crash.software
Projects
Pull Requests
Issues
Builds
100-redteam-projects
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY 100-redteam-projects Commits 65a6207e
🤬
  • ■ ■ ■ ■ ■ ■
    Projects/9_remote_command_execution/README.md
     1 +<h1 align="center">Remote command execution</h1>
     2 + 
     3 +## :information_source: technologies used
     4 + 
     5 +* python3
     6 +* flask
     7 +* flask_httpauth
     8 + 
     9 +## :information_source: Running the code
     10 + 
     11 +To run this code, follow these steps:
     12 + 
     13 +1. Install the project's dependencies using the `requirements.txt` file:
     14 + 
     15 +```bash
     16 +pip3 install -r requirements.txt
     17 +```
     18 + 
     19 +2. Run the main.py script:
     20 + 
     21 +```bash
     22 +python3 main.py
     23 +```
     24 + 
     25 +3. To run a command, you can add it as a parameter in the URL, along with a basic username and password authentication, here's an example curl:
     26 + 
     27 +```bash
     28 +curl -u admin:password -X GET -i http://localhost:5000/?command=ls -la
     29 +```
     30 + 
     31 +If the command runs successfully, you will see the command output in the browser. If an error occurs, you will see an error message.
  • ■ ■ ■ ■ ■ ■
    Projects/9_remote_command_execution/main.py
     1 +from flask import Flask, request
     2 +from flask_httpauth import HTTPBasicAuth
     3 +import subprocess
     4 + 
     5 +app = Flask(__name__)
     6 +auth = HTTPBasicAuth()
     7 + 
     8 +users = {
     9 + "admin": "password"
     10 +}
     11 + 
     12 +@auth.get_password
     13 +def get_pw(username):
     14 + if username in users:
     15 + return users.get(username)
     16 + return None
     17 + 
     18 +@app.route("/")
     19 +@auth.login_required
     20 +def index():
     21 + command = request.args.get("command")
     22 + try:
     23 + output = subprocess.check_output(command, shell=True)
     24 + return output.decode()
     25 + except subprocess.CalledProcessError as e:
     26 + return str(e)
     27 + 
     28 +if __name__ == "__main__":
     29 + app.run()
     30 + 
  • ■ ■ ■ ■ ■ ■
    Projects/9_remote_command_execution/requirements.txt
     1 +flask
     2 +flask_httpauth
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 39 lines
    40 40  [6] | TCP chat server -> The messages should be encoded with Caesar Cipher | :x:
    41 41  [7] | ROT13 Cipher | :heavy_check_mark:
    42 42  [8] | UDP Chat server -> The messages should be encoded with ROT13 Cipher | :x:
    43  -[9] | Remote command execution | :x:
     43 +[9] | Remote command execution | :heavy_check_mark:
    44 44  [10] | Recreate the Netcat tool | :x:
    45 45  -------------------------------------------------------------------------------------------------------------------------------------------
    46 46  Level 2 | Essential | Exemple
    skipped 41 lines
    88 88  ------------------------------------------------|------------------------------------------|-----------------------------------------------
    89 89  [45] | Packet Data analysis | :x:
    90 90  [46] | Packet image analysis with OpenCV | :x:
    91  -[47] | Develop a hexdump tool | ✔️:
     91 +[47] | Develop a hexdump tool | ✔️
    92 92  [48] | Payload that moves the mouse cursor | :x:
    93 93  [49] | Vigenère Cipher | :x:
    94 94  [50] | Payload that starts automatically using Windows Regedit | :x:
    skipped 73 lines
Please wait...
Page is in error, reload to recover