PHP AJAX Remote Shell

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

PHP AJAX Remote Shell

Post by toasty2 »

I made a PHP AJAX remote shell and I'm wondering if you can think of any improvements. I've named my project "rrshell".

It consists of 2 files. One file (index.php) is the shell and contains most of the code. The other page (shell.php) simply runs commands and parses responses from the server's shell. I'm not really interested in adding security since this is the type of thing you don't just stick on a website without any HTTP auth or anything. Not sure about Linux compatibility, but I think it should work on Linux and Windows.

Download: http://files.randomresources.org/rrshell.zip

index.php:

Code: Select all

<html>
<head>
    <title>rrshell</title>
    <style type="text/css">
    body {background:black;color:white;font-family:courier new;}
    </style>
    <script language="JavaScript">
    function sendcmd()
    {
        var cmd = document.getElementById('cmd').value;
        var url = 'shell.php?cmd=' + cmd;
        var id='shell';
        
        if (document.getElementById)
        {
            var x = (window.ActiveXObject) ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();
        }
        if (x)
        {
            x.onreadystatechange = function()
            {
                if (x.readyState == 4 && x.status == 200)
                {
                    el = document.getElementById(id);
                    el.innerHTML = el.innerHTML + '<br />' + x.responseText;
                    document.getElementById('cmd').value='';
                }
            }
            x.open("GET", url, true);
            x.send(null);
        }
        document.getElementById('shell'); sh.scrollTop = sh.scrollHeight;
    }
    </script>
</head>
<body onload="document.forms.cmdform.cmd.focus()">
 
<!-- SHELL -->
<div style="width:100%;height:400px;border:0;color:white;overflow:auto;" name="shell" id="shell">
><?php echo 'rrshell 0.1 ['.getenv('OS').', PHP '.PHP_VERSION.']'; ?><br />
>-----------------------------------
</div>
 
<hr />
 
<!-- INPUT -->
<form name="cmdform" onSubmit="sendcmd();return false;">
<span style="padding:2px;border:1px solid white;">
><input type="text" name="cmd" id="cmd" style="border:0;color:white;background:black;font-family:courier new;" size="75" />
</span>
<br /><br />
<input type="submit" value="Enter" />
</form>
</body>
</html>
 

shell.php:

Code: Select all

<?php /* rrshell 0.1 */
$cmd = $_GET['cmd'];
 
if(!empty($_GET['cmd']))
{
    echo '>'.$cmd.'<br />';
    exec($cmd,$results);
    $results = nl2br(htmlentities(implode("\n",$results)));
    echo $results;
}
else
{
    echo '(No command.)';
}
?>
anto91
Forum Commoner
Posts: 58
Joined: Mon Mar 10, 2008 10:59 am
Location: Sweden

Re: PHP AJAX Remote Shell

Post by anto91 »

Didnt work for me, running ubuntu 7.10 gusty.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Re: PHP AJAX Remote Shell

Post by Jenk »

use shell_exec() instead of exec(), so the use of implode() is not needed :)
toasty2
Forum Contributor
Posts: 361
Joined: Wed Aug 03, 2005 10:28 am
Location: Arkansas, USA

Re: PHP AJAX Remote Shell

Post by toasty2 »

Ah good suggestion. New version uploaded.
Post Reply