readme

Wsh, "Web Shell" - 远程控制UNIX/WIN SHELL

WSH 2.2.1
=========

===============================================================================

GRAY-WORLD.NET / WSH
====================

 The WSH program is part of the Gray-World.net projects.

  Our Gray-World Team uses the http://gray-world.net  website  to  present  the
projects and publications we are working at. Our activity dwells  in  the  NACS
(Network Access Control System) bypassing research  field  and  is  related  to
computer and network security topics.

===============================================================================

  WSH (Web Shell) - remote UNIX/WIN  shell, that works via HTTP/HTTPS.

FEATURES
--------

  + SSL support (*);
  + command line history support (**);
  + file upload/download;
  + protect server part script usage with secret key in HTTP message;
  + data flow Xor encoding;
  + can work trough HTTP proxy server (to hide client ip or bypass firewall);

    (*) Net::SSLeay package is required on the client host:
    Download it at:
    http://search.cpan.org/author/SAMPO/Net_SSLeay.pm-1.22/

    (**) - next packages are required on the client host:
    1) readline-4.2a.tar.gz or later from
       http://www.gnu.org/directory/readline.html
    2) ReadLine-Gnu-1.12.tar.gz or later from
       http://search.cpan.org/search?dist=Term-ReadLine-Gnu

HOW IT WORKS
------------

  +----------+        +------------+    |   +-------------------+
  | CLIENT   |<-HTTP->| http proxy |<-HTTP->| WEB SERVER        |
  | wsh-c.pl |        | (optional) |    |   | /cgi-bin/wsh-s    |
  +----------+        +------------+    |   +-------------------+
                                        |
                                     Firewall?

  wsh-c.pl  provides shell-like prompt, encapsulating  user  commands into HTTP
  POST requests and sending them to the wsh-s script on  the  target web server
  directly or via HTTP proxy server; wsh-s extracts and executes  commands from
  HTTP post requests and returns  STDOUT  and  STDERR  output  as HTTP response
  message. By default both scripts encode HTTP data using Xor.

INSTALLATION
------------

  1. Check path to perl in the "config.pl" file;
  2. Run "config.pl" : `./config.pl`
     OPTIONAL ----------------------------------------------------
       Modify the file "wsh-c.conf", if you want to use HTTP proxy;
          use_proxy	1
          proxy_ip	<ip>
          port          <port>
       Check other client configuration options also..
     -------------------------------------------------------------
  3. For the wsh-s.c and WshServlet.java,  check  the  Shell  (*Nix  or  Win32)
     location;
  4a. Perl server version :
      + Check path to perl and permissions of the newly created "wsh-c.pl";
      + Upload wsh-s.pl under the target cgi-bin directory and  check  path  to
        perl;
  4b. C server version :  
      + Upload wsh-s.c under  the  target  cgi-bin  directory  and  compile  it
        (remove the source code after) :
        * Under *Nix               : gcc -g2 -Wall -o wsh-s wsh-s.c
        * Under Win32 (Visual C++) : cl /W3 wsh-s.c ws2_32.lib
        * Under Win32 Cygwin       : Set the WIN32_RUN variable  in  the source
          code and build it as for the *Nix version.
  4c. Java servlet version : 
      + Upload the java built version under a servlet executable location.

  About SSL :

  a. If you use a SSL wsh-c.pl client, you can configure the client to check the
     server certificate CN (but this check can be circumvented !):
	my $ssl_set_check=1;            # (0 || 1) don't or check the  webserver
					#          ssl certificate with internal
					#          ssl_crt_subject.
	my $ssl_crt_subject="/C=Fr/ST=Paris/L=Paris/O=XXX/OU=XXX/CN=XXX";
     => You only have to execute the wsh-c.pl client one time and  grab  the  CN
	displayed by the error message.

  b. We didn't check the wsh-c-SSL.pl client on a Win32 platform. If you  manage
     to install the Net::SSLeay on Win32 and check wsh-c-SSL.pl, send us a mail.

USAGE
-----

  sh# client/wsh-c.pl targethost.com/cgi-bin/wsh-s.pl <Key>
  ..or
  sh# client/wsh-c.pl targethost.com/cgi-bin/wsh-s <Key>
  ..if you install the wsh-s C version or
  sh# client/wsh-c.pl targethost.com/servlet/WshServlet <Key>
  ..if you install the wsh-s java servlet version.

  <Key>  is the default KEY,  if you do not change it with config.pl or manually
  in wsh-c.conf and wsh-s.pl/wsh-s.c/WshServlet.java files.

  WSH commands:
    exit           as is;
    history        show commands history;
    !<number>      execute command with history <number>;
    wshget <file>  get <file> from remote host to local directory;
    wshput <file>  put <file> from local directory to remote host;
    lect <lecter:> change to lecter on Win32 (ex: "lect d:");

LICENSE
-------

  WebShell is distributed under the terms of the GNU General Public License v2.0
  and is copyright (c) 2002,2003,2004 Alex Dyatlov  <alex  [at]  gray-world.net>
  and Simon Castro <scastro [at] entreelibre.com>.
  See the file COPYING for details.

AUTHORS
-------

  Alex Dyatlov <alex [at] gray-world.net>     - basic WSH code.
  Simon Castro <scastro [at] entreelibre.com> - WIN environment and SSL support,
                                                wsh-s C version,
                                                WshServlet java version.

  Latest WSH version is available on the official gray-world.net website :
  http://gray-world.net/
  or on its mirror :
  http://www.entreelibre.com/gray-world.net/

  WSH discussion board at:
  http://gray-world.net/board/