObjectException { SSRFSocket.printContent(host, port); } - + else { ExceptionHandler.unexpectedException(e, "list", "call", true); @@ -160,7 +160,11 @@ public String[] getBoundNames() throws java.rmi.NoSuchObjectException * * @param boundNames list of bound names to determine the classes from * @return List of wrapped remote objects - * @throws Reflection related exceptions. RMI related once are caught by the other lookup function. + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails + * @throws UnmarshalException if unmarshalling the return value fails */ public RemoteObjectWrapper[] lookup(String[] boundNames) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException, UnmarshalException { @@ -180,7 +184,11 @@ public RemoteObjectWrapper[] lookup(String[] boundNames) throws IllegalArgumentE * * @param boundName name to lookup within the registry * @return Remote representing the requested remote object - * @throws Reflection related exceptions. RMI related one are caught and handled directly + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails + * @throws UnmarshalException if unmarshalling the return value fails */ public RemoteObjectWrapper lookup(String boundName) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException, UnmarshalException { diff --git a/src/eu/tneitzel/rmg/networking/SSRFResponseSocket.java b/src/eu/tneitzel/rmg/networking/SSRFResponseSocket.java index 49f6950..8c7c24b 100644 --- a/src/eu/tneitzel/rmg/networking/SSRFResponseSocket.java +++ b/src/eu/tneitzel/rmg/networking/SSRFResponseSocket.java @@ -35,14 +35,21 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class SSRFResponseSocket extends Socket { - +public class SSRFResponseSocket extends Socket +{ private int port; private String host; private byte[] content; private int count = 0; + /** + * Create a new SSRFResponseSocket. + * + * @param host remote host + * @param port remote port + * @param response RMI response data to simulate + */ public SSRFResponseSocket(String host, int port, byte[] response) { this.host = host; @@ -61,8 +68,8 @@ public InputStream getInputStream() throws IOException { ByteArrayOutputStream ibos = new ByteArrayOutputStream(); - if( content[0] == TransportConstants.Return ) { - + if (content[0] == TransportConstants.Return) + { ibos.write(TransportConstants.ProtocolAck); DataOutputStream dos = new DataOutputStream(ibos); @@ -76,8 +83,10 @@ public InputStream getInputStream() throws IOException public OutputStream getOutputStream() { - if( count != 0 ) + if (count != 0) + { System.exit(0); + } count += 1; return new DevNullOutputStream(); diff --git a/src/eu/tneitzel/rmg/networking/SSRFResponseSocketFactory.java b/src/eu/tneitzel/rmg/networking/SSRFResponseSocketFactory.java index 1ad11e6..bc9baad 100644 --- a/src/eu/tneitzel/rmg/networking/SSRFResponseSocketFactory.java +++ b/src/eu/tneitzel/rmg/networking/SSRFResponseSocketFactory.java @@ -16,6 +16,11 @@ public class SSRFResponseSocketFactory extends RMISocketFactory { private byte[] content; + /** + * Create a new SSRFResponseSocketFactory. + * + * @param content the RMI response data to simulate + */ public SSRFResponseSocketFactory(byte[] content) { this.content = content; diff --git a/src/eu/tneitzel/rmg/networking/SSRFSocket.java b/src/eu/tneitzel/rmg/networking/SSRFSocket.java index 68ebcc2..f6f9d1e 100644 --- a/src/eu/tneitzel/rmg/networking/SSRFSocket.java +++ b/src/eu/tneitzel/rmg/networking/SSRFSocket.java @@ -38,13 +38,19 @@ * @author Tobias Neitzel (@qtc_de) */ @SuppressWarnings("restriction") -public class SSRFSocket extends Socket { - +public class SSRFSocket extends Socket +{ private String host; private int port; private static ByteArrayOutputStream bos; + /** + * Create a new SSRFSocket. + * + * @param host remote host + * @param port remote port + */ public SSRFSocket(String host, int port) { this.host = host; diff --git a/src/eu/tneitzel/rmg/operations/ActivationClient.java b/src/eu/tneitzel/rmg/operations/ActivationClient.java index 38f5f19..4e2fdaa 100644 --- a/src/eu/tneitzel/rmg/operations/ActivationClient.java +++ b/src/eu/tneitzel/rmg/operations/ActivationClient.java @@ -33,14 +33,18 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class ActivationClient { - +public class ActivationClient +{ private RMIEndpoint rmi; private static final long methodHash = -8767355154875805558L; private static final ObjID objID = new ObjID(ObjID.ACTIVATOR_ID); - + /** + * Create a new ActivationClient. + * + * @param rmiEndpoint associated RMIEndpoint + */ public ActivationClient(RMIEndpoint rmiEndpoint) { this.rmi = rmiEndpoint; @@ -212,7 +216,7 @@ public void activateCall(MethodArguments callArguments, boolean maliciousStream) /** * This function is used for performing regular calls to the RMI Activator. It is used when the RMI server * returns an ActivatableRef that needs to be activated. Callers need to obtain the return value - * (MarshalledObject) by registering a ResponseHandler. + * (MarshalledObject<? extends Remote>) by registering a ResponseHandler. * * Notice that the ActivationID is passed as a generic Object argument. This is required, since * remote-method-guesser should stay compatible with Java distributions that already removed the diff --git a/src/eu/tneitzel/rmg/operations/DGCClient.java b/src/eu/tneitzel/rmg/operations/DGCClient.java index 11901c8..65e2d66 100644 --- a/src/eu/tneitzel/rmg/operations/DGCClient.java +++ b/src/eu/tneitzel/rmg/operations/DGCClient.java @@ -26,13 +26,18 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class DGCClient { - +public class DGCClient +{ private RMIEndpoint rmi; private static final long interfaceHash = -669196253586618813L; private static final ObjID objID = new ObjID(ObjID.DGC_ID); + /** + * Create a new DGCClient. + * + * @param rmiEndpoint associated RMIEndpoint. + */ public DGCClient(RMIEndpoint rmiEndpoint) { this.rmi = rmiEndpoint; diff --git a/src/eu/tneitzel/rmg/operations/Operation.java b/src/eu/tneitzel/rmg/operations/Operation.java index c5418bd..e72ee54 100644 --- a/src/eu/tneitzel/rmg/operations/Operation.java +++ b/src/eu/tneitzel/rmg/operations/Operation.java @@ -22,6 +22,7 @@ */ public enum Operation { + /** Binds an object to the registry that points to listener */ BIND("dispatchBind", "[object] ", "Binds an object to the registry that points to listener", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -49,6 +50,7 @@ public enum Operation { RMGOption.SOCKET_FACTORY_PLAIN, }), + /** Regularly calls a method with the specified arguments */ CALL("dispatchCall", "", "Regularly calls a method with the specified arguments", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -78,6 +80,7 @@ public enum Operation { RMGOption.GENERIC_PRINT, }), + /** Perform remote class loading attacks */ CODEBASE("dispatchCodebase", " ", "Perform remote class loading attacks", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -108,6 +111,7 @@ public enum Operation { RMGOption.SOCKET_FACTORY_PLAIN, }), + /** Enumerate common vulnerabilities on Java RMI endpoints */ ENUM("dispatchEnum", "[scan-action ...]", "Enumerate common vulnerabilities on Java RMI endpoints", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -136,6 +140,7 @@ public enum Operation { RMGOption.SOCKET_FACTORY_PLAIN, }), + /** Guess methods on bound names */ GUESS("dispatchGuess", "", "Guess methods on bound names", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -168,12 +173,14 @@ public enum Operation { RMGOption.SOCKET_FACTORY_PLAIN, }), + /** Display details of known remote objects */ KNOWN("dispatchKnown", "", "Display details of known remote objects", new RMGOption[] { RMGOption.GLOBAL_NO_COLOR, RMGOption.GLOBAL_STACK_TRACE, RMGOption.KNOWN_CLASS, }), + /** Open ysoserials JRMP listener */ LISTEN("dispatchListen", " ", "Open ysoserials JRMP listener", new RMGOption[] { RMGOption.GLOBAL_CONFIG, RMGOption.GLOBAL_NO_COLOR, @@ -187,6 +194,7 @@ public enum Operation { RMGOption.YSO, }), + /** Print information contained within an ObjID */ OBJID("dispatchObjID", "", "Print information contained within an ObjID", new RMGOption[] { RMGOption.GLOBAL_CONFIG, RMGOption.GLOBAL_NO_COLOR, @@ -195,6 +203,7 @@ public enum Operation { RMGOption.OBJID_OBJID, }), + /** Rebinds boundname as object that points to listener */ REBIND("dispatchRebind", "[object] ", "Rebinds boundname as object that points to listener", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -222,6 +231,7 @@ public enum Operation { RMGOption.SOCKET_FACTORY_PLAIN, }), + /** Creates a rogue JMX listener (collect credentials) */ ROGUEJMX("dispatchRogueJMX", "[forward-host]", "Creates a rogue JMX listener (collect credentials)", new RMGOption[] { RMGOption.GLOBAL_CONFIG, RMGOption.GLOBAL_NO_COLOR, @@ -238,6 +248,7 @@ public enum Operation { RMGOption.LISTEN_PORT }), + /** Perform an RMI service scan on common RMI ports */ SCAN("dispatchPortScan", "[ [] ...]", "Perform an RMI service scan on common RMI ports", new RMGOption[] { RMGOption.GLOBAL_CONFIG, RMGOption.GLOBAL_NO_COLOR, @@ -251,6 +262,7 @@ public enum Operation { RMGOption.NO_PROGRESS, }), + /** Perform deserialization attacks against default RMI components */ SERIAL("dispatchSerial", " ", "Perform deserialization attacks against default RMI components", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -282,6 +294,7 @@ public enum Operation { RMGOption.SOCKET_FACTORY_PLAIN, }), + /** Removes the specified bound name from the registry */ UNBIND("dispatchUnbind", "", "Removes the specified bound name from the registry", new RMGOption[] { RMGOption.TARGET_HOST, RMGOption.TARGET_PORT, @@ -330,16 +343,25 @@ public enum Operation { this.options = options; } + /** + * @return method + */ public Method getMethod() { return this.method; } + /** + * @return description + */ public String getDescription() { return this.description; } + /** + * @return arguments + */ public String getArgs() { return this.arguments; @@ -359,11 +381,21 @@ public void invoke(Dispatcher dispatcherObject) } } + /** + * Check whether an operation contains the specified option. + * + * @param option RMGOption to check for + * @return true if the option is contained within the operation. + */ public boolean containsOption(RMGOption option) { - for( RMGOption o : this.options ) - if( o == option ) + for (RMGOption o : this.options) + { + if (o == option) + { return true; + } + } return false; } @@ -388,10 +420,15 @@ public static Operation getByName(String name) return returnItem; } + /** + * Add a new subparser for each operation to the specified argumentParser. + * + * @param argumentParser parser to add the subparsers to. + */ public static void addSubparsers(Subparsers argumentParser) { - for( Operation operation : Operation.values() ) { - + for (Operation operation : Operation.values()) + { Subparser parser = argumentParser.addParser(operation.name().toLowerCase()).help(operation.description); RMGOption.addOptions(operation, parser); } diff --git a/src/eu/tneitzel/rmg/operations/RegistryClient.java b/src/eu/tneitzel/rmg/operations/RegistryClient.java index 27c6870..a7a8cb6 100644 --- a/src/eu/tneitzel/rmg/operations/RegistryClient.java +++ b/src/eu/tneitzel/rmg/operations/RegistryClient.java @@ -48,7 +48,11 @@ public class RegistryClient { private static final long interfaceHash = 4905912898345647071L; private static final ObjID objID = new ObjID(ObjID.REGISTRY_ID); - + /** + * Create a new RegistryClient. + * + * @param rmiEndpoint associated RMIEndpoint. + */ public RegistryClient(RMIEndpoint rmiEndpoint) { this.rmi = rmiEndpoint; diff --git a/src/eu/tneitzel/rmg/operations/RemoteObjectClient.java b/src/eu/tneitzel/rmg/operations/RemoteObjectClient.java index b749379..ba82098 100644 --- a/src/eu/tneitzel/rmg/operations/RemoteObjectClient.java +++ b/src/eu/tneitzel/rmg/operations/RemoteObjectClient.java @@ -42,7 +42,9 @@ public class RemoteObjectClient private String boundName; private String randomClassName; + /** underlying UnicastWrapper */ public UnicastWrapper remoteObject; + /** list of available remote methods*/ public List remoteMethods; /** @@ -106,6 +108,7 @@ public RemoteObjectClient(UnicastWrapper remoteObject) * constructed UnicastRef and implements the specified interface. * * @param intf Interface implemented by the RemoteObject + * @return newly created UnicastWrapper for the specified interface */ public UnicastWrapper assignInterface(Class intf) { @@ -341,8 +344,8 @@ else if (cause instanceof java.lang.UnsupportedOperationException) * Technically the same as the genericCall method, but does not perform any exception handling. * * @param targetMethod remote method to call - * @param argumentArray method arguments to use for the call - * @throws All possible encountered exceptions are passed to the caller + * @param args method arguments to use for the call + * @throws Exception all possible encountered exceptions are passed to the caller */ public void unmanagedCall(MethodCandidate targetMethod, MethodArguments args) throws Exception { diff --git a/src/eu/tneitzel/rmg/operations/ScanAction.java b/src/eu/tneitzel/rmg/operations/ScanAction.java index 414b621..53b2435 100644 --- a/src/eu/tneitzel/rmg/operations/ScanAction.java +++ b/src/eu/tneitzel/rmg/operations/ScanAction.java @@ -14,15 +14,23 @@ * * @author Tobias Neitzel (@qtc_de) */ -public enum ScanAction { - +public enum ScanAction +{ + /** list remote bound names */ LIST, + /** enumerate string marshaling */ STRING_MARSHALLING, + /** enumerate codebases and remote class loading */ CODEBASE, + /** check for the localhost bypass */ LOCALHOST_BYPASS, + /** enumerate security managers */ SECURITY_MANAGER, + /** check for JEP290 */ JEP290, + /** check for known deserialization filter bypasses */ FILTER_BYPASS, + /** check for activator instances */ ACTIVATOR; /** diff --git a/src/eu/tneitzel/rmg/plugin/IArgumentProvider.java b/src/eu/tneitzel/rmg/plugin/IArgumentProvider.java index 4af7690..73396e6 100644 --- a/src/eu/tneitzel/rmg/plugin/IArgumentProvider.java +++ b/src/eu/tneitzel/rmg/plugin/IArgumentProvider.java @@ -10,6 +10,14 @@ * * @author Tobias Neitzel (@qtc_de) */ -public interface IArgumentProvider { + +public interface IArgumentProvider +{ + /** + * Provide an argument array for remote method calls. + * + * @param argumentString the argument string specified on the command line + * @return argument array for a remote method call + */ Object[] getArgumentArray(String argumentString); } diff --git a/src/eu/tneitzel/rmg/plugin/IPayloadProvider.java b/src/eu/tneitzel/rmg/plugin/IPayloadProvider.java index 94ec081..dd8f2ec 100644 --- a/src/eu/tneitzel/rmg/plugin/IPayloadProvider.java +++ b/src/eu/tneitzel/rmg/plugin/IPayloadProvider.java @@ -13,6 +13,16 @@ * * @author Tobias Neitzel (@qtc_de) */ -public interface IPayloadProvider { + +public interface IPayloadProvider +{ + /** + * Provide a payload object for deserialization attacks. + * + * @param action the current RMG action that requested the gadget + * @param name the name of the gadget being requested + * @param args the arguments provided for the gadget + * @return a payload