Merge pull request #31 from qtc-de/develop

Prepare v4.3.0 Release
qtc-de · May 11, 2022 · 6ce2540 · 6ce2540
2 parents 192d3e4 + 6d5a39c
commit 6ce2540
Show file tree

Hide file tree

Showing 79 changed files with 3,261 additions and 523 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [4.3.0] - May 11, 2022
+
+### Added
+
+* Add support for `ActivatableRef` ([docs](/docs/rmg/actions.md#activatable-bound-names))
+* Add test cases for `ActivatableRef`
+
+### Changed
+
+* Update list of known endpoints ([docs](/docs/rmi/known-endpoints.md))
+* Update outdated documentation
+
+### Docker
+
+* The [example server](/docker/example-server) now provides a full working *Activation System* on port `1098`
+
+
 ## [4.2.2] - Jan 11, 2022
 
 ### Changed

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 [![](https://github.com/qtc-de/remote-method-guesser/workflows/master%20maven%20CI/badge.svg?branch=master)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/master.yml)
 [![](https://github.com/qtc-de/remote-method-guesser/workflows/develop%20maven%20CI/badge.svg?branch=develop)](https://github.com/qtc-de/remote-method-guesser/actions/workflows/develop.yml)
-[![](https://img.shields.io/badge/version-4.2.2-blue)](https://github.com/qtc-de/remote-method-guesser/releases)
+[![](https://img.shields.io/badge/version-4.3.0-blue)](https://github.com/qtc-de/remote-method-guesser/releases)
 [![](https://img.shields.io/badge/build%20system-maven-blue)](https://maven.apache.org/)
 ![](https://img.shields.io/badge/java-8%2b-blue)
 [![](https://img.shields.io/badge/license-GPL%20v3.0-blue)](https://github.com/qtc-de/remote-method-guesser/blob/master/LICENSE)

diff --git a/docker/example-server/CHANGELOG.md b/docker/example-server/CHANGELOG.md
@@ -0,0 +1,20 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+
+## [3.3] - May 08, 2022
+
+### Changed
+
+* Fix timestamp for log messages
+
+
+## [3.2] - May 06, 2022
+
+### Changed
+
+* Add activation system on port 1098
diff --git a/docker/example-server/Dockerfile-jdk11 b/docker/example-server/Dockerfile-jdk11
@@ -39,6 +39,6 @@ ENV _JAVA_OPTIONS -Djava.rmi.server.hostname=iinsecure.dev \
     -Djava.security.policy=/opt/policy \
     -Djava.rmi.server.codebase=http://iinsecure.dev/well-hidden-development-folder/
 
-EXPOSE 1090/tcp 9010/tcp
+EXPOSE 1090/tcp 1098/tcp 9010/tcp
 
 CMD ["/opt/start.sh"]
diff --git a/docker/example-server/Dockerfile-jdk8 b/docker/example-server/Dockerfile-jdk8
@@ -29,6 +29,6 @@ ENV _JAVA_OPTIONS -Djava.rmi.server.hostname=iinsecure.dev \
     -Djava.security.policy=/opt/policy \
     -Djava.rmi.server.codebase=http://iinsecure.dev/well-hidden-development-folder/
 
-EXPOSE 1090/tcp 9010/tcp
+EXPOSE 1090/tcp 1098/tcp 9010/tcp
 
 CMD ["/opt/start.sh"]
diff --git a/docker/example-server/Dockerfile-jdk9 b/docker/example-server/Dockerfile-jdk9
@@ -39,6 +39,6 @@ ENV _JAVA_OPTIONS -Djava.rmi.server.hostname=iinsecure.dev \
     -Djava.security.policy=/opt/policy \
     -Djava.rmi.server.codebase=http://iinsecure.dev/well-hidden-development-folder/
 
