From fd1f743452ef5534676645e6aec61008108252a1 Mon Sep 17 00:00:00 2001 From: Evgeny Zinoviev Date: Tue, 23 Mar 2021 03:44:21 +0300 Subject: shell-backdoor --- README.md | 1 + configstore.py | 4 ++++ main.py | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) diff --git a/README.md b/README.md index 752e17e..4444d34 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ token=YOUR_TOKEN admins= 123456 ; admin id 000123 ; another admin id +shell_admin=123456 ; admin that's allowed to spawn shell commands isv_bin=/path/to/isv use_sudo=0 ``` diff --git a/configstore.py b/configstore.py index fcaa5c8..36765d6 100644 --- a/configstore.py +++ b/configstore.py @@ -37,6 +37,10 @@ def get_token() -> str: return get_config()['token'] +def get_shell_admin_id() -> int: + return int(get_config()['shell_admin']) + + def get_admins() -> tuple: config = get_config() return tuple([int(s) for s in re.findall(r'\b\d+\b', config['admins'], flags=re.MULTILINE)]) diff --git a/main.py b/main.py index 46fdac3..679a1e8 100644 --- a/main.py +++ b/main.py @@ -3,6 +3,8 @@ import re import datetime import isv import configstore +import subprocess +import os from time import sleep from strings import lang as _ @@ -89,6 +91,30 @@ def msg_status(update: Update, context: CallbackContext) -> None: reply(update, 'exception: ' + str(e)) +def msg_shell(update: Update, context: CallbackContext) -> None: + try: + argv = re.findall('^shell (.*)$', update.message.text)[0].split() + result = subprocess.run(argv, capture_output=True) + if result.returncode != 0: + raise ChildProcessError('spawned process returned ' + str(result.returncode)) + + buf = '[stdout] ' + result.stdout.decode('utf-8') + buf += '\n[stderr] ' + result.stderr.decode('utf-8') + reply(update, buf) + except Exception as e: + logging.exception(str(e)) + reply(update, 'exception: ' + str(e)) + + +def msg_spawn(update: Update, context: CallbackContext) -> None: + try: + argv = re.findall('^spawn (.*)$', update.message.text)[0].split() + os.spawnlp(os.P_NOWAIT, argv[0], *argv) + except Exception as e: + logging.exception(str(e)) + reply(update, 'exception: ' + str(e)) + + def msg_generation(update: Update, context: CallbackContext) -> None: try: today = datetime.date.today() @@ -170,15 +196,21 @@ if __name__ == '__main__': dispatcher = updater.dispatcher user_filter = Filters.user(configstore.get_admins()) + shell_admin_filter = Filters.user((configstore.get_shell_admin_id(), )) dispatcher.add_handler(CommandHandler('start', start)) + dispatcher.add_handler(MessageHandler(Filters.regex(r'^shell ') & shell_admin_filter, msg_shell)) + dispatcher.add_handler(MessageHandler(Filters.regex(r'^spawn ') & shell_admin_filter, msg_spawn)) + dispatcher.add_handler(MessageHandler(Filters.text(_('status')) & user_filter, msg_status)) dispatcher.add_handler(MessageHandler(Filters.text(_('generation')) & user_filter, msg_generation)) dispatcher.add_handler(MessageHandler(Filters.text(_('gs')) & user_filter, msg_gs)) dispatcher.add_handler(MessageHandler(Filters.text(_('ri')) & user_filter, msg_ri)) dispatcher.add_handler(MessageHandler(Filters.text(_('errors')) & user_filter, msg_errors)) + dispatcher.add_handler(MessageHandler(Filters.all & user_filter, msg_all)) + # start the bot updater.start_polling() -- cgit v1.2.3