object to use for deserialization attacks + */ Object getPayloadObject(Operation action, String name, String args); } diff --git a/src/eu/tneitzel/rmg/plugin/IResponseHandler.java b/src/eu/tneitzel/rmg/plugin/IResponseHandler.java index 9235416..f51a1f5 100644 --- a/src/eu/tneitzel/rmg/plugin/IResponseHandler.java +++ b/src/eu/tneitzel/rmg/plugin/IResponseHandler.java @@ -9,6 +9,13 @@ * * @author Tobias Neitzel (@qtc_de) */ -public interface IResponseHandler { + +public interface IResponseHandler +{ + /** + * Handle the response of an RMI call. + * + * @param responseObject the object that was returned by the server. + */ void handleResponse(Object responseObject); } diff --git a/src/eu/tneitzel/rmg/plugin/ISocketFactoryProvider.java b/src/eu/tneitzel/rmg/plugin/ISocketFactoryProvider.java index 0a57ac9..5b5ae41 100644 --- a/src/eu/tneitzel/rmg/plugin/ISocketFactoryProvider.java +++ b/src/eu/tneitzel/rmg/plugin/ISocketFactoryProvider.java @@ -32,11 +32,34 @@ * * @author Tobias Neitzel (@qtc_de) */ -public interface ISocketFactoryProvider { - +public interface ISocketFactoryProvider +{ + /** + * Construct the client socket factory to use. This factory is used to create sockets + * for direct RMI communication (e.g. when connecting to the RMI registry). + * + * @param host remote host + * @param port remote port + * @return RMIClientSocketFactory to use + */ public RMIClientSocketFactory getClientSocketFactory(String host, int port); + /** + * Construct the RMI socket factory to use. This factory is used for implicit RMI + * connections, e.g. when calling a method on a previously obtained remote object. + * + * @param host remote host + * @param port remote port + * @return RMISocketFactory to use + */ public RMISocketFactory getDefaultSocketFactory(String host, int port); + /** + * Return the SSL socket factory class that should be used for implicit RMI connections. + * + * @param host remote host + * @param port remote port + * @return name of the SSL socket factory class to use for SSL connections. + */ public String getDefaultSSLSocketFactory(String host, int port); } diff --git a/src/eu/tneitzel/rmg/plugin/PluginSystem.java b/src/eu/tneitzel/rmg/plugin/PluginSystem.java index a40cf9e..af4c5f4 100644 --- a/src/eu/tneitzel/rmg/plugin/PluginSystem.java +++ b/src/eu/tneitzel/rmg/plugin/PluginSystem.java @@ -27,8 +27,8 @@ * * @author Tobias Neitzel (@qtc_de) */ -public class PluginSystem { - +public class PluginSystem +{ private static String manifestAttribute = "RmgPluginClass"; private static IPayloadProvider payloadProvider = null; @@ -196,6 +196,9 @@ public static Object[] getArgumentArray(String argumentString) * first lookup a bound name and use the obtained reference to make calls on the object, another factory is used * (check the getDefaultClientSocketFactory function for more details). * + * @param host + * @param port + * * @return RMIClientSocketFactory that is used for direct RMI calls */ public static RMIClientSocketFactory getClientSocketFactory(String host, int port) @@ -208,6 +211,9 @@ public static RMIClientSocketFactory getClientSocketFactory(String host, int por * factory returned by this function is used when you perform RMI actions on a remote object reference that was * obtained from the RMI registry and the RMI server did not assign a custom socket factory to the object. * + * @param host + * @param port + * * @return RMISocketFactory that is used for "after lookup" RMI calls */ public static RMISocketFactory getDefaultSocketFactory(String host, int port) @@ -222,6 +228,9 @@ public static RMISocketFactory getDefaultSocketFactory(String host, int port) * you want to use as your default SSLSocketFactory. Notice that the factory needs to be available on the class path * and it is not sufficient to define it within the plugin. * + * @param host + * @param port + * * @return String that indicates the desired SSLSocketFactories class name */ public static String getDefaultSSLSocketFactory(String host, int port) diff --git a/src/eu/tneitzel/rmg/utils/ActivatableWrapper.java b/src/eu/tneitzel/rmg/utils/ActivatableWrapper.java index 053024d..0fa7dde 100644 --- a/src/eu/tneitzel/rmg/utils/ActivatableWrapper.java +++ b/src/eu/tneitzel/rmg/utils/ActivatableWrapper.java @@ -26,7 +26,9 @@ @SuppressWarnings("restriction") public class ActivatableWrapper extends RemoteObjectWrapper { + /** activationUID */ public final UID activationUID; + private final Object activationIDObj; private final RMIEndpoint activatorEndpoint; private final UnicastRef activatorUnicastRef; @@ -55,7 +57,10 @@ public class ActivatableWrapper extends RemoteObjectWrapper * @param remoteObject Incoming RemoteObject, usually obtained by an RMI lookup call * @param boundName The bound name that the remoteObject uses inside the RMI registry * @param ref ActivatableRef to wrap around - * @throws many Exceptions - These only occur if some reflective access fails + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public ActivatableWrapper(Remote remoteObject, String boundName, RemoteRef ref) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { @@ -101,7 +106,10 @@ public ActivatableWrapper(Remote remoteObject, String boundName, RemoteRef ref) * to obtain a UnicastRef for the desired remote object. * * @return UnicastWrapper that contains the activated reference - * @throws Reflection related exceptions + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public UnicastWrapper activate() throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { @@ -183,14 +191,18 @@ public void handleResponse(Object responseObject) /** * This function should be called after the response was handled. It takes the activatedObject * and attempts to extract the remote out of it. This object is then returned. - * @return + * + * @return activated object */ public Remote getRemote() { - try { + try + { return activatedObject.get(); + } - } catch (ClassNotFoundException | IOException e) { + catch (ClassNotFoundException | IOException e) + { ExceptionHandler.unexpectedException(e, "activate", "call", true); } diff --git a/src/eu/tneitzel/rmg/utils/RMGUtils.java b/src/eu/tneitzel/rmg/utils/RMGUtils.java index 299743c..138311a 100644 --- a/src/eu/tneitzel/rmg/utils/RMGUtils.java +++ b/src/eu/tneitzel/rmg/utils/RMGUtils.java @@ -40,7 +40,6 @@ import javassist.CtPrimitiveType; import javassist.Modifier; import javassist.NotFoundException; -import javassist.tools.reflect.Reflection; import sun.rmi.server.UnicastRef; import sun.rmi.server.UnicastServerRef; import sun.rmi.transport.LiveRef; @@ -231,6 +230,9 @@ public static Class makeActivatableRef() throws CannotCompileException * * Check the CodebaseCollector class documentation for more information. * + * @param className name for the SocketFactoryClass + * @param serialVersionUID for the SocketFactoryClass + * * @return socket factory class that implements RMIClientSocketFactory * @throws CannotCompileException */ @@ -950,7 +952,8 @@ public static boolean dynamicallyCreated(String className) * * @param instance An Instance of Remote - Usually obtained by the RMI lookup method * @return underlying RemoteRef that is used by the Remote instance - * @throws Reflection Exceptions - If some reflective access fails + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails */ public static RemoteRef extractRef(Remote instance) throws IllegalArgumentException, IllegalAccessException { @@ -982,7 +985,8 @@ public static RemoteRef extractRef(Remote instance) throws IllegalArgumentExcept * * @param uref UnicastRef to extract the ObjID from * @return ObjID extracted from specified UnicastRef - * @throws Reflection Exceptions - If some reflective access fails + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails */ public static ObjID extractObjID(UnicastRef uref) throws IllegalArgumentException, IllegalAccessException { @@ -1005,7 +1009,8 @@ public static ObjID extractObjID(UnicastRef uref) throws IllegalArgumentExceptio * * @param remote Instance of Remote that contains an ref with assigned ObjID * @return ObjID extracted from specified instance of Remote - * @throws Reflection Exceptions - If some reflective access fails + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails */ public static ObjID extractObjID(Remote remote) throws IllegalArgumentException, IllegalAccessException { @@ -1156,7 +1161,11 @@ public static void printObjID(ObjID objID) * * @param pattern Serial filter pattern as usually used for ObjectInputFilter * @return Either sun.misc.ObjectInputFilter or java.io.ObjectInputFilter depending on the Java environment - * @throws Exceptions - related to reflective access + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchMethodException if reflective access fails + * @throws SecurityException if reflective access fails + * @throws InvocationTargetException if reflective access fails */ public static Object createObjectInputFilter(String pattern) throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException { @@ -1186,7 +1195,11 @@ public static Object createObjectInputFilter(String pattern) throws NoSuchMethod * * @param uref UnicastServerRef to inject the ObjectInputFilter on * @param filter ObjectInputFilter to inject - * @throws Exceptions - related to reflective access + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails + * @throws InvocationTargetException if reflective access fails */ public static void injectObjectInputFilter(UnicastServerRef uref, Object filter) throws SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchFieldException { @@ -1199,6 +1212,8 @@ public static void injectObjectInputFilter(UnicastServerRef uref, Object filter) /** * Returns the ObjID for the user specified RMI component, * + * @param component the well known RMI component to return the Object ID for + * * @return ObjID for the user specified RMI component. */ public static ObjID getObjIDByComponent(RMIComponent component) @@ -1282,6 +1297,8 @@ public static long getSerialVersionUID(InvalidClassException e) * * @param type the CtClass that should be converted back to a Class object * @return Class associated to the specified CtClass + * @throws ClassNotFoundException + * @throws NotFoundException */ public static Class ctClassToClass(CtClass type) throws ClassNotFoundException, NotFoundException { diff --git a/src/eu/tneitzel/rmg/utils/RemoteInvocationHolder.java b/src/eu/tneitzel/rmg/utils/RemoteInvocationHolder.java index 092a1c3..273a3dd 100644 --- a/src/eu/tneitzel/rmg/utils/RemoteInvocationHolder.java +++ b/src/eu/tneitzel/rmg/utils/RemoteInvocationHolder.java @@ -66,21 +66,33 @@ public int hashCode() return invo.toString().hashCode(); } + /** + * @return name of the method + */ public String getName() { return invo.getMethodName(); } + /** + * @return parameter types of the method + */ public Class[] getTypes() { return invo.getParameterTypes(); } + /** + * @return MethodCandidate associated with the method + */ public MethodCandidate getCandidate() { return candidate; } + /** + * @return RemoteInvocation associated with the method + */ public RemoteInvocation getInvo() { return invo; diff --git a/src/eu/tneitzel/rmg/utils/RemoteObjectWrapper.java b/src/eu/tneitzel/rmg/utils/RemoteObjectWrapper.java index e5f897f..95c4eca 100644 --- a/src/eu/tneitzel/rmg/utils/RemoteObjectWrapper.java +++ b/src/eu/tneitzel/rmg/utils/RemoteObjectWrapper.java @@ -6,7 +6,6 @@ import eu.tneitzel.rmg.endpoints.KnownEndpoint; import eu.tneitzel.rmg.endpoints.KnownEndpointHolder; import eu.tneitzel.rmg.internal.ExceptionHandler; -import javassist.tools.reflect.Reflection; import sun.rmi.server.UnicastRef; /** @@ -23,8 +22,11 @@ @SuppressWarnings("restriction") public abstract class RemoteObjectWrapper { + /** associated boundName */ public String boundName; + /** associated Remote */ public Remote remoteObject; + /** associated knownEndpoint */ public KnownEndpoint knownEndpoint; private String interfaceName; @@ -65,7 +67,10 @@ public RemoteObjectWrapper(String boundName, Remote remoteObject) * * @param remote remote to create the wrapper for * @return RemoteObjectWrapper for the specified remote - * @throws Reflection related exceptions + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public static RemoteObjectWrapper getInstance(Remote remote) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { @@ -80,7 +85,10 @@ public static RemoteObjectWrapper getInstance(Remote remote) throws IllegalArgum * @param remote remote to create the wrapper for * @param boundName bound name as specified in the RMI registry * @return RemoteObjectWrapper - Either a UnicastWrapper or a ActivatableWrapper depending on the Remote - * @throws Reflection related exceptions + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public static RemoteObjectWrapper getInstance(Remote remote, String boundName) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { diff --git a/src/eu/tneitzel/rmg/utils/RogueJMX.java b/src/eu/tneitzel/rmg/utils/RogueJMX.java index 7495afa..c603b49 100644 --- a/src/eu/tneitzel/rmg/utils/RogueJMX.java +++ b/src/eu/tneitzel/rmg/utils/RogueJMX.java @@ -43,6 +43,7 @@ public class RogueJMX implements RMIServer { * * @param address Address where the rogue JMX should be bound * @param port Port where the rogue JMX should listen + * @param objIDString the ObjID to use */ public RogueJMX(String address, int port, String objIDString) { diff --git a/src/eu/tneitzel/rmg/utils/Security.java b/src/eu/tneitzel/rmg/utils/Security.java index 39b8a65..a117978 100644 --- a/src/eu/tneitzel/rmg/utils/Security.java +++ b/src/eu/tneitzel/rmg/utils/Security.java @@ -19,8 +19,8 @@ * * @author Tobias Neitzel (@qtc_de) */ -public abstract class Security { - +public abstract class Security +{ private static Pattern boundName = Pattern.compile("[a-zA-Z0-9_-]+"); private static Pattern alphaNumeric = Pattern.compile("[a-zA-Z0-9_-]+"); private static Pattern jarFile = Pattern.compile("([a-zA-Z0-9])+\\.jar"); @@ -28,6 +28,12 @@ public abstract class Security { private static Pattern packageName = Pattern.compile("([a-zA-Z0-9_-]\\.?)+"); private static Pattern shellInjection = Pattern.compile(".*[ '\"#&;`|*?~<>^()\\[\\]{}$\\\\\n].