WSH 2.0.1

  WSH (Web Shell) - remote UNIX/WIN  shell, that works via HTTP/HTTPS.

FEATURES

  + SSL support (*);
  + command line history support (**);
  + file upload/download;
  + protect server part script usage with secret key in HTTP message;
  + data flow Xor encoding;
  + can work trough HTTP proxy server (to hide client ip or bypass firewall);

    (*) Net::SSLeay package is required on the client host:
    Download it at:
    http://search.cpan.org/author/SAMPO/Net_SSLeay.pm-1.22/

    (**) - next packages are required on the client host:
    1) readline-4.2a.tar.gz or later from
       http://www.gnu.org/directory/readline.html
    2) ReadLine-Gnu-1.12.tar.gz or later from
       http://search.cpan.org/search?dist=Term-ReadLine-Gnu

HOW IT WORKS

  +----------+        +------------+    |   +-------------------+
  | CLIENT   |<-HTTP->| http proxy |<-HTTP->| WEB SERVER        |
  | wsh-c.pl |        | (optional) |    |   | /cgi-bin/wsh-s.pl |
  +----------+        +------------+    |   +-------------------+
                                        |
                                     Firewall?

  wsh-c.pl provides shell-like prompt, encapsulating  user  commands  into  HTTP
  POST requests and sending them to the wsh-s.pl script on the target web server
  directly or via HTTP proxy server. wsh-s.pl  extracts  and  executes  commands
  from HTTP post requests and returns STDOUT and STDERR output as HTTP  response
  message.  By default both scripts encode HTTP data with Xor.

INSTALLATION

  1. Check path to perl in the "config.pl" file;
  2. Run "config.pl";
     Check the file "wsh-c.conf", if you want to use HTTP proxy;
        use_proxy	1
        proxy_ip	<ip>
        port            <port>
  3. Check path to perl and file permissions in the newly created "wsh-c.pl";
  4. Check the following directives in the "wsh-s.pl" file:
        my $win32 = 0;     # set $win32 = 1 to turn on WIN support
	my $encode = 1;    # set $encode = 1 to turn on Xor encoding
	my $invert = 85;   # xor value
  5. Upload wsh-s.pl under the server cgi-bin directory and check path to perl;

  About SSL :

  a. If you use a SSL wsh-c.pl client, you can configure the client to check the
     server certificate CN (but this check can be circumvented !):
	my $ssl_set_check=1;            # (0 || 1) don't or check the  webserver
					#          ssl certificate with internal
					#          ssl_crt_subject.
	my $ssl_crt_subject="/C=Fr/ST=Paris/L=Paris/O=XXX/OU=XXX/CN=XXX";
     => You only have to execute the wsh-c.pl client one time and  grab  the  CN
	displayed by the error message.

  b. We didn't check the wsh-c-SSL.pl client on a Win32 platform. If you  manage
     to install the Net::SSLeay on Win32 and check wsh-c-SSL.pl, send us a mail.

USAGE

  sh# ./wsh-c.pl targethost.com/cgi-bin/wsh-s.pl <Key>

  <Key>  is the default KEY,  if you do not change it with config.pl or
  manually in wsh-c.conf and wsh-s.pl files.

  WSH commands:
    exit           as is;
    history        show commands history;
    !<number>      execute command with history <number>;
    wshget <file>  get <file> from remote host to local directory;
    wshput <file>  put <file> from local directory to remote host;
    lect <lecter:> change to lecter on Win32 (ex: "lect d:");

LICENSE

  WebShell is distributed under the terms of the GNU General Public License v2.0
  See the file COPYING for details.

AUTHORS

  Alex Dyatlov <alex@gray-world.net>     - basic WSH code.
  Simon Castro <scastro@entreelibre.com> - WIN environment and SSL support.

  Latest WSH version is available at:
  http://gray-world.net/
  http://www.entreelibre.com/simsim/wsh/

  WSH discussion board at:
  http://gray-world.net/board/

