-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
- Loading branch information
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<module type="JAVA_MODULE" version="4" /> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
CAS execution参数解密 | ||
|
||
Usage: | ||
|
||
ExecutionDecode -t <execution-value> 解密execution | ||
ExecutionDecode -f <execution-value-file> 读取文件内容 | ||
ExecutionDecode -b <execution-value-byte> 将byte类型转为十六进制 | ||
|
||
![img](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F235d6bb8-a696-4d12-98d3-0a39335c4caf%2FUntitled.png?table=block&id=1736769f-c456-4c18-8485-0c0e1ab68893&width=3410&cache=v2) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
|
||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<groupId>org.example</groupId> | ||
<artifactId>ExecutionDecode</artifactId> | ||
<version>1.0-SNAPSHOT</version> | ||
<packaging>jar</packaging> | ||
|
||
<properties> | ||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
<maven.compiler.source>1.8</maven.compiler.source> | ||
<maven.compiler.target>1.8</maven.compiler.target> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>bcprov</groupId> | ||
<artifactId>bcprov</artifactId> | ||
<version>1.50</version> | ||
<scope>system</scope> | ||
<systemPath>${project.basedir}/src/main/java/lib/bcprov-jdk15on-1.50.jar</systemPath> | ||
</dependency> | ||
<dependency> | ||
<groupId>cryp</groupId> | ||
<artifactId>cryp</artifactId> | ||
<version>1.0</version> | ||
<scope>system</scope> | ||
<systemPath>${project.basedir}/src/main/java/lib/cryptacular-1.0.jar</systemPath> | ||
</dependency> | ||
<dependency> | ||
<groupId>webflow</groupId> | ||
<artifactId>webflow</artifactId> | ||
<version>2.4.1</version> | ||
<scope>system</scope> | ||
<systemPath>${project.basedir}/src/main/java/lib/spring-webflow-2.4.1.RELEASE.jar</systemPath> | ||
</dependency> | ||
<dependency> | ||
<groupId>webflow1</groupId> | ||
<artifactId>webflow1</artifactId> | ||
<version>1.0.0</version> | ||
<scope>system</scope> | ||
<systemPath>${project.basedir}/src/main/java/lib/spring-webflow-client-repo-1.0.0.jar</systemPath> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<finalName>ExecutionDecode</finalName> | ||
<pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --> | ||
<plugins> | ||
<plugin> | ||
<artifactId>maven-clean-plugin</artifactId> | ||
<version>3.1.0</version> | ||
</plugin> | ||
<!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --> | ||
<plugin> | ||
<artifactId>maven-resources-plugin</artifactId> | ||
<version>3.0.2</version> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<version>3.8.0</version> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-surefire-plugin</artifactId> | ||
<version>2.22.1</version> | ||
</plugin> | ||
|
||
<plugin> | ||
<artifactId>maven-install-plugin</artifactId> | ||
<version>2.5.2</version> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-deploy-plugin</artifactId> | ||
<version>2.8.2</version> | ||
</plugin> | ||
|
||
<plugin> | ||
<artifactId>maven-assembly-plugin</artifactId> | ||
<configuration> | ||
<finalName>${project.artifactId}-${project.version}-all</finalName> | ||
<!--jar-with-dependencies将附加到最终名称--> | ||
<appendAssemblyId>false</appendAssemblyId> | ||
<archive> | ||
<manifest> | ||
<!--运行jar包时运行的主类,要求类全名--> | ||
<mainClass>ExecutionDecode</mainClass> | ||
</manifest> | ||
</archive> | ||
<descriptor>${project.basedir}/src/main/resources/assembly.xml</descriptor> | ||
</configuration> | ||
<executions> | ||
<execution><!--执行器 mvn assembly:assembly--> | ||
<id>make-assembly</id> | ||
<phase>package</phase> | ||
<goals> | ||
<goal>single</goal><!-- 只运行一次 --> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
|
||
</plugins> | ||
</pluginManagement> | ||
</build> | ||
</project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
import java.io.*; | ||
import java.lang.reflect.Field; | ||
import java.util.Base64; | ||
import java.util.zip.GZIPInputStream; | ||
import org.cryptacular.bean.CipherBean; | ||
|
||
public class ExecutionDecode{ | ||
public static String byte2HexString(byte[] bytes) { | ||
String hex = ""; | ||
if (bytes != null) { | ||
for (Byte b : bytes) { | ||
hex += String.format("%02X", b.intValue() & 0xFF); | ||
} | ||
} | ||
return hex; | ||
} | ||
|
||
public static void saveFile(String filename,byte [] data)throws Exception{ | ||
if(data != null){ | ||
String filepath = filename; | ||
File file = new File(filepath); | ||
if(file.exists()){ | ||
