PHP AJAX Remote Shell
Posted: Sat Mar 08, 2008 2:42 pm
I made a PHP AJAX remote shell and I'm wondering if you can think of any improvements. I've named my project "rrshell".
It consists of 2 files. One file (index.php) is the shell and contains most of the code. The other page (shell.php) simply runs commands and parses responses from the server's shell. I'm not really interested in adding security since this is the type of thing you don't just stick on a website without any HTTP auth or anything. Not sure about Linux compatibility, but I think it should work on Linux and Windows.
Download: http://files.randomresources.org/rrshell.zip
index.php:
shell.php:
It consists of 2 files. One file (index.php) is the shell and contains most of the code. The other page (shell.php) simply runs commands and parses responses from the server's shell. I'm not really interested in adding security since this is the type of thing you don't just stick on a website without any HTTP auth or anything. Not sure about Linux compatibility, but I think it should work on Linux and Windows.
Download: http://files.randomresources.org/rrshell.zip
index.php:
Code: Select all
<html>
<head>
<title>rrshell</title>
<style type="text/css">
body {background:black;color:white;font-family:courier new;}
</style>
<script language="JavaScript">
function sendcmd()
{
var cmd = document.getElementById('cmd').value;
var url = 'shell.php?cmd=' + cmd;
var id='shell';
if (document.getElementById)
{
var x = (window.ActiveXObject) ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();
}
if (x)
{
x.onreadystatechange = function()
{
if (x.readyState == 4 && x.status == 200)
{
el = document.getElementById(id);
el.innerHTML = el.innerHTML + '<br />' + x.responseText;
document.getElementById('cmd').value='';
}
}
x.open("GET", url, true);
x.send(null);
}
document.getElementById('shell'); sh.scrollTop = sh.scrollHeight;
}
</script>
</head>
<body onload="document.forms.cmdform.cmd.focus()">
<!-- SHELL -->
<div style="width:100%;height:400px;border:0;color:white;overflow:auto;" name="shell" id="shell">
><?php echo 'rrshell 0.1 ['.getenv('OS').', PHP '.PHP_VERSION.']'; ?><br />
>-----------------------------------
</div>
<hr />
<!-- INPUT -->
<form name="cmdform" onSubmit="sendcmd();return false;">
<span style="padding:2px;border:1px solid white;">
><input type="text" name="cmd" id="cmd" style="border:0;color:white;background:black;font-family:courier new;" size="75" />
</span>
<br /><br />
<input type="submit" value="Enter" />
</form>
</body>
</html>
shell.php:
Code: Select all
<?php /* rrshell 0.1 */
$cmd = $_GET['cmd'];
if(!empty($_GET['cmd']))
{
echo '>'.$cmd.'<br />';
exec($cmd,$results);
$results = nl2br(htmlentities(implode("\n",$results)));
echo $results;
}
else
{
echo '(No command.)';
}
?>