GRAY-WORLD.NET TEAM
Unusual firewall bypassing techniques, network and computer security.

.deirc dna nwod tas gniht elttil roop eht ,gniyrt htiw tuo flesreh derit dah ehs nehw dna ;yreppils oot saw ti tub ,elbat eht fo sgel eht fo eno pu bmilc ot tseb reh deirt ehs dna ,ssalg eht hguorht ylnialp etiuq ti ees dluoc ehs :ti hcaer ylbissop ton dluoc ehs dnuof ehs ,ti rof elbat eht ot kcab tnew ehs nehw dna ,yek nedlog elttil eht nettogrof dah ehs dnuof ehs ,rood eht ot tog ehs nehw !ecilA roop rof sala ,tub ;ecno ta nedrag eht otni gniog no dediced ehs ,deneppah erom gnihton taht gnidnif ,elihw a retfA

Lewis Carroll "Alice In Wonderland"
Alice
Chinese French Russian Spanish Polish Italian
Home | Projects | Papers | Forum | Team | Links | Contributions
 Projects 

Wsh, "Web Shell" - remote UNIX/WIN shell, that works via HTTP/HTTPS. The package contains two perl scripts for server and client hosts, one C source code and one Java servlet code for the server host : the client script is for console usage and the server scripts run as CGI/Servlet scripts on the target host.

The client part provides shell-like prompt, encapsulating user commands into HTTP POST requests and sending them to the server part script on the target web server directly or via HTTP proxy server. The server part extracts and executes commands from HTTP post requests and returns STDOUT and STDERR output as HTTP response messages. By default both scripts encode HTTP data with Xor.

The key Web Shell features: SSL support (*), Command line history support (*), File upload/download, Protect server part script usage with secret key inside HTTP message, Data flow Xor encoding, Can work trough HTTP proxy server.

(*) - Additional packages are required on the client host.

Alex Dyatlov, Simon Castro
Current Wsh version: 2.2.2; README , CHANGELOG
Download | md5sum: 4b7f51d186b65bd16e304b507b96613c
http://gray-world.net/projects/wsh/wsh-2.2.2.tar.gz

Index of projects



Skeeve - is POC tool allowing to tunnel TCP connection into ICMP echo requests/reply using a spoofing method and a bounce server. [learn more]


Team member's sites: blog.0x557.org/icbm/


GNU  GNU General Public License
 GNU Free Documentation License
IRC://irc.gray-world.net:6677/gray-world.net
CHANGELOG, MIRRORS, LEGAL NOTICE