-EXPOSE 1090/tcp 9010/tcp
+EXPOSE 1090/tcp 1098/tcp 9010/tcp
 
 CMD ["/opt/start.sh"]
diff --git a/docker/example-server/README.md b/docker/example-server/README.md
diff --git a/docker/example-server/docker-compose-jdk11.yml b/docker/example-server/docker-compose-jdk11.yml
@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
     rmg:
-      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:3.1-jdk11
+      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:3.3-jdk11
       build: .
       environment:
         - > 

diff --git a/docker/example-server/docker-compose-jdk8.yml b/docker/example-server/docker-compose-jdk8.yml
@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
     rmg:
-      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:3.1-jdk8
+      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:3.3-jdk8
       build: .
       environment:
         - > 

diff --git a/docker/example-server/docker-compose-jdk9.yml b/docker/example-server/docker-compose-jdk9.yml
@@ -2,7 +2,7 @@ version: '3.7'
 
 services:
     rmg:
-      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:3.1-jdk9
+      image: ghcr.io/qtc-de/remote-method-guesser/rmg-example-server:3.3-jdk9
       build: .
       environment:
         - > 

diff --git a/docker/example-server/resources/server/pom.xml b/docker/example-server/resources/server/pom.xml
@@ -3,7 +3,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>de.qtc.rmg.server.ExampleServer</groupId>
   <artifactId>rmg-example-server</artifactId>
-  <version>3.1.0</version>
+  <version>3.3.0</version>
   <name>rmg-example-server</name>
   <description>RMG Example Server</description>
 

diff --git a/docker/example-server/resources/server/src/de/qtc/rmg/server/ExampleServer.java b/docker/example-server/resources/server/src/de/qtc/rmg/server/ExampleServer.java
@@ -1,6 +1,5 @@
 package de.qtc.rmg.server;
 
-import java.rmi.AccessException;
 import java.rmi.AlreadyBoundException;
 import java.rmi.NotBoundException;
 import java.rmi.Remote;
@@ -12,6 +11,7 @@
 import javax.rmi.ssl.SslRMIClientSocketFactory;
 import javax.rmi.ssl.SslRMIServerSocketFactory;
 
+import de.qtc.rmg.server.activation.ActivationServer;
 import de.qtc.rmg.server.interfaces.IPlainServer;
 import de.qtc.rmg.server.interfaces.ISecureServer;
 import de.qtc.rmg.server.interfaces.ISslServer;
@@ -20,6 +20,7 @@
 import de.qtc.rmg.server.operations.SecureServer;
 import de.qtc.rmg.server.operations.SslServer;
 import de.qtc.rmg.server.utils.Logger;
+import de.qtc.rmg.server.utils.Utils;
 
 public class ExampleServer {
 
@@ -31,7 +32,7 @@ public class ExampleServer {
     public static void main(String[] argv)
     {
         String disableColor = System.getProperty("de.qtc.rmg.server.disableColor");
-        if( disableColor != null && disableColor.equalsIgnoreCase("true") )
+        if (disableColor != null && disableColor.equalsIgnoreCase("true"))
             Logger.disableColor();
 
         Logger.println("Initializing Java RMI Server:");
@@ -46,24 +47,25 @@ public static void main(String[] argv)
             SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
             SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory();
 
-            Logger.printlnMixedYellow("Creating RMI-Registry on port", String.valueOf(registryPort));
+            Logger.printMixedBlue("Creating", "RMI-Registry", "on port ");
+            Logger.printlnPlainYellow(String.valueOf(registryPort));
             Registry registry = LocateRegistry.createRegistry(registryPort, csf, ssf);
             Logger.println("");
 
             Logger.printlnMixedBlue("Creating", "PlainServer", "object.");
             remoteObject1 = new PlainServer();
             IPlainServer stub = (IPlainServer)UnicastRemoteObject.exportObject(remoteObject1, 0);
-            bindToRegistry(stub, registry, "plain-server");
+            Utils.bindToRegistry(stub, registry, "plain-server");
 
             Logger.printlnMixedBlue("Creating", "SSLServer", "object.");
             remoteObject2 = new SslServer();
             ISslServer stub2 = (ISslServer)UnicastRemoteObject.exportObject(remoteObject2, 0, csf, ssf);
-            bindToRegistry(stub2, registry, "ssl-server");
+            Utils.bindToRegistry(stub2, registry, "ssl-server");
 