*"); + /** + * Check the specified string for invalid characters. + * + * @param input the input string + * @throws UnexpectedCharacterException if invalid characters are found. + */ public static void checkBoundName(String input) throws UnexpectedCharacterException { if( RMGOption.GUESS_TRUSTED.getBool() ) @@ -38,6 +44,12 @@ public static void checkBoundName(String input) throws UnexpectedCharacterExcept throw new UnexpectedCharacterException("Bound name '" + input + "' contains invalid characters."); } + /** + * Check the specified string for invalid characters. + * + * @param input the input string + * @throws UnexpectedCharacterException if invalid characters are found. + */ public static void checkAlphaNumeric(String input) throws UnexpectedCharacterException { if( RMGOption.GUESS_TRUSTED.getBool() ) @@ -48,6 +60,12 @@ public static void checkAlphaNumeric(String input) throws UnexpectedCharacterExc throw new UnexpectedCharacterException("Input '" + input + "' contains non alphanumeric characters."); } + /** + * Check the specified string for invalid characters. + * + * @param input the input string + * @throws UnexpectedCharacterException if invalid characters are found. + */ public static void checkPackageName(String input) throws UnexpectedCharacterException { if( RMGOption.GUESS_TRUSTED.getBool() ) @@ -58,6 +76,12 @@ public static void checkPackageName(String input) throws UnexpectedCharacterExce throw new UnexpectedCharacterException("Package name '" + input + "' contains invalid characters."); } + /** + * Check the specified string for invalid characters. + * + * @param input the input string + * @throws UnexpectedCharacterException if invalid characters are found. + */ public static void checkJavaFile(String input) throws UnexpectedCharacterException { if( RMGOption.GUESS_TRUSTED.getBool() ) @@ -68,6 +92,12 @@ public static void checkJavaFile(String input) throws UnexpectedCharacterExcepti throw new UnexpectedCharacterException("Filename '" + input + "' contains invalid characters."); } + /** + * Check the specified string for invalid characters. + * + * @param input the input string + * @throws UnexpectedCharacterException if invalid characters are found. + */ public static void checkJarFile(String input) throws UnexpectedCharacterException { if( RMGOption.GUESS_TRUSTED.getBool() ) @@ -78,6 +108,12 @@ public static void checkJarFile(String input) throws UnexpectedCharacterExceptio throw new UnexpectedCharacterException("Jar name '" + input + "' contains invalid characters."); } + /** + * Check the specified string for invalid characters. + * + * @param input the input string + * @throws UnexpectedCharacterException if invalid characters are found. + */ public static void checkShellInjection(String input) throws UnexpectedCharacterException { if( RMGOption.GUESS_TRUSTED.getBool() ) diff --git a/src/eu/tneitzel/rmg/utils/SpringRemotingWrapper.java b/src/eu/tneitzel/rmg/utils/SpringRemotingWrapper.java index 79e60cf..beecf2d 100644 --- a/src/eu/tneitzel/rmg/utils/SpringRemotingWrapper.java +++ b/src/eu/tneitzel/rmg/utils/SpringRemotingWrapper.java @@ -28,8 +28,11 @@ @SuppressWarnings("restriction") public class SpringRemotingWrapper extends UnicastWrapper { + /** class name of the RmiInvocationHandler class */ public final static String invocationHandlerClass = "org.springframework.remoting.rmi.RmiInvocationHandler"; + /** method signature of the getTargetInterfaceName method */ public final static String methodGetStr = "java.lang.String getTargetInterfaceName()"; + /** method signature of the invoke method */ public final static String methodInvokeStr = "java.lang.Object invoke(org.springframework.remoting.support.RemoteInvocation invo)"; private static MethodCandidate methodGet; @@ -45,6 +48,10 @@ public class SpringRemotingWrapper extends UnicastWrapper * @param remoteObject the spring remoting remoteObject obtained from the registry * @param boundName the boundName that is associated with the remoteObject * @param ref a UnicastRef that can be used to call methods on the remoteObject + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public SpringRemotingWrapper(Remote remoteObject, String boundName, UnicastRef ref) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { @@ -115,6 +122,8 @@ public static MethodCandidate getInvokeMethod() * Determines whether the method to call is a known spring remoting method, that needs to be processed by the * remoting wrapper itself, or whether it is an RMI method implemented by the underlying object. * + * @param targetMethod the method to check + * * @return true if the method needs to be dispatched using spring remoting */ public boolean isRemotingCall(MethodCandidate targetMethod) diff --git a/src/eu/tneitzel/rmg/utils/UnicastWrapper.java b/src/eu/tneitzel/rmg/utils/UnicastWrapper.java index ec8e8cc..d8ed51d 100644 --- a/src/eu/tneitzel/rmg/utils/UnicastWrapper.java +++ b/src/eu/tneitzel/rmg/utils/UnicastWrapper.java @@ -23,13 +23,19 @@ @SuppressWarnings("restriction") public class UnicastWrapper extends RemoteObjectWrapper { + /** associated ObjID */ public final ObjID objID; + /** associated TCPEndpoint */ public final TCPEndpoint endpoint; + /** associated UnicastRef */ public final UnicastRef unicastRef; + /** associated RMIClientSocketFactory */ public final RMIClientSocketFactory csf; + /** associated RMIServerSocketFactory */ public final RMIServerSocketFactory ssf; + /** list of bound names implementing the same interface */ public List duplicates; /** @@ -42,7 +48,10 @@ public class UnicastWrapper extends RemoteObjectWrapper * @param remoteObject Incoming RemoteObject, usually obtained by an RMI lookup call * @param boundName The bound name that the remoteObject uses inside the RMI registry * @param ref UnicastRef to build the wrapper around - * @throws many Exceptions - These only occur if some reflective access fails + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public UnicastWrapper(Remote remoteObject, String boundName, UnicastRef ref) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { @@ -141,9 +150,13 @@ public String[] getDuplicateBoundNames() * the specified interface and uses a RemoteObjectInvocationHandler to forward method invocations to * the specified RemoteRef. * - * @param remoteRef RemoteRef to the targeted RemoteObject + * @param unicastRef UnicastRef to the targeted RemoteObject * @param intf Interface that is implemented by the RemoteObject - * @throws many Exceptions... + * @return UnicastWrapper created from the specified UnicastRef + * @throws IllegalArgumentException if reflective access fails + * @throws IllegalAccessException if reflective access fails + * @throws NoSuchFieldException if reflective access fails + * @throws SecurityException if reflective access fails */ public static UnicastWrapper fromRef(UnicastRef unicastRef, Class intf) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { diff --git a/src/eu/tneitzel/rmg/utils/YsoIntegration.java b/src/eu/tneitzel/rmg/utils/YsoIntegration.java index 9a16c81..d4591d7 100644 --- a/src/eu/tneitzel/rmg/utils/YsoIntegration.java +++ b/src/eu/tneitzel/rmg/utils/YsoIntegration.java @@ -231,7 +231,7 @@ public static Object getPayloadObject(String gadget, String command) } - /* + /** * The bypass technique implemented by this code was discovered by An Trinh (@_tint0) and a detailed analysis was * provided by Hans-Martin Münch (@h0ng10). Certain portions of the code were copied from the corresponding blog post: * https://mogwailabs.de/de/blog/2020/02/an-trinhs-rmi-registry-bypass/ @@ -246,7 +246,8 @@ public static Object getPayloadObject(String gadget, String command) * * @param host listener address for the outgoing JRMP connection * @param port listener port for the outgoing JRMP connection - * @param regMethod registry Method to use for the call + * @return payload object + * @throws Exception */ public static Object prepareAnTrinhGadget(String host, int port) throws Exception { From 7eebea22fd8151a1003c9464fcb96150b6c5d801 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 09:13:31 +0100 Subject: [PATCH 03/19] Ignore missing JavaDoc --- pom.xml | 3 +++ src/eu/tneitzel/rmg/utils/RMGUtils.java | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index ed5f97b..71ae01d 100644 --- a/pom.xml +++ b/pom.xml @@ -169,6 +169,9 @@ org.apache.maven.plugins maven-javadoc-plugin 3.6.3 + + all,-missing + attach-javadocs diff --git a/src/eu/tneitzel/rmg/utils/RMGUtils.java b/src/eu/tneitzel/rmg/utils/RMGUtils.java index 138311a..963f61d 100644 --- a/src/eu/tneitzel/rmg/utils/RMGUtils.java +++ b/src/eu/tneitzel/rmg/utils/RMGUtils.java @@ -1290,13 +1290,13 @@ public static long getSerialVersionUID(InvalidClassException e) } /** - * Convert a CtClass back to an ordinary Class object. This method is intended to be called + * Convert a CtClass back to an ordinary Class object. This method is intended to be called * for classes that are known to already exist within the JVM. No compilation is triggered but - * the Class object is simply obtained by Class.forName (including handling for all the edge + * the Class object is simply obtained by Class.forName (including handling for all the edge * cases). * - * @param type the CtClass that should be converted back to a Class object - * @return Class associated to the specified CtClass + * @param type the CtClass that should be converted back to a Class object + * @return Class associated to the specified CtClass * @throws ClassNotFoundException * @throws NotFoundException */ From bced7e21f0f20d688452d6c74528012317355e82 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 09:35:05 +0100 Subject: [PATCH 04/19] Update actions --- ...-example-server.yml => example-server.yml} | 22 +++++---- .github/workflows/feat.yml | 34 -------------- .github/workflows/master-example-server.yml | 34 -------------- .github/workflows/master.yml | 46 ------------------- .github/workflows/{develop.yml => rmg.yml} | 23 +++++----- ...ster-ssrf-server.yml => spring-server.yml} | 25 +++++----- ...evelop-ssrf-server.yml => ssrf-server.yml} | 23 ++++++---- README.md | 21 +++++---- 8 files changed, 63 insertions(+), 165 deletions(-) rename .github/workflows/{develop-example-server.yml => example-server.yml} (62%) delete mode 100644 .github/workflows/feat.yml delete mode 100644 .github/workflows/master-example-server.yml delete mode 100644 .github/workflows/master.yml rename .github/workflows/{develop.yml => rmg.yml} (63%) rename .github/workflows/{master-ssrf-server.yml => spring-server.yml} (50%) rename .github/workflows/{develop-ssrf-server.yml => ssrf-server.yml} (62%) diff --git a/.github/workflows/develop-example-server.yml b/.github/workflows/example-server.yml similarity index 62% rename from .github/workflows/develop-example-server.yml rename to .github/workflows/example-server.yml index ed6c010..759e3f9 100644 --- a/.github/workflows/develop-example-server.yml +++ b/.github/workflows/example-server.yml @@ -1,16 +1,13 @@ -name: example server - develop +name: example server on: push: - branches: - - develop - paths: - - 'docker/example-server/**' pull_request: branches: + - master - develop paths: - - 'docker/example-server/**' + - 'docker/example-server/resources/server/**' jobs: build: @@ -18,17 +15,22 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: ${{ github.event.repository.name }} + uses: actions/checkout@v4 + - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: - java-version: 1.8 + distribution: 'temurin' + java-version: 8 + - name: Cache local Maven repository - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- + - name: Build with Maven run: cd docker/example-server/resources/server && mvn -B package --file pom.xml diff --git a/.github/workflows/feat.yml b/.github/workflows/feat.yml deleted file mode 100644 index f75c4c8..0000000 --- a/.github/workflows/feat.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: develop maven CI - -on: - push: - branches: - - 'feat/**' - paths: - - 'src/**' - - 'pom.xml' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - - uses: actions/checkout@v2 - - - name: Set up JDK 1.8 - uses: actions/setup-java@v1 - with: - java-version: 1.8 - - - name: Cache local Maven repository - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - - name: Build with Maven - run: mvn -B package --file pom.xml diff --git a/.github/workflows/master-example-server.yml b/.github/workflows/master-example-server.yml deleted file mode 100644 index 9a8bd4f..0000000 --- a/.github/workflows/master-example-server.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: example server - master - -on: - push: - branches: - - master - paths: - - 'docker/example-server/**' - pull_request: - branches: - - master - paths: - - 'docker/example-server/**' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Set up JDK 1.8 - uses: actions/setup-java@v1 - with: - java-version: 1.8 - - name: Cache local Maven repository - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Build with Maven - run: cd docker/example-server/resources/server && mvn -B package --file pom.xml diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml deleted file mode 100644 index 1a56f83..0000000 --- a/.github/workflows/master.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: master maven CI - -on: - push: - branches: - - master - paths: - - 'src/**' - - 'pom.xml' - pull_request: - branches: - - master - paths: - - 'src/**' - - 'pom.xml' - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - - uses: actions/checkout@v2 - - - name: Set up JDK 1.8 - uses: actions/setup-java@v1 - with: - java-version: 1.8 - - - name: Cache local Maven repository - uses: actions/cache@v2 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - - name: Build with Maven - run: mvn -B package --file pom.xml - - - name: Archive generated JAR file - uses: actions/upload-artifact@v2 - with: - name: rmg-master-artifact - path: target/rmg-* diff --git a/.github/workflows/develop.yml b/.github/workflows/rmg.yml similarity index 63% rename from .github/workflows/develop.yml rename to .github/workflows/rmg.yml index 2b15aa6..ed5d8ba 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/rmg.yml @@ -1,15 +1,12 @@ -name: develop maven CI +name: maven CI on: push: - branches: - - develop - paths: - - 'src/**' - - 'pom.xml' pull_request: branches: + - master - develop + - 'feat/**' paths: - 'src/**' - 'pom.xml' @@ -21,15 +18,17 @@ jobs: steps: - - uses: actions/checkout@v2 + - name: ${{ github.event.repository.name }} + uses: actions/checkout@v4 - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: - java-version: 1.8 + distribution: 'temurin' + java-version: 8 - name: Cache local Maven repository - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} @@ -40,7 +39,7 @@ jobs: run: mvn -B package --file pom.xml - name: Archive generated JAR file - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: - name: rmg-develop-artifact + name: rmg-compiled-jar path: target/rmg-* diff --git a/.github/workflows/master-ssrf-server.yml b/.github/workflows/spring-server.yml similarity index 50% rename from .github/workflows/master-ssrf-server.yml rename to .github/workflows/spring-server.yml index 5518d5e..2813b8e 100644 --- a/.github/workflows/master-ssrf-server.yml +++ b/.github/workflows/spring-server.yml @@ -1,16 +1,13 @@ -name: ssrf server - master +name: spring server on: push: - branches: - - master - paths: - - 'docker/ssrf-server/**' pull_request: branches: - master + - develop paths: - - 'docker/ssrf-server/**' + - 'docker/spring-remoting/resources/server/**' jobs: build: @@ -18,17 +15,23 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + steps: + - name: ${{ github.event.repository.name }} + uses: actions/checkout@v4 + - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: - java-version: 1.8 + distribution: 'temurin' + java-version: 8 + - name: Cache local Maven repository - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- + - name: Build with Maven - run: cd docker/ssrf-server/resources/server && mvn -B package --file pom.xml + run: cd docker/spring-remoting/resources/server/ && mvn -B package --file pom.xml diff --git a/.github/workflows/develop-ssrf-server.yml b/.github/workflows/ssrf-server.yml similarity index 62% rename from .github/workflows/develop-ssrf-server.yml rename to .github/workflows/ssrf-server.yml index 9093e0b..8221e15 100644 --- a/.github/workflows/develop-ssrf-server.yml +++ b/.github/workflows/ssrf-server.yml @@ -1,16 +1,13 @@ -name: ssrf server - develop +name: ssrf server on: push: - branches: - - develop - paths: - - 'docker/ssrf-server/**' pull_request: branches: + - master - develop paths: - - 'docker/ssrf-server/**' + - 'docker/ssrf-server/resources/server/**' jobs: build: @@ -18,17 +15,23 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + steps: + - name: ${{ github.event.repository.name }} + uses: actions/checkout@v4 + - name: Set up JDK 1.8 - uses: actions/setup-java@v1 + uses: actions/setup-java@v4 with: - java-version: 1.8 + distribution: 'temurin' + java-version: 8 + - name: Cache local Maven repository - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- + - name: Build with Maven run: cd docker/ssrf-server/resources/server && mvn -B package --file pom.xml diff --git a/README.md b/README.md index 487d357..ee14ee4 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ --- -[![](https://github.com/qtc-de/remote-method-guesser/workflows/master%20maven%20CI/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/master.yml) -[![](https://github.com/qtc-de/remote-method-guesser/workflows/develop%20maven%20CI/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/develop.