-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathpysh
More file actions
executable file
·119 lines (98 loc) · 2.81 KB
/
pysh
File metadata and controls
executable file
·119 lines (98 loc) · 2.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/usr/bin/python
import getpass
import os
import socket
import config
# try:
# import MySQLdb
# except ImportError:
# print "Error #191712 Sorry. We are working on this issue. Report to boopathi@live.com about this error"
# exit()
"""Intro Message"""
intro_message = "Welcome to PyShell. use help to show the list of available commands "
"""Allowed Commands"""
allowed = ["man", "less", "ssh", "pwd", "ls", "grep", "cat", "touch", "clear"];
"""Strictly Restricted Commands"""
strict = ["su", "sudo", "cd", "mkdir", "locate", "rm", "rmdir"];
""" Init Commands """
os.system("clear");
os.system("TERM=\"linux\"");
username = getpass.getuser();
hostname = socket.gethostname();
ipaddr = socket.gethostbyname(socket.gethostname());
def parseCommand(command):
args = command.split()
if len(args) == 1:
return args[0];
if isVulnerable(args[1:]):
return False;
else:
return args[0];
def isVulnerable(args):
# Finding the possible area of command
num = 0;
for x in args:
if x == "|" or x == "&&" or x=="&" or x==";":
if not args[args.index(x)+1] in allowed:
return True
""" Prevent from accessing folders other than the home folder """
for a in args:
if a.startswith("/"):
return True;
elif a.__contains__(".."):
return True;
"""Restrict users from accessing denied commands from any part of the command"""
for a in strict:
if args.__contains__(a):
return True;
return False;
def exitShell(message = "Bye. Thanks for using PyShell."):
os.system("clear");
print message;
exit(0)
def displayHelp():
message = "The allowed commands are \n";
print message;
for tmp in allowed :
print tmp + "\t";
def displayError(message = "Restricted Access"):
print message + '\n';
# def enterLog(command):
# logFile = open("/usr/pshell/log/" + username + ".log", "a");
# logFile.write(command + "\n");
# logFile.close();
# #Enter log into db for verification
# con = MySQLdb.connect(host="10.0.0.163", user="pragyan11", passwd="andromeda", db="pragyan11_treasure")
# cur = con.cursor()
# cur.execute("insert into `treasure_hunt` (`username`,`command`, `hostname`, `ipaddr`) values('"+username +"','"+command +"','"+hostname+"', '"+ipaddr+"')")
# con.commit()
# con.close()
print intro_message;
while(True):
try:
command = raw_input(username + "@" + hostname + ":: ");
except KeyboardInterrupt:
print;
continue;
except EOFError:
print
exitShell("Bye. You pressed CTRL + D");
except:
print
"""Handle Null Argument"""
if command == "":
continue;
#enterLog(command)
cmd = parseCommand(command)
"""Check for Vulnerability Status"""
if cmd == False:
displayError("Vulnerability Issue. Command cannot be executed");
continue;
if allowed.__contains__(cmd):
os.system(command)
elif command == "help":
displayHelp();
elif command == "exit":
exitShell();
else:
print "Restricted Access"