添加对iiop协议是否被过滤的检测

woodpecker-appstore · Mar 23, 2022 · ff357f5 · ff357f5
1 parent 3d388c1
commit ff357f5
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 22 deletions.
diff --git a/src/main/java/infodetec/AllInfoDetector.java b/src/main/java/infodetec/AllInfoDetector.java
@@ -14,7 +14,7 @@ public void InfoDetectorPluginMain(InfoDetectorPluginCallbacks infoDetectorPlugi
  this.pluginHelper = infoDetecPluginCallbacks.getPluginHelper();
  this.infoDetecPluginCallbacks.setInfoDetectorPluginName("weblogic infodetector");
  this.infoDetecPluginCallbacks.setInfoDetectorPluginAuthor("c0ny1");
- this.infoDetecPluginCallbacks.setInfoDetectorPluginVersion("0.2.3");
+ this.infoDetecPluginCallbacks.setInfoDetectorPluginVersion("0.2.4");
  this.infoDetecPluginCallbacks.setInfoDetectorPluginDescription("description");
  List<InfoDetector> infoDetecs = new ArrayList<InfoDetector>();
  infoDetecs.add(new WeblogicInfoDetectorPlugin());

diff --git a/src/main/java/infodetec/WeblogicInfoDetectorPlugin.java b/src/main/java/infodetec/WeblogicInfoDetectorPlugin.java
@@ -63,23 +63,27 @@ public LinkedHashMap<String, String> doDetect(ITarget target, Map<String, Object
  isT3Open = true;
  resultOutput.successPrintln("T3 is open");
  infos.put("t3","true");
- }else if((t3HelloInfo.contains("Connection rejected")
- || t3HelloInfo.contains("filter blocked Socket"))
- && t3HelloInfo.contains("weblogic.security.net.FilterException")
- && t3HelloInfo.contains("Security:090220")){
+ }else if(WeblogicInfoUtil.isFilterEnable(t3HelloInfo)){
  isT3Open = false;
  resultOutput.errorPrintln("T3 is open,but filter enable");
  }else{
  isT3Open = false;
  resultOutput.failPrintln("T3 is close");
  }
 
- if (WeblogicInfoUtil.checkIIOP(host,port,isSSL)) {
+ String iiopHelloInfo = WeblogicInfoUtil.getIIOPHelloInfo(host,port,isSSL);
+ if(iiopHelloInfo == null){
+ isIIOPOpen = false;
+ resultOutput.failPrintln("IIOP is close");
+ }else if(WeblogicInfoUtil.isFilterEnable(iiopHelloInfo)){
+ isIIOPOpen = false;
+ resultOutput.errorPrintln("IIOP is open,but filter enable");
+ }else if(!iiopHelloInfo.contains("NamingContextAny") && !iiopHelloInfo.contains("weblogic") && !iiopHelloInfo.contains("corba")){
+ isIIOPOpen = false;
+ resultOutput.failPrintln("IIOP is close");
+ } else {
  isIIOPOpen = true;
  resultOutput.successPrintln("IIOP is open");
- infos.put("iiop","true");
- }else{
- resultOutput.failPrintln("IIOP is close");
  }
  }catch (Exception e){
  e.printStackTrace();

diff --git a/src/main/java/infodetec/WeblogicInfoUtil.java b/src/main/java/infodetec/WeblogicInfoUtil.java
@@ -1,5 +1,8 @@
 package infodetec;
 
+import net.dongliu.commons.Hexes;
+import sun.misc.BASE64Encoder;
+
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import java.io.*;
@@ -112,23 +115,18 @@ public static Socket initSocket(String host,int port,boolean isSSL) throws Excep
  return socket;
  }
 
-
- public static boolean checkIIOP(String host,int port,boolean isSSL) throws Exception{
+ public static String getIIOPHelloInfo(String host,int port,boolean isSSL) throws Exception {
+  String hello = null;
  Socket socket = initSocket(host,port,isSSL);
  try {
  byte[] rspByte = send(hexStrToBinaryStr("47494f50010200030000001700000002000000000000000b4e616d6553657276696365"), socket);
- String rsp = new String(rspByte);
- if (!rsp.contains("NamingContextAny") && !rsp.contains("weblogic") && !rsp.contains("corba")) {
- return false;
- }
- } catch (Exception e) {
- e.printStackTrace();
- return false;
+ hello = new String(rspByte);
+ } catch (Throwable t) {
+ t.printStackTrace();
  } finally {
  socket.close();
  }
-
- return true;
+ return hello;
  }
 
  public static String getT3HelloInfo(String host,int port,boolean isSSL) throws Exception {
@@ -139,7 +137,7 @@ public static String getT3HelloInfo(String host,int port,boolean isSSL) throws E
  byte[] t3Response = WeblogicInfoUtil.send(str.getBytes(), socket);
  hello = new String(t3Response);
  } catch (Throwable t){
-
+ t.printStackTrace();
  }finally {
  socket.close();
  }
@@ -231,6 +229,21 @@ public static byte[] hexStrToBinaryStr(String hexString) {
  return bytes;
  }
 
-
+ /**
+ * 检测Weblogic过滤器状态
+ * @param helloMsg hello返回包
+ * @return 过滤器是否开启
+ */
+ public static boolean isFilterEnable(String helloMsg){
+ if(
+ (helloMsg.contains("Connection rejected") || helloMsg.contains("filter blocked Socket"))
+ && helloMsg.contains("weblogic.security.net.FilterException")
+ && helloMsg.contains("Security:090220")
+ ){
+ return true;
+ }else{
+ return false;
+ }
+ }
 
 }