file.delete(); | ||
} | ||
FileOutputStream fos = new FileOutputStream(file); | ||
fos.write(data,0,data.length); | ||
fos.flush(); | ||
fos.close(); | ||
} | ||
} | ||
|
||
public static byte[] unGZip(byte[] data) { | ||
byte[] b = null; | ||
try { | ||
ByteArrayInputStream bis = new ByteArrayInputStream(data); | ||
GZIPInputStream gzip = new GZIPInputStream(bis); | ||
byte[] buf = new byte[1024]; | ||
int num = -1; | ||
ByteArrayOutputStream baos = new ByteArrayOutputStream(); | ||
while ((num = gzip.read(buf, 0, buf.length)) != -1) { | ||
baos.write(buf, 0, num); | ||
} | ||
b = baos.toByteArray(); | ||
baos.flush(); | ||
baos.close(); | ||
gzip.close(); | ||
bis.close(); | ||
} catch (Exception ex) { | ||
ex.printStackTrace(); | ||
} | ||
return b; | ||
} | ||
|
||
public static void main(String[] args) throws Exception { | ||
if (args.length == 2) { | ||
if (args[0].toLowerCase().equals("-t")){ | ||
try { | ||
String execution = new String(args[1]); | ||
// 将execution解码为byte数组 | ||
byte[] bytepayload = Base64.getDecoder().decode(execution); | ||
// 获取字节码对象 | ||
Class class1 = Class.forName("org.jasig.spring.webflow.plugin.EncryptedTranscoder"); | ||
// 创建对象 | ||
Object test = class1.newInstance(); | ||
// 反射获取属性 | ||
Field field = class1.getDeclaredField("cipherBean"); | ||
// 设置反射时取消Java的访问检查 | ||
field.setAccessible(true); | ||
// 返回指定对象 test 上此 Field 表示的字段的值 | ||
CipherBean cipherb = (CipherBean) field.get(test); | ||
// 执行解密操作 | ||
byte[] result = cipherb.decrypt(bytepayload); | ||
// 解压缩 | ||
byte[] unGZippaylaod = unGZip(result); | ||
// 写文件 | ||
// saveFile("test.bin", unGZippaylaod); | ||
// 需要转化为十六进制 | ||
String resulthex = byte2HexString(unGZippaylaod); | ||
String payload = new String(unGZippaylaod); | ||
// System.out.println(payload); | ||
System.out.println(resulthex); | ||
}catch (Exception e){ | ||
e.printStackTrace(); | ||
} | ||
} | ||
else if (args[0].toLowerCase().equals("-f")) { | ||
File f = new File(args[1]); | ||
if (f.exists()) { | ||
try { | ||
BufferedReader in = new BufferedReader(new FileReader(f)); | ||
String str; | ||
while ((str = in.readLine()) != null) { | ||
System.out.println(str); | ||
} | ||
System.out.println(str); | ||
} catch (Exception e) { | ||
e.printStackTrace(); | ||
} | ||
} | ||
else{ | ||
throw new RuntimeException(args[1] + " File Not Found..."); | ||
} | ||
} | ||
else if (args[0].toLowerCase().equals("-b")){ | ||
File f = new File(args[1]); | ||
if (f.exists()) { | ||
try { | ||
byte[] fileContents = new byte[(int) f.length()]; | ||
FileInputStream fis = new FileInputStream(f); | ||
fis.read(fileContents); | ||
fis.close(); | ||
String resulthex = byte2HexString(fileContents); | ||
System.out.println(resulthex); | ||
} catch (Exception e) { | ||
e.printStackTrace(); | ||
} | ||
} | ||
else{ | ||
throw new RuntimeException(args[1] + " File Not Found..."); | ||
} | ||
|
||
} | ||
} | ||
else { | ||
System.out.println("Usage:"); | ||
System.out.println("\tExecutionDecode -t <execution-value> 解密execution"); | ||
System.out.println("\tExecutionDecode -f <execution-value-file> 读取文件内容"); | ||
System.out.println("\tExecutionDecode -b <execution-value-byte> 将byte类型转为十六进制"); | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
Manifest-Version: 1.0 | ||
Main-Class: ExecutionDecode | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<assembly | ||
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.3" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.3 http://maven.apache.org/xsd/assembly-1.1.3.xsd | ||
http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.3 "> | ||
<id>fat-tests</id> | ||
<formats> | ||
<!--打包的文件格式,也可以有:war zip--> | ||
<format>jar</format> | ||
</formats> | ||
<!--指定打的包是否包含打包成目录--> | ||
<includeBaseDirectory>false</includeBaseDirectory> | ||
<!-- 指定将工程依赖的包打到包里的指定目录下 --> | ||
<dependencySets> | ||
<dependencySet> | ||
<outputDirectory>/</outputDirectory> | ||
<useProjectArtifact>true</useProjectArtifact><!--是否把本项目添加到依赖文件夹下--> | ||
<unpack>true</unpack> | ||
<scope>test</scope> | ||
</dependencySet> | ||
</dependencySets> | ||
<fileSets><!-- 指定要包含的文件集,可以定义多个fileSet --> | ||
<fileSet> | ||
<directory>${project.build.directory}/test-classes</directory><!-- 指定归档文件(要打的jar包)要包含的目录(下的文件及文件夹) --> | ||
<outputDirectory>/</outputDirectory> | ||
<includes> | ||
<include>**/*.class</include> | ||
</includes> | ||
<useDefaultExcludes>true</useDefaultExcludes> | ||
</fileSet> | ||
</fileSets> | ||
</assembly> |