[Python] shellman.py - use a php webshell to get a bash like shell session

[d4rkcat]

Got bored yesterday so I made this bash-like webshell.

upload files with:

Code: [Select]

upload /path/to/local/file (remotefile)
download files with:

Code: [Select]

download remotefile (/path/to/local/file)
() == optional

You can use any of these local text editor software to write a file to the remote shell's pwd:

Code: [Select]

vi new.php
nano new.php
pico new.php
emacs new.php
Also there is tab completion for the contents of the remote directory.

Enjoy!

https://github.com/d4rkcat/shellman

[gist]d4rkcat/8433697[/gist]

[Phage]

Overall, nice idea/project


I have a few things to add though. I would recommend you to use Requests instead of urllib and urllib2. And at the bottom of your code, you have quite a log of if/else statements, try to find a way to shorten it down

[kenjoe41]

I have to agree i recently fell in love with Requests cos it's way superior to urllib/urllib2, quite pythonic and has a vast documentation, wait, it also supports asynchronous requests, oauth, etc. It always comes in handy in scraping projects where Beautifulsoup and lxml become alittle slow.

[vezzy]

Requests is superfluous and unnecessary for small scripts like this. The stdlib does fine.

[d4rkcat]

UPDATE:
 I have edited the script to only use post requests.

Thanks for the advice, Phage, kenjoe41 and vezzy.
Phage, I'm interested in cutting down on the if/else statements at the end of the script, but have been unable to do so without affecting the functionality. Any ideas are much appreciated! 

[RedBullAddicted]

Hi d4rkcat,

cutting down the if/else statements? Don't know what Phages solution would be but I would use Pythons awesome list, dictionary features Something like that:

Code: (Python) [Select]

>>> cmdreplace = {"ifconfig":"/sbin/ifconfig", "arp":"/usr/sbin/arp", "route":"/sbin/route"}
>>> for key, value in cmdreplace.iteritems():
...     print "take this %s and replace it with this %s" %(key, value)
...
take this arp and replace it with this /usr/sbin/arp
take this route and replace it with this /sbin/route
take this ifconfig and replace it with this /sbin/ifconfig

EDIT: I must admit I haven't had a closer look to your script before I wrote that. It seems like there are other things that could be optimized by implementing more functions. There are code-parts that are very similar. If I find the time today I will go through it more deeply and point these things out. Sadly I am very busy lately so I can't promise anything

[Phage]

Same solution as you bra


I was in a bit of a hurry when I wrote that reply, so I didn't have the time to include code etc.

[d4rkcat]

Thanks for the ideas,

it doesnt work though...

Code: (python) [Select]

cmdreplace = {"ifconfig":"/sbin/ifconfig", "arp":"/usr/sbin/arp", "route":"/sbin/route"}
    for key, value in cmdreplace.iteritems():
        cmd = command.replace(key, value)

    print cmd
Only replaces the first command, ifconfig, same problem that I was having earlier..

UPDATE:
Have Included user agent password and script makes it own webshell with -g

[RedBullAddicted]

Yes.. you still need your conditional statement. Not exactly sure what it was but I guess something like that

Code: (Python) [Select]

cmdreplace = {"ifconfig":"/sbin/ifconfig", "arp":"/usr/sbin/arp", "route":"/sbin/route"}
for key, value in cmdreplace.iteritems():
    if key in command:
        cmd = command.replace(key, value)

Cheers,
RBA

[d4rkcat]

Yes.. you still need your conditional statement. Not exactly sure what it was but I guess something like that

Awesome!  Thanks RBA, that fixed it!

Python is pure pwnage.

[vezzy]

It's not Lisp, but it does the job.