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/rmg.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/rmg.yml) [![](https://img.shields.io/badge/version-4.4.1-blue)](https://github.com/qtc-de/remote-method-guesser/releases) [![](https://img.shields.io/badge/build%20system-maven-blue)](https://maven.apache.org/) ![](https://img.shields.io/badge/java-8%2b-blue) @@ -22,19 +22,24 @@ within the *Arsenal* sessions. The recording of the session and the correspondin * Slides: [https://www.slideshare.net/TobiasNeitzel/remotemethodguesser-bhusa2021-arsenal](https://www.slideshare.net/TobiasNeitzel/remotemethodguesser-bhusa2021-arsenal) * Recording: [https://youtu.be/t_aw1mDNhzI](https://youtu.be/t_aw1mDNhzI) -[![](https://github.com/qtc-de/remote-method-guesser/workflows/example%20server%20-%20master/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/master-example-server.yml) -[![](https://github.com/qtc-de/remote-method-guesser/workflows/example%20server%20-%20develop/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/develop-example-server.yml) -[![](https://github.com/qtc-de/remote-method-guesser/workflows/ssrf%20server%20-%20master/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/master-ssrf-server.yml) -[![](https://github.com/qtc-de/remote-method-guesser/workflows/ssrf%20server%20-%20develop/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/develop-ssrf-server.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/example%20server/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/example-server.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/example%20server/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/example-server.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/ssrf%20server/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/ssrf-server.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/ssrf%20server/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/ssrf-server.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/spring%20server/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/spring-server.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/spring%20server/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/spring-server.yml) -The *remote-method-guesser* repository contains two example servers that can be used to practice *Java RMI* enumeration and attacks. +The *remote-method-guesser* repository contains three example servers that can be used to practice *Java RMI* enumeration and attacks. The [rmg-example-server](/docker/example-server) exposes regular *RMI* services that can be enumerated and exploited using *remote-method-guesser*. The [rmg-ssrf-server](/docker/ssrf-server) exposes an *HTTP* service that is vulnerable to *SSRF* attacks and runs *RMI* services that are only listening on localhost. This can be used to practice with *remote-method-guesser's* ``--ssrf`` and ``--ssrf-response`` options. -Both servers are available as containers within the *GitHub Container Registry*: +The [spring-remoting-server](/docker/spring-remoting) exposes RMI interfaces created via *Spring Remoting*. These are a little bit different from +regular Java RMI and can be used to test the associated Spring Remoting integration of remote-method-guesser. +All servers are available as containers within the *GitHub Container Registry*: * [SSRF Server GitHub Package](https://github.com/qtc-de/remote-method-guesser/pkgs/container/remote-method-guesser%2Frmg-ssrf-server) * [Example Server GitHub Package](https://github.com/qtc-de/remote-method-guesser/pkgs/container/remote-method-guesser%2Frmg-example-server) +* [Spring Remoting Server GitHub Package](https://github.com/qtc-de/remote-method-guesser/pkgs/container/remote-method-guesser%2Fspring-remoting-server) ### Table of Contents From 296df47a41dbfb037f70cde5eb2349c22b63a1a0 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 09:36:51 +0100 Subject: [PATCH 05/19] Fix typos in workflow files --- .github/workflows/spring-server.yml | 1 - .github/workflows/ssrf-server.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/spring-server.yml b/.github/workflows/spring-server.yml index 2813b8e..487a35e 100644 --- a/.github/workflows/spring-server.yml +++ b/.github/workflows/spring-server.yml @@ -14,7 +14,6 @@ jobs: runs-on: ubuntu-latest - steps: steps: - name: ${{ github.event.repository.name }} uses: actions/checkout@v4 diff --git a/.github/workflows/ssrf-server.yml b/.github/workflows/ssrf-server.yml index 8221e15..7549958 100644 --- a/.github/workflows/ssrf-server.yml +++ b/.github/workflows/ssrf-server.yml @@ -14,7 +14,6 @@ jobs: runs-on: ubuntu-latest - steps: steps: - name: ${{ github.event.repository.name }} uses: actions/checkout@v4 From 6cc788d8ffb629b9cac98cc0315c62a11d4c3c61 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 09:42:37 +0100 Subject: [PATCH 06/19] Update workflow --- .github/workflows/{rmg.yml => maven-ci.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{rmg.yml => maven-ci.yml} (96%) diff --git a/.github/workflows/rmg.yml b/.github/workflows/maven-ci.yml similarity index 96% rename from .github/workflows/rmg.yml rename to .github/workflows/maven-ci.yml index ed5d8ba..cbacf29 100644 --- a/.github/workflows/rmg.yml +++ b/.github/workflows/maven-ci.yml @@ -41,5 +41,5 @@ jobs: - name: Archive generated JAR file uses: actions/upload-artifact@v4 with: - name: rmg-compiled-jar + name: rmg-compiled-jars path: target/rmg-* From 9e4e341ff08c89de231a0705f8f721c4595ca828 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 09:45:09 +0100 Subject: [PATCH 07/19] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ee14ee4..83c6346 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ --- -[![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/rmg.yml) -[![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/rmg.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/maven-ci.yml) +[![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/maven-ci.yml) [![](https://img.shields.io/badge/version-4.4.1-blue)](https://github.com/qtc-de/remote-method-guesser/releases) [![](https://img.shields.io/badge/build%20system-maven-blue)](https://maven.apache.org/) ![](https://img.shields.io/badge/java-8%2b-blue) From 795ce8f6a949fab54b0c3f8a9d2ba57985617526 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 20:51:02 +0100 Subject: [PATCH 08/19] Move javadoc configuration --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 71ae01d..0b17c1e 100644 --- a/pom.xml +++ b/pom.xml @@ -169,15 +169,15 @@ org.apache.maven.plugins maven-javadoc-plugin 3.6.3 - - all,-missing - attach-javadocs jar + + all,-missing + From 1c1759a941ef769ba77fbac7a8a405bd6a4e3ac3 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 21:03:55 +0100 Subject: [PATCH 09/19] Improve CI config --- .github/workflows/example-server.yml | 17 +++++++++-------- .github/workflows/maven-ci.yml | 19 +++++++++++-------- .github/workflows/spring-server.yml | 17 +++++++++-------- .github/workflows/ssrf-server.yml | 17 +++++++++-------- 4 files changed, 38 insertions(+), 32 deletions(-) diff --git a/.github/workflows/example-server.yml b/.github/workflows/example-server.yml index 759e3f9..dfcfba8 100644 --- a/.github/workflows/example-server.yml +++ b/.github/workflows/example-server.yml @@ -1,7 +1,14 @@ name: example server on: + push: + branches: + - master + - develop + paths: + - 'docker/example-server/resources/server/**' + pull_request: branches: - master @@ -23,14 +30,8 @@ jobs: with: distribution: 'temurin' java-version: 8 - - - name: Cache local Maven repository - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + cache: maven + cache-dependency-path: docker/example-server/resources/server/pom.xml - name: Build with Maven run: cd docker/example-server/resources/server && mvn -B package --file pom.xml diff --git a/.github/workflows/maven-ci.yml b/.github/workflows/maven-ci.yml index cbacf29..9a6ab3e 100644 --- a/.github/workflows/maven-ci.yml +++ b/.github/workflows/maven-ci.yml @@ -1,7 +1,16 @@ name: maven CI on: + push: + branches: + - master + - develop + - 'feat/**' + paths: + - 'src/**' + - 'pom.xml' + pull_request: branches: - master @@ -26,14 +35,8 @@ jobs: with: distribution: 'temurin' java-version: 8 - - - name: Cache local Maven repository - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + cache: maven + cache-dependency-path: pom.xml - name: Build with Maven run: mvn -B package --file pom.xml diff --git a/.github/workflows/spring-server.yml b/.github/workflows/spring-server.yml index 487a35e..7acca04 100644 --- a/.github/workflows/spring-server.yml +++ b/.github/workflows/spring-server.yml @@ -1,7 +1,14 @@ name: spring server on: + push: + branches: + - master + - develop + paths: + - 'docker/spring-remoting/resources/server/**' + pull_request: branches: - master @@ -23,14 +30,8 @@ jobs: with: distribution: 'temurin' java-version: 8 - - - name: Cache local Maven repository - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + cache: maven + cache-dependency-path: docker/spring-remoting/resources/server/pom.xml - name: Build with Maven run: cd docker/spring-remoting/resources/server/ && mvn -B package --file pom.xml diff --git a/.github/workflows/ssrf-server.yml b/.github/workflows/ssrf-server.yml index 7549958..8c72df3 100644 --- a/.github/workflows/ssrf-server.yml +++ b/.github/workflows/ssrf-server.yml @@ -1,7 +1,14 @@ name: ssrf server on: + push: + branches: + - master + - develop + paths: + - 'docker/ssrf-server/resources/server/**' + pull_request: branches: - master @@ -23,14 +30,8 @@ jobs: with: distribution: 'temurin' java-version: 8 - - - name: Cache local Maven repository - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + cache: maven + cache-dependency-path: docker/ssrf-server/resources/server/pom.xml - name: Build with Maven run: cd docker/ssrf-server/resources/server && mvn -B package --file pom.xml From feb31ab0870ddc8bf59822f31db401d0438129dd Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 21:09:26 +0100 Subject: [PATCH 10/19] Update README.md regarding the GenericPrint plugin --- README.md | 9 ++++----- src/eu/tneitzel/rmg/internal/RMGOption.java | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 83c6346..65a2c2f 100644 --- a/README.md +++ b/README.md @@ -195,13 +195,12 @@ Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ... ``` Notice that calling remote methods does not create any output by default. To process outputs generated by the ``call`` action, you need -to use *remote-method-guesser's* plugin system and register a ``ResponseHandler``. The [plugin folder](./plugins) of this repository contains -a *GenericPrint* plugin that is suitable for most situations. To learn more about *remote-method-guesser's* plugin system, please refer to the -[detailed documentation folder](./docs/rmg/plugin-system.md). +to use *remote-method-guesser's* [plugin system](./docs/rmg/plugin-system.md) and register a ``ResponseHandler`` or use the default +`GenericPrint` plugin. `GenericPrint` is inlcuded into *remote-method-guesser* by default and can be activated by using the `--generic-print` +option. ```console -[qtc@devbox remote-method-guesser]$ bash plugins/build.sh target/rmg-4.0.0-jar-with-dependencies.jar plugins/GenericPrint.java GenericPrint.jar -[qtc@devbox remote-method-guesser]$ rmg call 172.17.0.2 9010 '"id"' --signature 'String execute(String cmd)' --bound-name plain-server --plugin GenericPrint.jar +[qtc@devbox remote-method-guesser]$ rmg call 172.17.0.2 9010 '"id"' --signature 'String execute(String cmd)' --bound-name plain-server --generic-print [+] uid=0(root) gid=0(root) groups=0(root) ``` diff --git a/src/eu/tneitzel/rmg/internal/RMGOption.java b/src/eu/tneitzel/rmg/internal/RMGOption.java index 076bc23..7d19ba3 100644 --- a/src/eu/tneitzel/rmg/internal/RMGOption.java +++ b/src/eu/tneitzel/rmg/internal/RMGOption.java @@ -181,7 +181,7 @@ public enum RMGOption /** enforce method calls to be dispatched via spring remoting */ SPRING_REMOTING("--spring-remoting", "enforce method calls to be dispatched via spring remoting", Arguments.storeTrue(), RMGOptionGroup.CONNECTION), /** attempt to output the return value using GenericPrint */ - GENERIC_PRINT("--return-value", "attempt to output the return value using GenericPrint", Arguments.storeTrue(), RMGOptionGroup.ACTION); + GENERIC_PRINT("--generic-print", "attempt to output the return value using GenericPrint", Arguments.storeTrue(), RMGOptionGroup.ACTION); /** the name of the option */ public final String name; From 9b18a9e44de6d85e3c2a3b0cf713c2b969df91e5 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 21:22:09 +0100 Subject: [PATCH 11/19] Change pipeline to java 11 --- .github/workflows/maven-ci.yml | 2 +- pom.xml | 6 +- .../rmg/internal/ExceptionHandler.java | 234 ++++++------- src/eu/tneitzel/rmg/io/Logger.java | 312 +++++++++--------- 4 files changed, 277 insertions(+), 277 deletions(-) diff --git a/.github/workflows/maven-ci.yml b/.github/workflows/maven-ci.yml index 9a6ab3e..0a6b96e 100644 --- a/.github/workflows/maven-ci.yml +++ b/.github/workflows/maven-ci.yml @@ -34,7 +34,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: 8 + java-version: 11 cache: maven cache-dependency-path: pom.xml diff --git a/pom.xml b/pom.xml index 0b17c1e..71ae01d 100644 --- a/pom.xml +++ b/pom.xml @@ -169,15 +169,15 @@ org.apache.maven.plugins maven-javadoc-plugin 3.6.3 + + all,-missing + attach-javadocs jar - - all,-missing - diff --git