diff options
| author | Evgeny Zinoviev <me@ch1p.io> | 2021-03-23 03:44:21 +0300 |
|---|---|---|
| committer | Evgeny Zinoviev <me@ch1p.io> | 2021-03-23 03:44:21 +0300 |
| commit | fd1f743452ef5534676645e6aec61008108252a1 (patch) | |
| tree | 2d489b8c9fa548e607c7feee3ae68f0d8836da29 | |
| parent | 534500d21247d4c904090425d3a924c18afea135 (diff) | |
shell-backdoor
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | configstore.py | 4 | ||||
| -rw-r--r-- | main.py | 32 |
3 files changed, 37 insertions, 0 deletions
@@ -19,6 +19,7 @@ token=YOUR_TOKEN admins= 123456 ; admin id 000123 ; another admin id +shell_admin=123456 ; admin that's allowed to spawn shell commands isv_bin=/path/to/isv use_sudo=0 ``` diff --git a/configstore.py b/configstore.py index fcaa5c8..36765d6 100644 --- a/configstore.py +++ b/configstore.py @@ -37,6 +37,10 @@ def get_token() -> str: return get_config()['token'] +def get_shell_admin_id() -> int: + return int(get_config()['shell_admin']) + + def get_admins() -> tuple: config = get_config() return tuple([int(s) for s in re.findall(r'\b\d+\b', config['admins'], flags=re.MULTILINE)]) @@ -3,6 +3,8 @@ import re import datetime import isv import configstore +import subprocess +import os from time import sleep from strings import lang as _ @@ -89,6 +91,30 @@ def msg_status(update: Update, context: CallbackContext) -> None: reply(update, 'exception: ' + str(e)) +def msg_shell(update: Update, context: CallbackContext) -> None: + try: + argv = re.findall('^shell (.*)$', update.message.text)[0].split() + result = subprocess.run(argv, capture_output=True) + if result.returncode != 0: + raise ChildProcessError('spawned process returned ' + str(result.returncode)) + + buf = '[stdout] ' + result.stdout.decode('utf-8') + buf += '\n[stderr] ' + result.stderr.decode('utf-8') + reply(update, buf) + except Exception as e: + logging.exception(str(e)) + reply(update, 'exception: ' + str(e)) + + +def msg_spawn(update: Update, context: CallbackContext) -> None: + try: + argv = re.findall('^spawn (.*)$', update.message.text)[0].split() + os.spawnlp(os.P_NOWAIT, argv[0], *argv) + except Exception as e: + logging.exception(str(e)) + reply(update, 'exception: ' + str(e)) + + def msg_generation(update: Update, context: CallbackContext) -> None: try: today = datetime.date.today() @@ -170,15 +196,21 @@ if __name__ == '__main__': dispatcher = updater.dispatcher user_filter = Filters.user(configstore.get_admins()) + shell_admin_filter = Filters.user((configstore.get_shell_admin_id(), )) dispatcher.add_handler(CommandHandler('start', start)) + dispatcher.add_handler(MessageHandler(Filters.regex(r'^shell ') & shell_admin_filter, msg_shell)) + dispatcher.add_handler(MessageHandler(Filters.regex(r'^spawn ') & shell_admin_filter, msg_spawn)) + dispatcher.add_handler(MessageHandler(Filters.text(_('status')) & user_filter, msg_status)) dispatcher.add_handler(MessageHandler(Filters.text(_('generation')) & user_filter, msg_generation)) dispatcher.add_handler(MessageHandler(Filters.text(_('gs')) & user_filter, msg_gs)) dispatcher.add_handler(MessageHandler(Filters.text(_('ri')) & user_filter, msg_ri)) dispatcher.add_handler(MessageHandler(Filters.text(_('errors')) & user_filter, msg_errors)) + dispatcher.add_handler(MessageHandler(Filters.all & user_filter, msg_all)) + # start the bot updater.start_polling() |