             Logger.printlnMixedBlue("Creating", "SecureServer", "object.");
             remoteObject3 = new SecureServer();
             ISecureServer stub3 = (ISecureServer)UnicastRemoteObject.exportObject(remoteObject3, 0);
-            bindToRegistry(stub3, registry, "secure-server");
+            Utils.bindToRegistry(stub3, registry, "secure-server");
 
             Logger.decreaseIndent();
             Logger.println("");
@@ -72,23 +74,11 @@ public static void main(String[] argv)
             Logger.println("");
 
             LegacyServer.init();
+            ActivationServer.init();
 
         } catch (RemoteException | AlreadyBoundException | NotBoundException e) {
-            System.err.println("[-] Unexpected RMI Error:");
+            Logger.eprintln("Unexpected RMI Error:");
             e.printStackTrace();
         }
     }
-
-    public static void bindToRegistry(Remote object, Registry registry, String boundName) throws AccessException, RemoteException, AlreadyBoundException, NotBoundException
-    {
-        Logger.increaseIndent();
-        Logger.printlnMixedYellow("Binding Object as", boundName);
-        registry.bind(boundName, object);
-
-        Object o = registry.lookup(boundName);
-        String className = o.getClass().getInterfaces()[0].getSimpleName();
-        Logger.printMixedYellow("Boundname", boundName);
-        Logger.printlnPlainMixedBlue(" with interface", className, "is ready.");
-        Logger.decreaseIndent();
-    }
 }
diff --git a/...er/example-server/resources/server/src/de/qtc/rmg/server/activation/ActivationServer.java b/...er/example-server/resources/server/src/de/qtc/rmg/server/activation/ActivationServer.java
@@ -0,0 +1,117 @@
+package de.qtc.rmg.server.activation;
+
+import java.rmi.AccessException;
+import java.rmi.AlreadyBoundException;
+import java.rmi.NotBoundException;
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+import java.rmi.activation.Activatable;
+import java.rmi.activation.ActivationDesc;
+import java.rmi.activation.ActivationGroup;
+import java.rmi.activation.ActivationGroupDesc;
+import java.rmi.activation.ActivationGroupID;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+import java.rmi.server.UnicastRemoteObject;
+import java.util.Properties;
+
+import de.qtc.rmg.server.interfaces.IPlainServer;
+import de.qtc.rmg.server.operations.PlainServer;
+import de.qtc.rmg.server.utils.Logger;
+import de.qtc.rmg.server.utils.Utils;
+
+/**
+ * Create an ActivationServer. This class does basically the same as rmid, but skips some configuration
+ * steps and does only the necessary once. The resulting server seems to work fine, but it is possible
+ * that it is not fully functional due to some missing configuration steps.
+ *
+ * @author Tobias Neitzel (@qtc_de)
+ */
+@SuppressWarnings("unused")
+public class ActivationServer
+{
+    private static int activationSystemPort = 1098;
+    private static Remote remoteObject1 = null;
+    private static Remote remoteObject2 = null;
+    private static Remote remoteObject3 = null;
+
+    private final static String codebase = "file:///opt/example-server.jar";
+
+    /**
+     * Create the RMI registry and the Activator and bind an ActivationSystem to it. Afterwards, an activation
+     * group is created and two activatable RMI services are bound to the registry. Additionally, we bind one
+     * non activatable service.
+     */
+    public static void init()
+    {
+        Logger.increaseIndent();
+
+        try {
+            Logger.printMixedBlue("Creating", "ActivationSystem", "on port ");
+            Logger.printlnPlainYellow(String.valueOf(activationSystemPort));
+            Utils.startActivation(activationSystemPort, null, "/tmp/activation-log", null);
+
+            Properties props = new Properties();
+            props.put("java.security.policy", "/opt/policy");
+            props.put("java.security.debug", "");
+
+            ActivationGroupDesc groupDesc = new ActivationGroupDesc(props, null);
+
+            /*
+             * In the following we register the activation group. For some reason, this creates a ThreadDump,
+             * although the operation finished and the group is registered correctly. I have no idea where this
+             * ThreadDump comes from. If someone knows, please create an issue that explains it :)
+             *
+             * The code below disables stderr temporarily to prevent the ThreadDump to confuse users. Here is
+             * the StackTrace that would be shown otherwise:
+             *       java.lang.Exception: Stack trace
+             *      at java.lang.Thread.dumpStack(Thread.java:1336)
+             *      at sun.rmi.server.Activation$ActivationSystemImpl.registerGroup(Activation.java:538)
