I am trying to execute JAD decompiler on class file from code:
Process p = Runtime.getRuntime().exec("c:\\1\\jad.exe c:\\1\\EIn.class");
//All paths are correct, "c:\\1\\jad.exe c:\\1\\EIn.class" wotks when I run it in cmd
When I debug i don't get any errors, debugger moves to the next line...
if I put:
int res = p.waitFor();
It just hangs.
Update:
BufferedReader in = new BufferedReader(new InputStreamReader(p.getErrorStream()));
String str = null;
while ((str = in.readLine()) != null) { //Stucks here
}
Is the jad decompiler waiting on input from you via stdin?
To see the errors that you are getting, consume the getOutputStream and getErrorStream to see what the decompiler is writing out.
You can use the ProcessBuilder class to make redirecting streams a little more pleasant.
public static void main(String[] args) throws Exception {
String[] cmd = { "c:\\1\\jad.exe", "-c:\\1\\EIn.class" };
Process p = Runtime.getRuntime().exec(cmd);
p.waitFor();
}
This is a TRAP in Java ,please just have a look at this page,you will get more than you wanna!
Related
I'm trying to do a proof of concept exploit to show how changing the path variable can replace standard programs for malicious ends. I put a dummy program called "cmd.exe" in a directory "C:\path\to\fake_exe\" and changed the path to have that at the front.
Below is the function I'm using to demonstrate, but it runs normally (i.e., it passes the arguments to the correct cmd.exe instead of my fake one). I even passed "cmd" to the function, and it opened my dummy program! So the path variable is definitely set to find my fake cmd.exe correctly, but the exec(..) function is finding the proper cmd.exe regardless.
How does the exec(...) function find executables? Where is this documented?
static void unsafeExec(String cmd) throws IOException, InterruptedException {
String[] run = new String[3];
run[0] = "cmd.exe";
run[1] = "/C";
run[2] = cmd;
Process p = Runtime.getRuntime().exec(run);
BufferedReader stdIN = new BufferedReader(new InputStreamReader(p.getInputStream()));
BufferedReader stdER = new BufferedReader(new InputStreamReader(p.getErrorStream()));
p.waitFor();
String s;
while ((s = stdIN.readLine()) != null) {
System.out.println(s);
}
while ((s = stdER.readLine()) != null) {
System.out.print(s);
}
}
I am trying to execute another file using Runtime and Process
try
{
Runtime run = Runtime.getRuntime();
Process pro = run.exec("C:\\Users\\user\\Desktop\\file.exe");
}
catch(Exception a)
{
a.printStackTrace();
}
I can enter this command in either run or cmd and am able to open the file but running it through my program it won't open. There are no errors, it just doesn't open.
To better understand what is going on (and it is actually a requirement of the Process class), you need to redirect the input and error streams of your process - and using a ProcessBuilder is the recommended way to start processes:
public static void main(String[] args) throws Exception {
ProcessBuilder pb = new ProcessBuilder("C:\\Users\\user\\Desktop\\file.exe");
runProcess(pb)
}
private static void runProcess(ProcessBuilder pb) throws IOException {
pb.redirectErrorStream(true);
Process p = pb.start();
BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
while ((line = reader.readLine()) != null) {
System.out.println(line);
}
}
You must do
Process pro = run.exec("C:\\Users\\user\\Desktop\\file.exe",null,"C:\\Users\\user\\Desktop\\");
Please see Run .exe file from Java from file location
Try this way:
String []cmdarray = new String[4];
cmdarray[0] = "cmd";
cmdarray[1] = "/c";
cmdarray[2] = "start";
cmdarray[3] = "C:\\Users\\user\\Desktop\\file.exe";
Runtime.getRuntime().exec(cmdarray);
Try this one, create a batch file ,like start_file.bat.
The content like this:
cd C:\Users\user\Desktop ----- Goto this directory
C: ----- This line is very important
file.exe
Both the two approaches work well.
Runtime r = Runtime.getRuntime();
String []cmdarray = new String[4];
cmdarray[0] = "cmd";
cmdarray[1] = "/c";
cmdarray[2] = "start";
cmdarray[3] = "C:/users/desktop/start_file.bat";
r.exec(cmdarray);
And this one:
r.exec("C:/users/desktop/start_file.bat");
You can read the output from this new process.
I have a python script and it takes a long time to finish. I would like to run it from Java, but also output the script's output while it is executing, so that I can tell if it is properly running.
I've searched and only found examples where we output the output after the system command has finished, rather than during its execution.
Any way to do it while the script is running?
Here's what I have
public void doSomething() throws IOException {
String[] callAndArgs = {"python", "/hi.py"};
Process p = Runtime.getRuntime().exec(callAndArgs);
BufferedReader stdInput = new BufferedReader(new InputStreamReader(p.getInputStream()));
BufferedReader stdError = new BufferedReader(new InputStreamReader(p.getErrorStream()));
String s;
while ((s = stdInput.readLine()) != null) {
System.out.println(s);
}
while ((s = stdError.readLine()) != null) {
System.out.println(s);
}
}
i managed to get it working like this (Note it requires java7):
package test;
import java.lang.ProcessBuilder.Redirect;
public class Test {
public static void main(String... args) throws Exception {
ProcessBuilder pb = new ProcessBuilder("python","/home/foobar/Programming/test/src/test/test.py");
pb.redirectOutput(Redirect.INHERIT);
Process p = pb.start();
p.waitFor();
}
}
python (note i flush on python to make it work using sys.stdout.flush())
import time,sys
c =0
while c<=50:
time.sleep(1)
print("----")
c = c +1
sys.stdout.flush()
Note if you don't want to flush in a loop you can use this:
ProcessBuilder pb = new ProcessBuilder("python","-u","/home/foobar/Programming/NetBeansProjects/test/src/test/test.py");
Redirect.INHERIT
Indicates that subprocess I/O source or destination will be the same as those of the current process. This is the normal behavior of most operating system command interpreters (shells).