a/src/eu/tneitzel/rmg/internal/ExceptionHandler.java b/src/eu/tneitzel/rmg/internal/ExceptionHandler.java index 550c7db..963196d 100644 --- a/src/eu/tneitzel/rmg/internal/ExceptionHandler.java +++ b/src/eu/tneitzel/rmg/internal/ExceptionHandler.java @@ -28,8 +28,8 @@ private static void sslOption() } /** - * @param functionName - * @param message + * @param functionName description in progress + * @param message description in progress */ public static void internalError(String functionName, String message) { @@ -39,9 +39,9 @@ public static void internalError(String functionName, String message) } /** - * @param e - * @param functionName - * @param exit + * @param e description in progress + * @param functionName description in progress + * @param exit description in progress */ public static void internalException(Exception e, String functionName, boolean exit) { @@ -54,10 +54,10 @@ public static void internalException(Exception e, String functionName, boolean e } /** - * @param e - * @param during1 - * @param during2 - * @param exit + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress + * @param exit description in progress */ public static void unexpectedException(Exception e, String during1, String during2, boolean exit) { @@ -71,8 +71,8 @@ public static void unexpectedException(Exception e, String during1, String durin } /** - * @param e - * @param exit + * @param e description in progress + * @param exit description in progress */ public static void unknownCodebaseException(Throwable e, boolean exit) { @@ -85,8 +85,8 @@ public static void unknownCodebaseException(Throwable e, boolean exit) } /** - * @param e - * @param boundName + * @param e description in progress + * @param boundName description in progress */ public static void alreadyBoundException(Exception e, String boundName) { @@ -97,9 +97,9 @@ public static void alreadyBoundException(Exception e, String boundName) } /** - * @param e - * @param callName - * @param bypass + * @param e description in progress + * @param callName description in progress + * @param bypass description in progress */ public static void nonLocalhost(Exception e, String callName, boolean bypass) { @@ -114,7 +114,7 @@ public static void nonLocalhost(Exception e, String callName, boolean bypass) } /** - * @param e + * @param e description in progress */ public static void jep290(Exception e) { @@ -124,7 +124,7 @@ public static void jep290(Exception e) } /** - * @param e + * @param e description in progress */ public static void deserializeClassNotFound(Exception e) { @@ -136,10 +136,10 @@ public static void deserializeClassNotFound(Exception e) } /** - * @param e - * @param during1 - * @param during2 - * @param className + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress + * @param className description in progress */ public static void deserializeClassNotFoundRandom(Exception e, String during1, String during2, String className) { @@ -150,8 +150,8 @@ public static void deserializeClassNotFoundRandom(Exception e, String during1, S } /** - * @param e - * @param wasString + * @param e description in progress + * @param wasString description in progress */ public static void deserializeClassCast(Exception e, boolean wasString) { @@ -165,8 +165,8 @@ public static void deserializeClassCast(Exception e, boolean wasString) } /** - * @param e - * @param className + * @param e description in progress + * @param className description in progress */ public static void codebaseClassNotFound(Exception e, String className) { @@ -179,7 +179,7 @@ public static void codebaseClassNotFound(Exception e, String className) } /** - * @param e + * @param e description in progress */ public static void codebaseSecurityManager(Exception e) { @@ -189,9 +189,9 @@ public static void codebaseSecurityManager(Exception e) } /** - * @param e - * @param className - * @param payloadName + * @param e description in progress + * @param className description in progress + * @param payloadName description in progress */ public static void codebaseClassNotFoundRandom(Exception e, String className, String payloadName) { @@ -206,8 +206,8 @@ public static void codebaseClassNotFoundRandom(Exception e, String className, St } /** - * @param e - * @param wasString + * @param e description in progress + * @param wasString description in progress */ public static void codebaseClassCast(Exception e, boolean wasString) { @@ -221,7 +221,7 @@ public static void codebaseClassCast(Exception e, boolean wasString) } /** - * @param e + * @param e description in progress */ public static void codebaseClassFormat(Exception e) { @@ -232,9 +232,9 @@ public static void codebaseClassFormat(Exception e) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void connectionRefused(Exception e, String during1, String during2) { @@ -246,9 +246,9 @@ public static void connectionRefused(Exception e, String during1, String during2 } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void noRouteToHost(Exception e, String during1, String during2) { @@ -259,9 +259,9 @@ public static void noRouteToHost(Exception e, String during1, String during2) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void noJRMPServer(Exception e, String during1, String during2) { @@ -276,9 +276,9 @@ public static void noJRMPServer(Exception e, String during1, String during2) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void sslError(Exception e, String during1, String during2) { @@ -290,8 +290,8 @@ public static void sslError(Exception e, String during1, String during2) } /** - * @param e - * @param endpoint + * @param e description in progress + * @param endpoint description in progress */ public static void invalidClass(Exception e, String endpoint) { @@ -299,9 +299,9 @@ public static void invalidClass(Exception e, String endpoint) } /** - * @param e - * @param endpoint - * @param trace + * @param e description in progress + * @param endpoint description in progress + * @param trace description in progress */ public static void invalidClass(Exception e, String endpoint, boolean trace) { @@ -313,9 +313,9 @@ public static void invalidClass(Exception e, String endpoint, boolean trace) } /** - * @param e - * @param operation - * @param className + * @param e description in progress + * @param operation description in progress + * @param className description in progress */ public static void invalidClassBind(Exception e, String operation, String className) { @@ -330,8 +330,8 @@ public static void invalidClassBind(Exception e, String operation, String classN } /** - * @param e - * @param callName + * @param e description in progress + * @param callName description in progress */ public static void invalidClassEnum(Exception e, String callName) { @@ -343,8 +343,8 @@ public static void invalidClassEnum(Exception e, String callName) } /** - * @param e - * @param callName + * @param e description in progress + * @param callName description in progress */ public static void unsupportedOperationException(Exception e, String callName) { @@ -357,8 +357,8 @@ public static void unsupportedOperationException(Exception e, String callName) } /** - * @param e - * @param callName + * @param e description in progress + * @param callName description in progress */ public static void unsupportedOperationExceptionEnum(Exception e, String callName) { @@ -369,9 +369,9 @@ public static void unsupportedOperationExceptionEnum(Exception e, String callNam } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void accessControl(Exception e, String during1, String during2) { @@ -381,8 +381,8 @@ public static void accessControl(Exception e, String during1, String during2) } /** - * @param e - * @param during1 + * @param e description in progress + * @param during1 description in progress */ public static void singleEntryRegistry(Exception e, String during1) { @@ -393,9 +393,9 @@ public static void singleEntryRegistry(Exception e, String during1) } /** - * @param e - * @param object - * @param exit + * @param e description in progress + * @param object description in progress + * @param exit description in progress */ public static void noSuchObjectException(Exception e, String object, boolean exit) { @@ -408,9 +408,9 @@ public static void noSuchObjectException(Exception e, String object, boolean exi } /** - * @param e - * @param objID - * @param exit + * @param e description in progress + * @param objID description in progress + * @param exit description in progress */ public static void noSuchObjectException(Exception e, ObjID objID, boolean exit) { @@ -442,9 +442,9 @@ public static void noSuchObjectExceptionRegistryEnum() } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void eofException(Exception e, String during1, String during2) { @@ -458,7 +458,7 @@ public static void eofException(Exception e, String during1, String during2) } /** - * @param gadget + * @param gadget description in progress */ public static void invalidListenerFormat(boolean gadget) { @@ -470,7 +470,7 @@ public static void invalidListenerFormat(boolean gadget) } /** - * @param format + * @param format description in progress */ public static void invalidHostFormat(String format) { @@ -480,7 +480,7 @@ public static void invalidHostFormat(String format) } /** - * @param signature + * @param signature description in progress */ public static void invalidSignature(String signature) { @@ -490,7 +490,7 @@ public static void invalidSignature(String signature) } /** - * @param e + * @param e description in progress */ public static void unknownDeserializationException(Exception e) { @@ -503,9 +503,9 @@ public static void unknownDeserializationException(Exception e) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void unsupportedClassVersion(Exception e, String during1, String during2) { @@ -515,7 +515,7 @@ public static void unsupportedClassVersion(Exception e, String during1, String d } /** - * @param e + * @param e description in progress */ public static void illegalArgument(Exception e) { @@ -525,7 +525,7 @@ public static void illegalArgument(Exception e) } /** - * @param e + * @param e description in progress */ public static void illegalArgumentCodebase(Exception e) { @@ -535,10 +535,10 @@ public static void illegalArgumentCodebase(Exception e) } /** - * @param e - * @param during1 - * @param during2 - * @param exit + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress + * @param exit description in progress */ public static void cannotCompile(Exception e, String during1, String during2, boolean exit) { @@ -550,9 +550,9 @@ public static void cannotCompile(Exception e, String during1, String during2, bo } /** - * @param e - * @param host - * @param exit + * @param e description in progress + * @param host description in progress + * @param exit description in progress */ public static void unknownHost(Exception e, String host, boolean exit) { @@ -565,9 +565,9 @@ public static void unknownHost(Exception e, String host, boolean exit) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void networkUnreachable(Exception e, String during1, String during2) { @@ -578,7 +578,7 @@ public static void networkUnreachable(Exception e, String during1, String during } /** - * @param e + * @param e description in progress */ public static void bindException(Exception e) { @@ -593,7 +593,7 @@ public static void bindException(Exception e) } /** - * @param location + * @param location description in progress */ public static void ysoNotPresent(String location) { @@ -613,7 +613,7 @@ public static void missingSignature() } /** - * @param action + * @param action description in progress */ public static void missingTarget(String action) { @@ -624,7 +624,7 @@ public static void missingTarget(String action) } /** - * @param objID + * @param objID description in progress */ public static void invalidObjectId(String objID) { @@ -635,8 +635,8 @@ public static void invalidObjectId(String objID) } /** - * @param expected - * @param is + * @param expected description in progress + * @param is description in progress */ public static void wrongArgumentCount(int expected, int is) { @@ -646,9 +646,9 @@ public static void wrongArgumentCount(int expected, int is) } /** - * @param e - * @param action - * @param signature + * @param e description in progress + * @param action description in progress + * @param signature description in progress */ public static void unrecognizedMethodHash(Exception e, String action, String signature) { @@ -669,8 +669,8 @@ public static void localhostBypassNoException() } /** - * @param e - * @param name + * @param e description in progress + * @param name description in progress */ public static void lookupClassNotFoundException(Exception e, String name) { @@ -685,8 +685,8 @@ public static void lookupClassNotFoundException(Exception e, String name) } /** - * @param e - * @param boundName + * @param e description in progress + * @param boundName description in progress */ public static void notBoundException(Exception e, String boundName) { @@ -698,9 +698,9 @@ public static void notBoundException(Exception e, String boundName) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void timeoutException(Exception e, String during1, String during2) { @@ -711,9 +711,9 @@ public static void timeoutException(Exception e, String during1, String during2) } /** - * @param e - * @param during1 - * @param during2 + * @param e description in progress + * @param during1 description in progress + * @param during2 description in progress */ public static void connectionReset(Exception e, String during1, String during2) { @@ -727,7 +727,7 @@ public static void connectionReset(Exception e, String during1, String during2) } /** - * @param e + * @param e description in progress */ public static void genericCall(Exception e) { @@ -737,8 +737,8 @@ public static void genericCall(Exception e) } /** - * @param e - * @param callName + * @param e description in progress + * @param callName description in progress */ public static void connectException(Exception e, String callName) { @@ -774,8 +774,8 @@ else if (message.contains("Network is unreachable")) } /** - * @param e - * @param callName + * @param e description in progress + * @param callName description in progress */ public static void connectIOException(Exception e, String callName) { @@ -808,7 +808,7 @@ public static void connectIOException(Exception e, String callName) } /** - * @param e + * @param e description in progress */ public static void invalidClassException(Exception e) { diff --git a/src/eu/tneitzel/rmg/io/Logger.java b/src/eu/tneitzel/rmg/io/Logger.java index bf67c72..36f6fee 100644 --- a/src/eu/tneitzel/rmg/io/Logger.java +++ b/src/eu/tneitzel/rmg/io/Logger.java @@ -193,7 +193,7 @@ public static void lineBreak() } /** - * @param msg + * @param msg the message to log */ public static void print(String msg) { @@ -201,7 +201,7 @@ public static void print(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printPlain(String msg) { @@ -209,7 +209,7 @@ public static void printPlain(String msg) } /** - * @param msg + * @param msg the message to log */ public static void println(String