For my server coded in java I want to add a console. I connect to my server using a socket.
Here is the code I've made for the console:
On my server:
public class ServerConsole
{
public String exec(String[] cmd)
{
try
{
Process child = Runtime.getRuntime().exec(cmd);
InputStream in = child.getInputStream();
StringBuffer buffer = new StringBuffer();
int c;
while ((c = in.read()) != -1)
{
buffer.append((char)c);
}
in.close();
return buffer.toString();
}
catch (Exception e) {}
return "FAILED";
}
}
This class execute the given command and returns a string that contains the content of the console after execution.
I call this method like that:
String cmd_data_cmd = inputStream.readUTF();
String[] dataCmd = cmd_data_cmd.split("#");
OSCmd osCmd = new OSCmd();
outputStream.writeUTF(osCmd.exec(dataCmd));
Where inputStream is the stream I use with my socket. It works well!
Now, on the client side, I've made that:
String[] cmd = cmd_input.getText().split(" ");
String new_cmd = "";
for (String part : cmd)
new_cmd += (new_cmd.equals("") ? "": "#") + part;
this.outputSocket.writeUTF(new_cmd);
DataInputStream result_input = new DataInputStream(this.input);
String tmp = result_input.readUTF();
System.out.println(tmp);
This should returns me the result displayed in the console but actually, nothing happens. It just freezes when I start that part of code.
Any idea how to do that?
Thanks.
Here is the solution:
String[] cmd_exec = {};
String os_name = System.getProperty("os.name").toLowerCase();
if (os_name.indexOf("win") >= 0)
cmd_exec = new String[]{"cmd.exe", "/c", cmd};
else if (os_name.indexOf("mac") >= 0)
cmd_exec = new String[]{"/usr/bin/open", "-a", cmd};
else if (os_name.indexOf("nix") >= 0 || os_name.indexOf("nux") >= 0)
cmd_exec = new String[]{"/bin/bash", cmd};
else if (os_name.indexOf("sunos") >= 0)
cmd_exec = new String[]{"/bin/bash", cmd};
Process child = Runtime.getRuntime().exec(cmd_exec);
String line;
while ((line = stdInput.readLine()) != null)
{
buffer.append("\t" + new String(line.getBytes("UTF-8"), "UTF-8") + "\n");
}
stdInput.close();
while ((line = stdError.readLine()) != null)
{
buffer.append("\t" + new String(line.getBytes("UTF-8"), "UTF-8") + "\n");
}
stdError.close();
child.destroy();
Hope this will help someone else.
Related
Controller:
#PostMapping("/output/")
#ResponseBody
public Object command_injected(#RequestParam String command) {
Map<String, String> response_data = new HashMap<String, String>();
try {
String output = "";
Process p = Runtime.getRuntime().exec("ping -c 3 " + command) ;
String line = "";
BufferedReader inputStream = new BufferedReader(new InputStreamReader(p.getInputStream()));
BufferedReader errorStream = new BufferedReader(new InputStreamReader(p.getErrorStream()));
while ((line = inputStream.readLine()) != null) {
output += line + "<br/>";
}
inputStream.close();
while ((line = errorStream.readLine()) != null) {
output += line + "<br/>";
}
errorStream.close();
p.waitFor();
response_data.put("status", "success");
response_data.put("msg", output);
return response_data;
} catch (Exception e) {
e.printStackTrace();
response_data.put("status", "error");
response_data.put("msg", "No output found");
return response_data;
}
}
example input (Linux):
8.8.8.8 && ls && whoami
To show a command injection attack, I want to temper my input using &&. If I enter only IP address, this thing works. If I enter the above example, things are not ok and giving me the following:
ping: whoami: Temporary failure in name resolution
Please help!!