I've searched and only found examples where we output the output after
the system command has finished, rather than during its execution.
That's weird, because your example should be dumping the output as the command is executing.
Instead of using BufferedReader, you could try reading directly from the InputStream instead as the required conditions for readLine might not be being met until after the process exits.
I'd also recommend that you use a ProcessBuilder over Process directly, as, apart from anything else, it allows you to redirect the output from the error stream into the input stream, allowing you to read just one stream instead of two...
This might also be an issue with Python and how it flushes it output buffers...
For example, rather then waiting for the BufferedReader to decide when to return, try printing each character from the stream as it occurs/is reported
ProcessBuilder pb = new ProcessBuilder("test.py");
pb.redirectError();
Process p = pb.start();
InputStream is = null;
try {
is = p.getInputStream();
int in = -1;
while ((in = is.read()) != -1) {
System.out.print((char)in);
}
} finally {
try {
is.close();
} catch (Exception e) {
}
}
Update
Doing a little reading, Python seems to be buffering its out out before sending it to the stdout. I don't think you can fix this on the a Java side, but need to alter either the way Python is run or the script works.
See How to flush output of Python print? for more details
I'm suspecting that you are writing to stderr, which you can't see because you are blocking on stdin. Use a ProcessBuilder instead of doing exec. This way, you can redirect stderr and stdin into a single stream.
Here is an example:
import java.io.*;
public class Test {
public static void main(String... args) throws IOException {
ProcessBuilder pb =
new ProcessBuilder("test.py");
pb.redirectErrorStream(true);
Process proc = pb.start();
Reader reader = new InputStreamReader(proc.getInputStream());
BufferedReader bf = new BufferedReader(reader);
String s;
while ((s = bf.readLine()) != null) {
System.out.println(s);
}
}
}
Alternatively you can spawn threads to read from stdin/stderr respectively.
Another thing to look for is output buffering by python. You can see if this is the cause by doing:
import sys
sys.stdout.flush()
after you write to stdout
Don't use #readLine as the conditional in your while loop. Instead wrap your inputStream in a scanner and use #hasNextLine()
Scanner in = new Scanner(p.getInputStream());
while (in.hasNextLine()) {
System.out.println(in.nextLine());
}
Im facing this strange issue of not being able to execute a simple "whoami" unix command on a AIX server. I have a webapplication that is deployed on an AIX server. Now I want to see under which WAS user my webapplication is currently running. So I added the below code:
public String whoami() throws Exception {
Process p = Runtime.getRuntime().exec("whoami");
BufferedReader in = new BufferedReader(new InputStreamReader(p.getInputStream()));
String line;
String output = "";
while ((line = in.readLine()) != null) {
//System.out.println(line);
output += line;
}
in.close();
p.destroy();
return output;
}
}
The above code is added in a jar file which is referred by a JSP. The JSP has to receive the output of the code above and it displays the WAS User name. But when i deploy the webapplication on the server and try to observe the output, im getting an error message like
Error 500: access denied (java.io.FilePermission <> execute)
However, When I remove the above code and run my webapplication, everything runs fine. What wron am i doing here. Did I miss doing anything? Please help. This is the first time im working on UNIX
It looks like your web server has been configured with a Java security policy that prohibits executing external applications.
See http://java.sun.com/developer/onlineTraining/Programming/JDCBook/appA.html for information about Java Security Policies, and the documentation for your web server.
You will need to supply (or edit) a policy file to contain something like:
grant {
permission java.io.FilePermission
"/usr/bin/whoami", "execute";
};
Just out of curiosity
Have you considered to use:
user.name
System property in Java?
AFAIK whoami is a shell command and Runtime#exec() executes programs only.
you can try Runtime.getRuntime().exec(new String[]{"sh","-c","whoami"}) to call sh and let it execute whoami
another thing: do you need to destroy the process after reading?
You can use the ProcessBuilder class instead of getRuntime().exec("whoami").
Here is sample code
import java.io.*;
import java.util.*;
public class DoProcessBuilder {
public static void main(String args[]) throws IOException {
if (args.length <= 0) {
System.err.println("Need command to run");
System.exit(-1);
}
Process process = new ProcessBuilder(args).start();
InputStream is = process.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String line;
System.out.printf("Output of running %s is:", Arrays.toString(args));
while ((line = br.readLine()) != null) {
System.out.println(line);
}
}
}
I have a program which is:
import java.io.*;
import java.util.*;
public class ExecBashCommand {
public static void main(String args[]) throws IOException {
if (args.length <= 0) {
System.err.println("Need command to run");
System.exit(-1);
}
Runtime runtime = Runtime.getRuntime();
Process process = runtime.exec("./nv0914 < nv0914.challenge");
Process process1 = runtime.exec("echo ${?}");
InputStream is = process1.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String line;
//System.out.printf("Output of running %s is:", Arrays.toString(args));
while ((line = br.readLine()) != null) {
System.out.println(line);
}
}
}
note: nv0914 is a bash executable file and nv0914.challenge is a text file.
When i run any normal command in terminal and just after that if I check the exit code using echo ${?}. Now I want to do the same by using a program, but the program is simply giving the output ${?}. Please help me out!
Process.waitFor() returns an int That is where the exit code is returned. If you start an unrelated program, won't have a previous exit code which is why it doesn't return anything useful.
You can't use exitValue() reliably because you could call it before the program has finished. You should only call it after calling waitFor() (and it will give the same exit code waitFor() does)
From the Javadoc for exitValue
Throws: IllegalThreadStateException - if the subprocess represented by this Process object has not yet terminated.