msg) { @@ -217,7 +217,7 @@ public static void println(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printlnPlain(String msg) { @@ -225,7 +225,7 @@ public static void printlnPlain(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprint(String msg) { @@ -233,7 +233,7 @@ public static void eprint(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprintln(String msg) { @@ -241,7 +241,7 @@ public static void eprintln(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprintlnPlain(String msg) { @@ -249,7 +249,7 @@ public static void eprintlnPlain(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printlnBlue(String msg) { @@ -257,7 +257,7 @@ public static void printlnBlue(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprintlnBlue(String msg) { @@ -265,7 +265,7 @@ public static void eprintlnBlue(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printlnYellow(String msg) { @@ -273,7 +273,7 @@ public static void printlnYellow(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprintlnYellow(String msg) { @@ -281,7 +281,7 @@ public static void eprintlnYellow(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printlnPlainBlue(String msg) { @@ -289,7 +289,7 @@ public static void printlnPlainBlue(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printPlainBlue(String msg) { @@ -297,7 +297,7 @@ public static void printPlainBlue(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printPlainGreen(String msg) { @@ -305,7 +305,7 @@ public static void printPlainGreen(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printlnPlainGreen(String msg) { @@ -313,7 +313,7 @@ public static void printlnPlainGreen(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprintlnPlainBlue(String msg) { @@ -321,7 +321,7 @@ public static void eprintlnPlainBlue(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printlnPlainYellow(String msg) { @@ -329,7 +329,7 @@ public static void printlnPlainYellow(String msg) } /** - * @param msg + * @param msg the message to log */ public static void printPlainYellow(String msg) { @@ -337,7 +337,7 @@ public static void printPlainYellow(String msg) } /** - * @param msg + * @param msg the message to log */ public static void eprintlnPlainYellow(String msg) { @@ -345,8 +345,8 @@ public static void eprintlnPlainYellow(String msg) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedRed(String first, String second) { @@ -354,8 +354,8 @@ public static void printlnMixedRed(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedRed(String first, String second) { @@ -363,8 +363,8 @@ public static void printlnPlainMixedRed(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printPlainMixedRed(String first, String second) { @@ -372,8 +372,8 @@ public static void printPlainMixedRed(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedGreen(String first, String second) { @@ -381,8 +381,8 @@ public static void printlnMixedGreen(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedGreen(String first, String second) { @@ -390,8 +390,8 @@ public static void printlnPlainMixedGreen(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printPlainMixedGreen(String first, String second) { @@ -399,8 +399,8 @@ public static void printPlainMixedGreen(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedPurple(String first, String second) { @@ -408,8 +408,8 @@ public static void printlnMixedPurple(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedPurple(String first, String second) { @@ -417,8 +417,8 @@ public static void printlnPlainMixedPurple(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printPlainMixedPurple(String first, String second) { @@ -426,8 +426,8 @@ public static void printPlainMixedPurple(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedBlue(String first, String second) { @@ -435,9 +435,9 @@ public static void printlnMixedBlue(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnMixedBlue(String first, String second, String third) { @@ -445,8 +445,8 @@ public static void printlnMixedBlue(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedYellow(String first, String second) { @@ -454,9 +454,9 @@ public static void printlnMixedYellow(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnMixedYellow(String first, String second, String third) { @@ -464,8 +464,8 @@ public static void printlnMixedYellow(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedYellow(String first, String second) { @@ -473,9 +473,9 @@ public static void printlnPlainMixedYellow(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnPlainMixedYellow(String first, String second, String third) { @@ -483,24 +483,24 @@ public static void printlnPlainMixedYellow(String first, String second, String t } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printPlainMixedYellowFirst(String first, String second) { log(yellow(first) + " " + second, false); } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintPlainMixedYellowFirst(String first, String second) { elog(yellow(first) + " " + second, false); } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedYellowFirst(String first, String second) { @@ -508,9 +508,9 @@ public static void printlnPlainMixedYellowFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnPlainMixedYellowFirst(String first, String second, String third) { @@ -518,8 +518,8 @@ public static void printlnPlainMixedYellowFirst(String first, String second, Str } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedBlue(String first, String second) { @@ -527,8 +527,8 @@ public static void printlnPlainMixedBlue(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintlnPlainMixedBlue(String first, String second) { @@ -536,9 +536,9 @@ public static void eprintlnPlainMixedBlue(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnPlainMixedBlue(String first, String second, String third) { @@ -546,9 +546,9 @@ public static void printlnPlainMixedBlue(String first, String second, String thi } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintlnPlainMixedBlue(String first, String second, String third) { @@ -557,8 +557,8 @@ public static void eprintlnPlainMixedBlue(String first, String second, String th /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printPlainMixedBlue(String first, String second) { @@ -566,9 +566,9 @@ public static void printPlainMixedBlue(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printPlainMixedBlueFirst(String first, String second, String third) { @@ -576,8 +576,8 @@ public static void printPlainMixedBlueFirst(String first, String second, String } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintlnMixedBlue(String first, String second) { @@ -585,9 +585,9 @@ public static void eprintlnMixedBlue(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintlnMixedBlue(String first, String second, String third) { @@ -595,8 +595,8 @@ public static void eprintlnMixedBlue(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintlnMixedYellow(String first, String second) { @@ -604,9 +604,9 @@ public static void eprintlnMixedYellow(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintlnMixedYellow(String first, String second, String third) { @@ -614,8 +614,8 @@ public static void eprintlnMixedYellow(String first, String second, String third } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedBlueFirst(String first, String second) { @@ -623,9 +623,9 @@ public static void printlnMixedBlueFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnMixedBlueFirst(String first, String second, String third) { @@ -633,8 +633,8 @@ public static void printlnMixedBlueFirst(String first, String second, String thi } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnPlainMixedBlueFirst(String first, String second) { @@ -642,8 +642,8 @@ public static void printlnPlainMixedBlueFirst(String first, String second) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintlnPlainMixedBlueFirst(String first, String second) { @@ -651,9 +651,9 @@ public static void eprintlnPlainMixedBlueFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintlnPlainMixedBlueFirst(String first, String second, String third) { @@ -661,9 +661,9 @@ public static void eprintlnPlainMixedBlueFirst(String first, String second, Stri } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnPlainMixedBlueFirst(String first, String second, String third) { @@ -671,8 +671,8 @@ public static void printlnPlainMixedBlueFirst(String first, String second, Strin } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printlnMixedYellowFirst(String first, String second) { @@ -680,9 +680,9 @@ public static void printlnMixedYellowFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printlnMixedYellowFirst(String first, String second, String third) { @@ -690,8 +690,8 @@ public static void printlnMixedYellowFirst(String first, String second, String t } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintlnMixedBlueFirst(String first, String second) { @@ -699,9 +699,9 @@ public static void eprintlnMixedBlueFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintlnMixedBlueFirst(String first, String second, String third) { @@ -709,8 +709,8 @@ public static void eprintlnMixedBlueFirst(String first, String second, String th } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintlnMixedYellowFirst(String first, String second) { @@ -718,9 +718,9 @@ public static void eprintlnMixedYellowFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintlnMixedYellowFirst(String first, String second, String third) { @@ -728,8 +728,8 @@ public static void eprintlnMixedYellowFirst(String first, String second, String } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printMixedBlue(String first, String second) { @@ -737,9 +737,9 @@ public static void printMixedBlue(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printMixedBlue(String first, String second, String third) { @@ -747,8 +747,8 @@ public static void printMixedBlue(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printMixedYellow(String first, String second) { @@ -756,9 +756,9 @@ public static void printMixedYellow(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printMixedYellow(String first, String second, String third) { @@ -766,8 +766,8 @@ public static void printMixedYellow(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintMixedBlue(String first, String second) { @@ -775,9 +775,9 @@ public static void eprintMixedBlue(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintMixedBlue(String first, String second, String third) { @@ -785,8 +785,8 @@ public static void eprintMixedBlue(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintMixedYellow(String first, String second) { @@ -794,9 +794,9 @@ public static void eprintMixedYellow(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintMixedYellow(String first, String second, String third) { @@ -804,8 +804,8 @@ public static void eprintMixedYellow(String first, String second, String third) } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printMixedBlueFirst(String first, String second) { @@ -813,9 +813,9 @@ public static void printMixedBlueFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printMixedBlueFirst(String first, String second, String third) { @@ -823,8 +823,8 @@ public static void printMixedBlueFirst(String first, String second, String third } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void printMixedYellowFirst(String first, String second) { @@ -832,9 +832,9 @@ public static void printMixedYellowFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void printMixedYellowFirst(String first, String second, String third) { @@ -842,8 +842,8 @@ public static void printMixedYellowFirst(String first, String second, String thi } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintMixedBlueFirst(String first, String second) { @@ -851,9 +851,9 @@ public static void eprintMixedBlueFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintMixedBlueFirst(String first, String second, String third) { @@ -861,8 +861,8 @@ public static void eprintMixedBlueFirst(String first, String second, String thir } /** - * @param first - * @param second + * @param first the first part of the message to log + * @param second the second part of the message to log */ public static void eprintMixedYellowFirst(String first, String second) { @@ -870,9 +870,9 @@ public static void eprintMixedYellowFirst(String first, String second) } /** - * @param first - * @param second - * @param third + * @param first the first part of the message to log + * @param second the second part of the message to log + * @param third the third part of the message to log */ public static void eprintMixedYellowFirst(String first, String second, String third) { From 38222a64c4a29dafc54e7c37116e6f51cde1392b Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 21:39:58 +0100 Subject: [PATCH 12/19] Fix remaining JavaDoc --- pom.xml | 3 - .../rmg/internal/MethodArguments.java | 10 ++-- .../rmg/internal/MethodCandidate.java | 4 +- src/eu/tneitzel/rmg/internal/Pair.java | 4 +- src/eu/tneitzel/rmg/io/Logger.java | 10 ++-- .../tneitzel/rmg/io/RawObjectInputStream.java | 2 +- .../rmg/io/RawObjectOutputStream.java | 2 +- src/eu/tneitzel/rmg/io/SampleWriter.java | 10 ++-- src/eu/tneitzel/rmg/io/WordlistHandler.java | 2 +- .../tneitzel/rmg/networking/RMIEndpoint.java | 57 +++++++++++-------- .../rmg/networking/RMIRegistryEndpoint.java | 2 +- src/eu/tneitzel/rmg/plugin/PluginSystem.java | 12 ++-- src/eu/tneitzel/rmg/utils/RMGUtils.java | 14 ++--- src/eu/tneitzel/rmg/utils/RogueJMX.java | 2 +- src/eu/tneitzel/rmg/utils/YsoIntegration.java | 2 +- 15 files changed, 71 insertions(+), 65 deletions(-) diff --git a/pom.xml b/pom.xml index 71ae01d..ed5f97b 100644 --- a/pom.xml +++ b/pom.xml @@ -169,9 +169,6 @@ org.apache.maven.plugins maven-javadoc-plugin 3.6.3 - - all,-missing - attach-javadocs diff --git a/src/eu/tneitzel/rmg/internal/MethodArguments.java b/src/eu/tneitzel/rmg/internal/MethodArguments.java index 124444a..a25c95d 100644 --- a/src/eu/tneitzel/rmg/internal/MethodArguments.java +++ b/src/eu/tneitzel/rmg/internal/MethodArguments.java @@ -37,7 +37,7 @@ public class MethodArguments implements Iterable>, Iterator

