Backdoor in your Java application
I recently came across an article describing the simplest grouping that allows you to execute any Groovy code on your server. It seemed to me very convenient for organizing a debug backdoor.
The problem is that the grooves are all the same server, and we still have a thick client on Swing. For him, I would like to do something similar, but embedding some kind of embedded Jetty or Tomcat just for that in the client looked like that too.
Fortunately, I came across another article about the simplest web server in the standard Java library. That's what I decided to use.
We write Main:
')
We continue to write on the groove, it's easier :)
Now the HTTP request handler itself:
Run, works!
The problem is that the grooves are all the same server, and we still have a thick client on Swing. For him, I would like to do something similar, but embedding some kind of embedded Jetty or Tomcat just for that in the client looked like that too.
Fortunately, I came across another article about the simplest web server in the standard Java library. That's what I decided to use.
We write Main:
')
public class Main { public static void main(String[] args) { // , HttpBackdoorRunner runner = new HttpBackdoorRunner(18999, true); runner.start(); } } We continue to write on the groove, it's easier :)
import com.sun.net.httpserver.HttpServer import java.util.concurrent.Executors /** * ( - !) */ class HttpBackdoorRunner { final int port final boolean silent HttpBackdoorRunner(int port, boolean silent) { this.port = port this.silent = silent } def start() { try { InetSocketAddress addr = new InetSocketAddress(port); HttpServer server = HttpServer.create(addr, 0); server.createContext("/", new BackdoorHandler()); server.setExecutor(Executors.newCachedThreadPool( )); server.start(); } catch(Exception e) { if (silent) { // Ignore } else throw new RuntimeException(e) } } } Now the HTTP request handler itself:
/** * - * , URI , - */ class BackdoorScriptRunner { void runScript(script, responseBody, uri) { def scriptOutput = new ByteArrayOutputStream() if (script) { // Redirect output def saveOut = System.out def stream = new PrintStream(scriptOutput) System.out = stream try{ def result = new GroovyShell().run(script, "dynamic.groovy"); } catch (Throwable e) { e.printStackTrace(stream); } System.out = saveOut } responseBody.println createHTML(uri, script, scriptOutput) responseBody.close(); } String createHTML(uri, script, scriptOutput) { """ <form action="${uri}" method="post"> <h2>BackDoor</h2> Code comes here: <br> <textarea cols="120" rows="5" name="groovyscript"> ${script ? script : ""}</textarea> <br> <input type="submit" value="Go!" /> </form> <br> ${scriptOutput.toString() ? "<h2>Output</h2><pre>${scriptOutput}</pre>" : ""} """ } } Run, works!
Source: https://habr.com/ru/post/149427/
All Articles