I'm implementing a terminal "emulator"/"launcher" in my app. I want to let the user to use all android shell commands. This works great, until I use the "su" command. here is the source code:
Code:
ProcessBuilder processBuilder = new ProcessBuilder(input);
processBuilder.directory(info.currentDirectory);
Process process;
try {
process = processBuilder.start();
} catch (IOException e) {
return 1;
}
process.waitFor();
InputStream i = process.getInputStream();
InputStream e = process.getErrorStream();
BufferedReader ir = new BufferedReader(new InputStreamReader(i));
BufferedReader er = new BufferedReader(new InputStreamReader(e));
String s = null;
output = "";
for(int count = 0; count == 0 || s != null; count++) {
s = ir.readLine();
if(s != null) {
if(count == 0)
output = output.concat(mContext.getString(R.string.output_label) + "\n");
output = output.concat(s + "\n");
}
}
s = null;
for(int count = 0; count == 0 || s != null; count++) {
s = er.readLine();
if(s != null) {
if(count == 0)
output = output.concat(mContext.getString(R.string.error_label) + "\n");
output = output.concat(s + "\n");
}
}
process.destroy();
Main thread is blocked forever in any case: if I call only process.waitFor, and if I use one of the InputStream objects.
What's the problem? SU permissions are granted normally...
I am trying to compile and execute C , C++ and Java codes taken as argument to a Java file and then check that the generated solution is correct or not as most of the website judge the solutions.Please anybody can tell me why my code is going in infinite loop and no out put is coming in file_name_output.txt. My other all files are correct as i have tested them by running the program on terminal.Here is my code :
import java.io.*;
import java.util.Scanner;
class test
{
public static void main(String args[])
{
String s=null,file_name,extension;
int pos = args[0].lastIndexOf(".");
extension = args[0].substring(pos+1);
file_name = args[0].substring(0,pos);
int lang = 0; // 1 -> c,c++ , 2 -> java
try
{
Process compile = null;
switch(extension)
{
case "c" : compile = Runtime.getRuntime().exec("gcc -g "+ args[0] + " -o "+file_name+" -lm");
lang = 1;
break;
case "cpp" : compile = Runtime.getRuntime().exec("g++ -g "+ args[0] + " -o "+file_name);
lang = 1;
break;
case "java" : compile = Runtime.getRuntime().exec("javac "+ args[0]);
lang = 2;
}
BufferedReader stdError = new BufferedReader(new InputStreamReader(compile.getErrorStream()));
if((s = stdError.readLine()) != null)
{
System.out.println("Compile Time Error OR Warning : ");
System.out.println(s);
while((s = stdError.readLine()) != null)
{
System.out.println(s);
}
}
double startTime, run_time;
Process run;
if(lang == 1)
{
startTime = System.nanoTime();
run = Runtime.getRuntime().exec("./"+file_name+" < "+file_name+"_input.txt > "+file_name+"_output.txt");
run_time = (System.nanoTime()-startTime)/(double)Math.pow(10,6);
}
else
{
startTime = System.nanoTime();
run = Runtime.getRuntime().exec("java "+file_name+" < "+file_name+"_input.txt > "+file_name+"_output.txt");
run_time = (System.nanoTime()-startTime)/(double)Math.pow(10,6);
}
System.out.println("RunTime : "+ run_time+" ms");
BufferedReader out_put = new BufferedReader(new FileReader(new File(file_name+"_output.txt")));
BufferedReader run_stdError = new BufferedReader(new InputStreamReader(run.getErrorStream()));
if(( s = run_stdError.readLine()) != null)
{
System.out.println("Runtime Error : ");
System.out.println(s);
while((s = run_stdError.readLine()) != null )
{
System.out.println(s);
}
}
else if((s = out_put.readLine()) != null)
{
String s_string = null;
int failed = 0;
File fs = new File(file_name+".txt");
BufferedReader br = new BufferedReader(new FileReader(fs));
if((!s.equals(s_string = br.readLine())))
{
failed = 1;
}
while(((s = out_put.readLine()) != null) & ((s_string = br.readLine()) != null) & (failed == 0))
{
if(!s.equals(s_string) )
{
failed = 1;
break;
}
}
if((failed == 1) || s != null || s_string != null)
{
System.out.println("Submmision Failed : ");
System.out.println("Either Output Is Wrong.\nOR\nYour Output Is Not According To The Given Format. ");
System.exit(0);
}
else
{
System.out.println("Submission Successful.");
}
}
}
catch(IOException e)
{
System.out.println("Some Error Has Occured : ");
e.printStackTrace();
System.exit(-1);
}
}
}
Diagnosis
Your program is not in an endless loop, it is blocking, and this is the line where it happens:
s = run_stdError.readLine()
unless there's something on the subprocess's stderr, this is going to block until the process dies. However, while waiting here you don't consume the process's stdout. It fills its output buffer and blocks.
