s8ctf

1. package main
2.  
3. import (
4.     "fmt"
5.     "net/http"
6.     "os/exec"
7.     "regexp"
8.     "strings"
9. )
10.  
11. func main() {
12.     http.HandleFunc("/", handleIndex) // Serve index.html
13.     http.HandleFunc("/ping", handlePing) // Handle ping form submissions
14.  
15.     fmt.Println("Starting server on :8080")
16.     http.ListenAndServe(":8080", nil)
17. }
18.  
19. func handleIndex(w http.ResponseWriter, r *http.Request) {
20.     http.ServeFile(w, r, "index.html") // Serve the index.html file
21. }
22.  
23. func handlePing(w http.ResponseWriter, r *http.Request) {
24.     if r.Method == http.MethodPost {
25.         ip := r.FormValue("ip")
26.         if isValidIP(ip) {
27.             // Blacklist special characters
28.             blacklist := []string{"&", ";", "|", "$", "<", ">", "`", "\\", "'", "\"", "[", "]", "{", "}", "(", ")", "?", "#", "!"}
29.             for _, char := range blacklist {
30.                 ip = strings.ReplaceAll(ip, char, "")
31.             }
32.  
33.             // Execute the shell command
34.             cmd := exec.Command("ping", "-c", "1", ip)
35.             output, err := cmd.CombinedOutput()
36.             if err != nil {
37.                 fmt.Fprintf(w, "<pre>Error executing ping: %v</pre>", err)
38.                 return
39.             }
40.  
41.             // Return the result in HTML format
42.             fmt.Fprintf(w, "<pre>%s</pre>", string(output))
43.         } else {
44.             fmt.Fprintf(w, "Invalid IP address.")
45.         }
46.     }
47. }
48.  
49. // Function to validate IP format
50. func isValidIP(ip string) bool {
51.     ipv4Regex := `^(([0-9]{1,3}\.){3}[0-9]{1,3})$`
52.     match, _ := regexp.MatchString(ipv4Regex, ip)
53.     return match
54. }
55.