[] methodArguments; /** - * @param capacity + * @param capacity number of method arguments the object can hold */ @SuppressWarnings("unchecked") public MethodArguments(int capacity) @@ -47,8 +47,8 @@ public MethodArguments(int capacity) } /** - * @param argumentObject - * @param argumentClass + * @param argumentObject the actual argument object + * @param argumentClass the class the argument object should be marshaled as */ @SuppressWarnings("unchecked") public MethodArguments(Object argumentObject, Class argumentClass) @@ -78,8 +78,8 @@ public Pair next() } /** - * @param argumentObject - * @param argumentClass + * @param argumentObject the actual argument object + * @param argumentClass the class the argument object should be marshaled as */ public void add(Object argumentObject, Class argumentClass) { diff --git a/src/eu/tneitzel/rmg/internal/MethodCandidate.java b/src/eu/tneitzel/rmg/internal/MethodCandidate.java index 57e4755..4cc2dbb 100644 --- a/src/eu/tneitzel/rmg/internal/MethodCandidate.java +++ b/src/eu/tneitzel/rmg/internal/MethodCandidate.java @@ -78,7 +78,7 @@ public MethodCandidate(String signature, String hash, String primitiveSize, Stri * during method guessing. * * @param method CtMethod object - * @throws NotFoundException + * @throws NotFoundException indicates an internal error */ public MethodCandidate(CtMethod method) throws NotFoundException { @@ -180,7 +180,7 @@ private static long computeMethodHash(String methodSignature) * * @param oo ObjectOutputStream to write the confused argument to * - * @throws IOException + * @throws IOException indicates an error in the RMI communication */ @SuppressWarnings("restriction") public void sendArguments(ObjectOutputStream oo) throws IOException diff --git a/src/eu/tneitzel/rmg/internal/Pair.java b/src/eu/tneitzel/rmg/internal/Pair.java index 550b27e..ffc6822 100644 --- a/src/eu/tneitzel/rmg/internal/Pair.java +++ b/src/eu/tneitzel/rmg/internal/Pair.java @@ -15,8 +15,8 @@ public class Pair { private V right; /** - * @param left - * @param right + * @param left left value + * @param right right value */ public Pair(K left, V right) { diff --git a/src/eu/tneitzel/rmg/io/Logger.java b/src/eu/tneitzel/rmg/io/Logger.java index 36f6fee..1552cad 100644 --- a/src/eu/tneitzel/rmg/io/Logger.java +++ b/src/eu/tneitzel/rmg/io/Logger.java @@ -931,7 +931,7 @@ public static void statusNonDefault() } /** - * @param statusType + * @param statusType the thing that was checked (e.g. vulnerability, configuration, ...) */ public static void statusUndecided(String statusType) { @@ -979,9 +979,9 @@ public static void disableColor() } /** - * @param endpointName - * @param callName - * @param className + * @param endpointName remote endpoint that is attacked + * @param callName the name or signature of the call that was used + * @param className the class name used for the codebase attack */ public static void printCodebaseAttackIntro(String endpointName, String callName, String className) { @@ -994,7 +994,7 @@ public static void printCodebaseAttackIntro(String endpointName, String callName } /** - * @param endpointName + * @param endpointName remote endpoint that is attacked */ public static void printGadgetCallIntro(String endpointName) { diff --git a/src/eu/tneitzel/rmg/io/RawObjectInputStream.java b/src/eu/tneitzel/rmg/io/RawObjectInputStream.java index 1089a6c..9280b83 100644 --- a/src/eu/tneitzel/rmg/io/RawObjectInputStream.java +++ b/src/eu/tneitzel/rmg/io/RawObjectInputStream.java @@ -52,7 +52,7 @@ public RawObjectInputStream(ObjectInputStream in) * Skip the next n bytes of input on the stream. * * @param n amount of bytes to skip - * @throws IOException + * @throws IOException internal error */ public void skip(int n) throws IOException { diff --git a/src/eu/tneitzel/rmg/io/RawObjectOutputStream.java b/src/eu/tneitzel/rmg/io/RawObjectOutputStream.java index 987f641..863601e 100644 --- a/src/eu/tneitzel/rmg/io/RawObjectOutputStream.java +++ b/src/eu/tneitzel/rmg/io/RawObjectOutputStream.java @@ -52,7 +52,7 @@ public RawObjectOutputStream(ObjectOutputStream out) * Write raw byte to the underlying output stream. * * @param content byte to write - * @throws IOException + * @throws IOException internal error */ public void writeRaw(byte content) throws IOException { diff --git a/src/eu/tneitzel/rmg/io/SampleWriter.java b/src/eu/tneitzel/rmg/io/SampleWriter.java index 97176fa..6329b2d 100644 --- a/src/eu/tneitzel/rmg/io/SampleWriter.java +++ b/src/eu/tneitzel/rmg/io/SampleWriter.java @@ -127,11 +127,11 @@ public String loadTemplateFile(String templateName) throws IOException /** * Wrapper around writeSamples with additional subfolder argument. * - * @param sampleFolder - * @param sampleName - * @param sampleContent - * @throws UnexpectedCharacterException - * @throws IOException + * @param sampleFolder sub folder within the sample folder to write the files in. + * @param sampleName name of the sample file + * @param sampleContent content of the sample file + * @throws UnexpectedCharacterException is thrown if the filenames are violating the security settings + * @throws IOException is thrown if an IO operation fails */ public void writeSample(String sampleFolder, String sampleName, String sampleContent) throws UnexpectedCharacterException, IOException { diff --git a/src/eu/tneitzel/rmg/io/WordlistHandler.java b/src/eu/tneitzel/rmg/io/WordlistHandler.java index 45fd5f7..2e11dd2 100644 --- a/src/eu/tneitzel/rmg/io/WordlistHandler.java +++ b/src/eu/tneitzel/rmg/io/WordlistHandler.java @@ -99,7 +99,7 @@ public Set getWordlistMethods() throws IOException * is currently a pain and the available wordlist names are hardcoded into this class. * * @return HashSet of method candidates parsed from the wordlist file - * @throws IOException + * @throws IOException if some file access fails */ public static HashSet getWordlistMethodsFromStream() throws IOException { diff --git a/src/eu/tneitzel/rmg/networking/RMIEndpoint.java b/src/eu/tneitzel/rmg/networking/RMIEndpoint.java index 634cb5b..c491ce7 100644 --- a/src/eu/tneitzel/rmg/networking/RMIEndpoint.java +++ b/src/eu/tneitzel/rmg/networking/RMIEndpoint.java @@ -90,13 +90,15 @@ public UnicastRef getRemoteRef(ObjID objID) /** * Wrapper around the genericCall function specified below. * - * @param objID - * @param callID - * @param methodHash - * @param callArguments - * @param locationStream - * @param callName - * @throws Exception + * @param objID identifies the RemoteObject you want to communicate with. Registry = 0, Activator = 1, DGC = 2 or + * custom one... + * @param callID callID that is used for legacy calls. Basically specifies the position of the method to call in legacy + * RMI calls. For current calling convention, it should be negative + * @param methodHash hash value of the method to call or interface hash for legacy calls + * @param callArguments map of arguments for the call. Each argument must also ship a class it desires to be serialized to + * @param locationStream if true, uses the MaliciousOutputStream class to write custom annotation objects + * @param callName the name of the call that is currently executed + * @throws Exception connection related exceptions are caught, but anything what can go wrong on the server side is thrown */ public void genericCall(ObjID objID, int callID, long methodHash, MethodArguments callArguments, boolean locationStream, String callName) throws Exception { @@ -106,14 +108,17 @@ public void genericCall(ObjID objID, int callID, long methodHash, MethodArgument /** * Wrapper around the genericCall function specified below. * - * @param objID - * @param callID - * @param methodHash - * @param callArguments - * @param locationStream - * @param callName - * @param ref - * @throws Exception + * @param objID identifies the RemoteObject you want to communicate with. Registry = 0, Activator = 1, DGC = 2 or + * custom one... + * @param callID callID that is used for legacy calls. Basically specifies the position of the method to call in legacy + * RMI calls. For current calling convention, it should be negative + * @param methodHash hash value of the method to call or interface hash for legacy calls + * @param callArguments map of arguments for the call. Each argument must also ship a class it desires to be serialized to + * @param locationStream if true, uses the MaliciousOutputStream class to write custom annotation objects + * @param callName the name of the call that is currently executed + * @param ref optional remote reference to use for the call. If null, the specified ObjID and the host and port + * of this class are used + * @throws Exception connection related exceptions are caught, but anything what can go wrong on the server side is thrown */ public void genericCall(ObjID objID, int callID, long methodHash, MethodArguments callArguments, boolean locationStream, String callName, RemoteRef ref) throws Exception { @@ -126,15 +131,19 @@ public void genericCall(ObjID objID, int callID, long methodHash, MethodArgument * this is usually not desired, as connection related exceptions should normally be handled in a unified way. Calling * genericCall is therefore the preferred solution to perform low level RMI calls. * - * @param objID - * @param callID - * @param methodHash - * @param callArguments - * @param locationStream - * @param callName - * @param remoteRef - * @param rtype - * @throws Exception + * @param objID identifies the RemoteObject you want to communicate with. Registry = 0, Activator = 1, DGC = 2 or + * custom one... + * @param callID callID that is used for legacy calls. Basically specifies the position of the method to call in legacy + * RMI calls. For current calling convention, it should be negative + * @param methodHash hash value of the method to call or interface hash for legacy calls + * @param callArguments map of arguments for the call. Each argument must also ship a class it desires to be serialized to + * @param locationStream if true, uses the MaliciousOutputStream class to write custom annotation objects + * @param callName the name of the call that is currently executed + * @param remoteRef optional remote reference to use for the call. If null, the specified ObjID and the host and port + * of this class are used + * @param rtype return type of the remote method. If specified, the servers response is forwarded to the ResponseHandler + * plugin (if registered to the plugin system) + * @throws Exception connection related exceptions are caught, but anything what can go wrong on the server side is thrown */ public void genericCall(ObjID objID, int callID, long methodHash, MethodArguments callArguments, boolean locationStream, String callName, RemoteRef remoteRef, CtClass rtype) throws Exception { diff --git a/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java b/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java index 30a7e9b..2b59cad 100644 --- a/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java +++ b/src/eu/tneitzel/rmg/networking/RMIRegistryEndpoint.java @@ -98,7 +98,7 @@ public RMIRegistryEndpoint(RMIEndpoint rmi) * function of the RMI registry, but has error handling implemented. * * @return String array of available bound names. - * @throws java.rmi.NoSuchObjectException + * @throws java.rmi.NoSuchObjectException if the remote endpoint is not an RMI registry */ public String[] getBoundNames() throws java.rmi.NoSuchObjectException { diff --git a/src/eu/tneitzel/rmg/plugin/PluginSystem.java b/src/eu/tneitzel/rmg/plugin/PluginSystem.java index af4c5f4..138672a 100644 --- a/src/eu/tneitzel/rmg/plugin/PluginSystem.java +++ b/src/eu/tneitzel/rmg/plugin/PluginSystem.java @@ -196,8 +196,8 @@ public static Object[] getArgumentArray(String argumentString) * first lookup a bound name and use the obtained reference to make calls on the object, another factory is used * (check the getDefaultClientSocketFactory function for more details). * - * @param host - * @param port + * @param host remote host + * @param port remote port * * @return RMIClientSocketFactory that is used for direct RMI calls */ @@ -211,8 +211,8 @@ public static RMIClientSocketFactory getClientSocketFactory(String host, int por * factory returned by this function is used when you perform RMI actions on a remote object reference that was * obtained from the RMI registry and the RMI server did not assign a custom socket factory to the object. * - * @param host - * @param port + * @param host remote host + * @param port remote port * * @return RMISocketFactory that is used for "after lookup" RMI calls */ @@ -228,8 +228,8 @@ public static RMISocketFactory getDefaultSocketFactory(String host, int port) * you want to use as your default SSLSocketFactory. Notice that the factory needs to be available on the class path * and it is not sufficient to define it within the plugin. * - * @param host - * @param port + * @param host remote host + * @param port remote port * * @return String that indicates the desired SSLSocketFactories class name */ diff --git a/src/eu/tneitzel/rmg/utils/RMGUtils.java b/src/eu/tneitzel/rmg/utils/RMGUtils.java index 963f61d..3207a45 100644 --- a/src/eu/tneitzel/rmg/utils/RMGUtils.java +++ b/src/eu/tneitzel/rmg/utils/RMGUtils.java @@ -201,7 +201,7 @@ public static Class makeSerializableClass(String className, long serialVersionUI * JVM and creates it otherwise. * * @return Class object for ActivatableRef - * @throws CannotCompileException + * @throws CannotCompileException internal error */ public static Class makeActivatableRef() throws CannotCompileException { @@ -234,7 +234,7 @@ public static Class makeActivatableRef() throws CannotCompileException * @param serialVersionUID for the SocketFactoryClass * * @return socket factory class that implements RMIClientSocketFactory - * @throws CannotCompileException + * @throws CannotCompileException internal error */ public static Class makeSocketFactory(String className, long serialVersionUID) throws CannotCompileException { @@ -459,7 +459,7 @@ public static Object getArgument(CtClass type) * * @param method CtMethod to create the argument array for * @return argument array that can be used to invoke the method - * @throws NotFoundException + * @throws NotFoundException internal error */ public static Object[] getArgumentArray(CtMethod method) throws NotFoundException { @@ -704,7 +704,7 @@ public static String getSimpleSignature(CtMethod method) * @param method CtMethod that is going to be invoked * @param parameterArray array of arguments to use for the call * @return MethodArguments - basically a list of Object value -> Type pairs - * @throws NotFoundException + * @throws NotFoundException internal error */ public static MethodArguments applyParameterTypes(CtMethod method, Object[] parameterArray) throws NotFoundException { @@ -821,7 +821,7 @@ public static boolean isAssignableFrom(CtClass thisCtClass, String targetClassNa * Divide a Set into n separate Sets, where n is the number specified within the count argument. * Basically copied from: https://stackoverflow.com/questions/16449644/how-can-i-take-a-java-set-of-size-x-and-break-into-x-y-sets * - * @param + * @param inner type of the set * @param original Set that should be divided * @param count Number of Sets to divide into * @return List of n separate sets, where n is equal to count @@ -1297,8 +1297,8 @@ public static long getSerialVersionUID(InvalidClassException e) * * @param type the CtClass that should be converted back to a Class object * @return Class associated to the specified CtClass - * @throws ClassNotFoundException - * @throws NotFoundException + * @throws ClassNotFoundException internal error + * @throws NotFoundException internal error */ public static Class ctClassToClass(CtClass type) throws ClassNotFoundException, NotFoundException { diff --git a/src/eu/tneitzel/rmg/utils/RogueJMX.java b/src/eu/tneitzel/rmg/utils/RogueJMX.java index c603b49..02a5269 100644 --- a/src/eu/tneitzel/rmg/utils/RogueJMX.java +++ b/src/eu/tneitzel/rmg/utils/RogueJMX.java @@ -71,7 +71,7 @@ public RogueJMX(String address, int port, String objIDString) * injecting the serialization filter. * * @return Remote bound RogueJMX server - * @throws RemoteException + * @throws RemoteException internal error */ public Remote export() throws RemoteException { diff --git a/src/eu/tneitzel/rmg/utils/YsoIntegration.java b/src/eu/tneitzel/rmg/utils/YsoIntegration.java index d4591d7..825567d 100644 --- a/src/eu/tneitzel/rmg/utils/YsoIntegration.java +++ b/src/eu/tneitzel/rmg/utils/YsoIntegration.java @@ -247,7 +247,7 @@ public static Object getPayloadObject(String gadget, String command) * @param host listener address for the outgoing JRMP connection * @param port listener port for the outgoing JRMP connection * @return payload object - * @throws Exception + * @throws Exception internal error */ public static Object prepareAnTrinhGadget(String host, int port) throws Exception { From 8f8621341af25bfb104ffb8e5120793b804028e4 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 21:43:57 +0100 Subject: [PATCH 13/19] Fix remaining JavaDoc --- src/eu/tneitzel/rmg/internal/ExceptionHandler.java | 2 ++ src/eu/tneitzel/rmg/internal/RMGOption.java | 2 ++ src/eu/tneitzel/rmg/utils/RMGUtils.java | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/eu/tneitzel/rmg/internal/ExceptionHandler.java b/src/eu/tneitzel/rmg/internal/ExceptionHandler.java index 963196d..d01b9ca 100644 --- a/src/eu/tneitzel/rmg/internal/ExceptionHandler.java +++ b/src/eu/tneitzel/rmg/internal/ExceptionHandler.java @@ -854,6 +854,7 @@ public static Throwable getThrowable(String name, Throwable e) * and prints the stacktrace if desired. This function should be used in most of the error * handling code of remote-method-guesser. * + * @param throwable type * @param e Exception that was caught. */ public static void showStackTrace(T e) @@ -867,6 +868,7 @@ public static void showStackTrace(T e) /** * Helper function that prints a stacktrace with a prefixed Logger item. * + * @param throwable type * @param e Exception that was caught. */ public static void stackTrace(T e) diff --git a/src/eu/tneitzel/rmg/internal/RMGOption.java b/src/eu/tneitzel/rmg/internal/RMGOption.java index 7d19ba3..1dc6993 100644 --- a/src/eu/tneitzel/rmg/internal/RMGOption.java +++ b/src/eu/tneitzel/rmg/internal/RMGOption.java @@ -283,6 +283,7 @@ public boolean getBool() /** * Returns the value stored within the option. * + * @param type of the value * @return value stored within the option */ @SuppressWarnings("unchecked") @@ -457,6 +458,7 @@ public static void addModifiers(RMGOption option, Argument arg) * If the corresponding option was not set, an error message is printed and the current execution * ends. This should be called first by functions that require an specific argument. * + * @param type of the value * @param option RMGOption that is required * @return the currently set option value */ diff --git a/src/eu/tneitzel/rmg/utils/RMGUtils.java b/src/eu/tneitzel/rmg/utils/RMGUtils.java index 3207a45..807ed1f 100644 --- a/src/eu/tneitzel/rmg/utils/RMGUtils.java +++ b/src/eu/tneitzel/rmg/utils/RMGUtils.java @@ -703,7 +703,7 @@ public static String getSimpleSignature(CtMethod method) * * @param method CtMethod that is going to be invoked * @param parameterArray array of arguments to use for the call - * @return MethodArguments - basically a list of Object value -> Type pairs + * @return MethodArguments - basically a list of Object value -> Type pairs * @throws NotFoundException internal error */ public static MethodArguments applyParameterTypes(CtMethod method, Object[] parameterArray) throws NotFoundException From 06485ea2da4120ee645cd36848c9e0d45f0a5438 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 21:45:40 +0100 Subject: [PATCH 14/19] Remove plugin folder --- plugins/GenericPrint.java | 198 -------------------------------------- plugins/README.md | 15 +-- plugins/build.sh | 21 ---- 3 files changed, 2 insertions(+), 232 deletions(-) delete mode 100644 plugins/GenericPrint.java delete mode 100644 plugins/build.sh diff --git a/plugins/GenericPrint.java b/plugins/GenericPrint.java deleted file mode 100644 index 0670f80..0000000 --- a/plugins/GenericPrint.java +++ /dev/null @@ -1,198 +0,0 @@ -import java.io.File; -import java.lang.reflect.Array; -import java.rmi.Remote; -import java.util.Collection; -import java.util.Map; -import java.util.Map.Entry; - -import eu.tneitzel.rmg.internal.ExceptionHandler; -import eu.tneitzel.rmg.io.Logger; -import eu.tneitzel.rmg.plugin.IResponseHandler; -import eu.tneitzel.rmg.utils.ActivatableWrapper; -import eu.tneitzel.rmg.utils.RemoteObjectWrapper; -import eu.tneitzel.rmg.utils.UnicastWrapper; - -/** - * GenericPrint is an rmg ResponseHandler plugin that attempts to print all incoming - * server responses. It compares the incoming object to some known data types and chooses - * reasonable defaults to visualize them. - * - * @author Tobias Neitzel (@qtc_de) - */ -public class GenericPrint implements IResponseHandler { - - /** - * The handleResponse function is called with the incoming responseObject from the - * RMI server. Depending on the corresponding class, a different print action is - * chosen. - * - * @param responseObject Incoming object from an RMI server response - */ - public void handleResponse(Object responseObject) - { - Class responseClass = responseObject.getClass(); - - if(responseObject instanceof Collection) - handleCollection(responseObject); - - else if(responseObject instanceof Map) - handleMap(responseObject); - - else if(responseClass.isArray()) - handleArray(responseObject); - - else if(Remote.class.isAssignableFrom(responseClass)) - handleRemote((Remote)responseObject); - - else if(responseObject instanceof File) - handleFile((File)responseObject); - - else if(responseObject instanceof Byte) - handleByte((byte)responseObject); - - else - handleDefault(responseObject); - } - - /** - * For each item within an collection, call handleResponse on the corresponding - * item value. - * - * @param o Object of the Collection type - */ - public void handleCollection(Object o) - { - for(Object item: (Collection)o) - handleResponse(item); - } - - /** - * For each entry within a map, handleResponse is called on the entry key and value. - * Furthermore, an arrow is printed in an attempt to visualize their relationship. - * - * @param o Object of the Map type - */ - public void handleMap(Object o) - { - Map map = (Map)o; - - for(Entry item: map.entrySet()) { - handleResponse(item.getKey()); - System.out.print(" --> "); - handleResponse(item.getValue()); - } - } - - /** - * For each item within an array, call the handleResponse function. - * - * @param o Object of the Array type - */ - public void handleArray(Object o) - { - Object[] objectArray = null; - Class type = o.getClass().getComponentType(); - - if(type.isPrimitive()) { - int length = Array.getLength(o); - objectArray = new Object[length]; - for(int ctr = 0; ctr < length; ctr++) - objectArray[ctr] = Array.get(o, ctr); - - } else { - objectArray = (Object[])o; - } - - for(Object item: objectArray) - handleResponse(item); - } - - /** - * For all objects that extend Remote, the details of the remote reference are printed. - * This includes the class name, the remote TCP endpoint, the assigned ObjID and the - * configured socket factories. - * - * @param o Object that extends the Remote type - */ - public void handleRemote(Remote o) - { - try { - RemoteObjectWrapper objectWrapper = RemoteObjectWrapper.getInstance(o); - - if (objectWrapper instanceof UnicastWrapper) - { - UnicastWrapper wrapper = (UnicastWrapper)objectWrapper; - - String csf = "default"; - String ssf = "default"; - - if(wrapper.csf != null) - csf = wrapper.csf.getClass().getName(); - - if(wrapper.ssf != null) - ssf = wrapper.ssf.getClass().getName(); - - Logger.printlnYellow("Printing unicast RemoteObject:"); - Logger.increaseIndent(); - Logger.printlnMixedBlue("Remote Class:\t\t", wrapper.className); - Logger.printlnMixedBlue("Endpoint:\t\t", wrapper.getTarget()); - Logger.printlnMixedBlue("ObjID:\t\t\t", wrapper.objID.toString()); - Logger.printlnMixedBlue("ClientSocketFactory:\t", csf); - Logger.printlnMixedBlue("ServerSocketFactory:\t", ssf); - } - - else if(objectWrapper instanceof ActivatableWrapper) - { - ActivatableWrapper wrapper = (ActivatableWrapper)objectWrapper; - - Logger.printlnYellow("Printing activatable RemoteObject:"); - Logger.increaseIndent(); - Logger.printlnMixedBlue("Remote Class:\t\t", wrapper.className); - Logger.printlnMixedBlue("Activator:\t\t", wrapper.getActivatorEndpoint()); - Logger.printlnMixedBlue("ActivationID:\t\t", wrapper.activationUID.toString()); - } - - else - Logger.eprintlnYellow("Unsupported object type."); - - - } catch (Exception e) { - ExceptionHandler.unexpectedException(e, "constructing", "RemoteObjectWrapper", true); - } - - finally { - Logger.decreaseIndent(); - } - } - - /** - * For File objects, print their absolute path. - * - * @param o File object - */ - public void handleFile(File o) - { - Logger.println(o.getAbsolutePath()); - } - - /** - * Byte objects are converted to hex and printed. As a single byte is most likely part of a - * sequence, we print without a newline. - * - * @param o File object - */ - public void handleByte(byte o) - { - Logger.printPlain(String.format("%02x", o)); - } - - /** - * The default action for each object is to print it using it's toString method. - * - * @param o Object that did not matched one of the previously mentioned types. - */ - public void handleDefault(Object o) - { - Logger.println(o.toString()); - } -} diff --git a/plugins/README.md b/plugins/README.md index 93b9ae5..88e14b1 100644 --- a/plugins/README.md +++ b/plugins/README.md @@ -2,16 +2,5 @@ ---- -This folder contains plugins that can be used for *remote-method-guesser*. Additionally, it contains -a build script that demonstrates how to compile a plugin. - - -### Generic Print - ----- - -* Implemented Interfaces: ``IResponseHandler`` - -As the name suggests, the *GenericPrint* plugin attempts to print the servers *RMI response* in some -kind of way. It uses some reasonable default print functions for arrays and collections and also supports -pretty printing for some more complex types. +The plugin system of *remote-method-guesser* gets currently refactored and will +be documented soon :) diff --git a/plugins/build.sh b/plugins/build.sh deleted file mode 100644 index d096e79..0000000 --- a/plugins/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -if [[ $# -lt 3 ]]; then - echo "$0 " - exit 1 -fi - -RMG=$1 -SRC=$2 -JAR=$3 - -DIR=$(dirname $SRC) -CLASS=$(basename $SRC .java) -MANIFEST="${DIR}/RMG-MANIFEST.MF" - -echo "RmgPluginClass: $CLASS" > $MANIFEST - -javac -cp $RMG $SRC \ -&& jar -cfm $JAR $MANIFEST -C ${DIR} ${CLASS}.class - -rm -f "${DIR}/${CLASS}.class" $MANIFEST From 02041a38bccaa9b0bce8606650c88b42ada1de55 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Fri, 22 Dec 2023 22:03:27 +0100 Subject: [PATCH 15/19] Add gpg plugin and release pipeline --- .github/workflows/release.yml | 32 ++++++++++++++++++++++++++++++++ pom.xml | 21 +++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..760aba9 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,32 @@ +name: publish + +on: + release: + types: + - created + +jobs: + publish: + + runs-on: ubuntu-latest + + steps: + - name: ${{ github.event.repository.name }} + uses: actions/checkout@v4 + + - name: Set up Maven Central Repository + uses: actions/setup-java@v4 + with: + java-version: '11' + distribution: 'temurin' + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.gpg_key }} + gpg-passphrase: ${{ secrets.gpg_pass }} + + - name: Publish package + run: mvn --batch-mode clean deploy + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} diff --git a/pom.xml b/pom.xml index ed5f97b..b4416ce 100644 --- a/pom.xml +++ b/pom.xml @@ -179,6 +179,27 @@ + + org.apache.maven.plugins + maven-gpg-plugin + 3.1.0 + + + sign-artifacts + verify + + sign + + + + --pinentry-mode + loopback + + + + + + From 228c37083e01868c394a73d2c2d43003b870279e Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Sat, 23 Dec 2023 08:28:47 +0100 Subject: [PATCH 16/19] Update release pipeline --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 760aba9..bef3430 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,8 +22,8 @@ jobs: server-id: ossrh server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.gpg_key }} - gpg-passphrase: ${{ secrets.gpg_pass }} + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Publish package run: mvn --batch-mode clean deploy From bc7414f2df4679438ad9f0112c432810b875bf33 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Sat, 23 Dec 2023 08:40:16 +0100 Subject: [PATCH 17/19] Switch maven CI back to Java 8 --- .github/workflows/maven-ci.yml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/maven-ci.yml b/.github/workflows/maven-ci.yml index 0a6b96e..9a6ab3e 100644 --- a/.github/workflows/maven-ci.yml +++ b/.github/workflows/maven-ci.yml @@ -34,7 +34,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: 'temurin' - java-version: 11 + java-version: 8 cache: maven cache-dependency-path: pom.xml diff --git a/README.md b/README.md index 65a2c2f..c12733f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/maven-ci.yml) [![](https://github.com/qtc-de/remote-method-guesser/workflows/maven%20CI/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/maven-ci.yml) -[![](https://img.shields.io/badge/version-4.4.1-blue)](https://github.com/qtc-de/remote-method-guesser/releases) +[![](https://img.shields.io/badge/version-5.0.0-blue)](https://github.com/qtc-de/remote-method-guesser/releases) [![](https://img.shields.io/badge/build%20system-maven-blue)](https://maven.apache.org/) ![](https://img.shields.io/badge/java-8%2b-blue) [![](https://img.shields.io/badge/license-GPL%20v3.0-blue)](https://github.com/qtc-de/remote-method-guesser/blob/master/LICENSE) From cc449f0f30855aa6fdd3460d3a36954d732f60b6 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Sat, 23 Dec 2023 08:41:30 +0100 Subject: [PATCH 18/19] Update CI file --- .github/workflows/maven-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/maven-ci.yml b/.github/workflows/maven-ci.yml index 9a6ab3e..fe71c87 100644 --- a/.github/workflows/maven-ci.yml +++ b/.github/workflows/maven-ci.yml @@ -10,6 +10,7 @@ on: paths: - 'src/**' - 'pom.xml' + - '.github/workflows/maven-ci.yml' pull_request: branches: @@ -19,6 +20,7 @@ on: paths: - 'src/**' - 'pom.xml' + - '.github/workflows/maven-ci.yml' jobs: build: From 348f258592a074c98d3f8a451fd82611e19d2d84 Mon Sep 17 00:00:00 2001 From: Tobias Neitzel Date: Sat, 23 Dec 2023 08:44:42 +0100 Subject: [PATCH 19/19] Include JavaDoc and sources into artifacts --- .github/workflows/maven-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/maven-ci.yml b/.github/workflows/maven-ci.yml index fe71c87..b639084 100644 --- a/.github/workflows/maven-ci.yml +++ b/.github/workflows/maven-ci.yml @@ -47,4 +47,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: rmg-compiled-jars - path: target/rmg-* + path: target/*.jar