The result: an interprocess deadlock.
Suggested fix
Use a ProcessBuilder and use its API to achieve redirection into files with no effort of your own. You have the redirectOutput(File) and redirectError(File) methods in there.
ping and date returned output, but it's not returning anything from "ls" or "pwd". What I want to do ultimately is run an SSH command. Any idea what I am missing below?
//Works and shows the output
executeCommand("ping -c 3 " + "google.com");
//Works and shows the output
executeCommand("date");
//Does not work. No output
executeCommand("sudo ls");
//Does not work. No output
executeCommand("ls");
private void executeCommand(String command) {
StringBuffer output = new StringBuffer();
Process p;
try {
p = Runtime.getRuntime().exec(command);
p.waitFor();
BufferedReader reader =
new BufferedReader(new InputStreamReader(p.getInputStream()));
String line = "";
while ((line = reader.readLine())!= null) {
output.append(line + "\n");
}
} catch (Exception e) {
e.printStackTrace();
}
Log.d("Output", "Output: " + output.toString());
}
I have two solutions
first solution (you need Java 7):
...
ProcessBuilder pb = new ProcessBuilder("ls");
pb.redirectOutput(Redirect.INHERIT);
Process p = pb.start();
second solution:
Process p=Runtime.getRuntime().exec("ls");
InputStream is = p.getInputStream();
int c;
StringBuilder commandResponse = new StringBuilder();
while( (c = is.read()) != -1) {
commandResponse.append((char)c);
}
System.out.println(commandResponse);
is.close();
I have this code
Process p =Runtime.getRuntime().exec("busybox");
InputStream a = p.getInputStream();
InputStreamReader read = new InputStreamReader(a);
BufferedReader in = new BufferedReader(read);
Running it from the terminal the first lines of oupout return the version of Busybox. If I wanted to take for example the first 5 characters as I do?
While the other answers should work well too, the following will exit and close the stream after reading five characters:
Process p = Runtime.getRuntime().exec("busybox");
InputStream a = p.getInputStream();
InputStreamReader read = new InputStreamReader(a);
StringBuilder firstFiveChars = new StringBuilder();
int ch = read.read();
while (ch != -1 && firstFiveChars.length() < 5) {
firstFiveChars.append((char)ch);
ch = read.read();
}
read.close();
a.close();
System.out.println(firstFiveChars);
try
String line = in.readLine();
if(line!=null && line.length() >5)
line = line.substring(0, 5);
Do this way
Process p;
try {
p = Runtime.getRuntime().exec("busybox");
InputStream a = p.getInputStream();
InputStreamReader read = new InputStreamReader(a);
BufferedReader in = new BufferedReader(read);
StringBuilder buffer = new StringBuilder();
String line = null;
try {
while ((line = in.readLine()) != null) {
buffer.append(line);
}
} finally {
read.close();
in.close();
}
String result = buffer.toString().substring(0, 15);
System.out.println("Result : " + result);
} catch (Exception e) {
e.printStackTrace();
}
Output
Result : BusyBox v1.13.3