+             *      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+             *      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
+             *      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+             *      at java.lang.reflect.Method.invoke(Method.java:498)
+             *      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
+             *      at sun.rmi.transport.Transport$1.run(Transport.java:200)
+             *      at sun.rmi.transport.Transport$1.run(Transport.java:197)
+             *      at java.security.AccessController.doPrivileged(Native Method)
+             *      at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
+             *      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
+             *      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
+             *      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
+             *      at java.security.AccessController.doPrivileged(Native Method)
+             *      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
+             *      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
+             *      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
+             *      at java.lang.Thread.run(Thread.java:748)
+             */
+            Utils.toogleOutput();
+            ActivationGroupID groupID = ActivationGroup.getSystem().registerGroup(groupDesc);
+            Utils.toogleOutput();
+
+            ActivationDesc desc = new ActivationDesc(groupID, ActivationService.class.getName(), codebase, null);
+            remoteObject1 = Activatable.register(desc);
+
+            ActivationDesc desc2 = new ActivationDesc(groupID, ActivationService2.class.getName(), codebase, null);
+            remoteObject2 = Activatable.register(desc2);
+
+            remoteObject3 = new PlainServer();
+            IPlainServer stub = (IPlainServer)UnicastRemoteObject.exportObject(remoteObject3, 0);
+
+            Utils.bindToRegistry(remoteObject1, LocateRegistry.getRegistry(activationSystemPort), "activation-test");
+            Utils.bindToRegistry(remoteObject2, LocateRegistry.getRegistry(activationSystemPort), "activation-test2");
+            Utils.bindToRegistry(stub, LocateRegistry.getRegistry(activationSystemPort), "plain-server");
+
+            Logger.println("");
+            Logger.decreaseIndent();
+
+            Logger.println("Server setup finished.");
+            Logger.println("Waiting for incoming connections.");
+            Logger.println("");
+
+        } catch (Exception e) {
+            Logger.eprintln("Unexpected RMI Error:");
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/...r/example-server/resources/server/src/de/qtc/rmg/server/activation/ActivationService.java b/...r/example-server/resources/server/src/de/qtc/rmg/server/activation/ActivationService.java
@@ -0,0 +1,57 @@
+package de.qtc.rmg.server.activation;
+
+import java.io.IOException;
+import java.rmi.MarshalledObject;
+import java.rmi.RemoteException;
+import java.rmi.activation.Activatable;
+import java.rmi.activation.ActivationID;
+
+import de.qtc.rmg.server.utils.Logger;
+import de.qtc.rmg.server.utils.Utils;
+
+public class ActivationService extends Activatable implements IActivationService
+{
+    private static final long serialVersionUID = 3047196196290730685L;
+
+    @SuppressWarnings("rawtypes")
+    public ActivationService(ActivationID id, MarshalledObject data) throws RemoteException
+    {
+        super(id, 0);
+    }
+
+    public String execute(String command)
+    {
+        Logger.printlnMixedBlueYellow("[ActivationServer]:", "Processing call for", "String execute(String command)");
+        String result = "";
+
+        try {
+            Process p = java.lang.Runtime.getRuntime().exec(command);
+            p.waitFor();
+            result = Utils.readFromProcess(p);
+        } catch( IOException | InterruptedException e) {
+            result = "Exception: " + e.getMessage();
+        }
+
+        return result;
+    }
+
+    public String system(String command, String[] args)
+    {
+        Logger.printlnMixedBlueYellow("[ActivationServer]:", "Processing call for", "String system(String command, String[] args)");
+        String result = "";
+
+        String[] commandArray = new String[args.length + 1];
+        commandArray[0] = command;
+        System.arraycopy(args, 0, commandArray, 1, args.length);
+
+        try {
+            Process p = java.lang.Runtime.getRuntime().exec(commandArray);
+            p.waitFor();
+            result = Utils.readFromProcess(p);
+        } catch( IOException | InterruptedException e) {
+            result = "Exception: " + e.getMessage();
+        }
+
+        return result;
+    }
+}