Page 1 of 1

PHP AJAX Remote Shell

Posted: Sat Mar 08, 2008 2:42 pm
by toasty2
I made a PHP AJAX remote shell and I'm wondering if you can think of any improvements. I've named my project "rrshell".

It consists of 2 files. One file (index.php) is the shell and contains most of the code. The other page (shell.php) simply runs commands and parses responses from the server's shell. I'm not really interested in adding security since this is the type of thing you don't just stick on a website without any HTTP auth or anything. Not sure about Linux compatibility, but I think it should work on Linux and Windows.

Download: http://files.randomresources.org/rrshell.zip

index.php:

Code: Select all

<html>
<head>
    <title>rrshell</title>
    <style type="text/css">
    body {background:black;color:white;font-family:courier new;}
    </style>
    <script language="JavaScript">
    function sendcmd()
    {
        var cmd = document.getElementById('cmd').value;
        var url = 'shell.php?cmd=' + cmd;
        var id='shell';
        
        if (document.getElementById)
        {
            var x = (window.ActiveXObject) ? new ActiveXObject("Microsoft.XMLHTTP") : new XMLHttpRequest();
        }
        if (x)
        {
            x.onreadystatechange = function()
            {
                if (x.readyState == 4 && x.status == 200)
                {
                    el = document.getElementById(id);
                    el.innerHTML = el.innerHTML + '<br />' + x.responseText;
                    document.getElementById('cmd').value='';
                }
            }
            x.open("GET", url, true);
            x.send(null);
        }
        document.getElementById('shell'); sh.scrollTop = sh.scrollHeight;
    }
    </script>
</head>
<body onload="document.forms.cmdform.cmd.focus()">
 
<!-- SHELL -->
<div style="width:100%;height:400px;border:0;color:white;overflow:auto;" name="shell" id="shell">
><?php echo 'rrshell 0.1 ['.getenv('OS').', PHP '.PHP_VERSION.']'; ?><br />
>-----------------------------------
</div>
 
<hr />
 
<!-- INPUT -->
<form name="cmdform" onSubmit="sendcmd();return false;">
<span style="padding:2px;border:1px solid white;">
><input type="text" name="cmd" id="cmd" style="border:0;color:white;background:black;font-family:courier new;" size="75" />
</span>
<br /><br />
<input type="submit" value="Enter" />
</form>
</body>
</html>
 

shell.php:

Code: Select all

<?php /* rrshell 0.1 */
$cmd = $_GET['cmd'];
 
if(!empty($_GET['cmd']))
{
    echo '>'.$cmd.'<br />';
    exec($cmd,$results);
    $results = nl2br(htmlentities(implode("\n",$results)));
    echo $results;
}
else
{
    echo '(No command.)';
}
?>

Re: PHP AJAX Remote Shell

Posted: Mon Mar 10, 2008 7:43 pm
by anto91
Didnt work for me, running ubuntu 7.10 gusty.

Re: PHP AJAX Remote Shell

Posted: Tue Mar 11, 2008 7:45 am
by Jenk
use shell_exec() instead of exec(), so the use of implode() is not needed :)

Re: PHP AJAX Remote Shell

Posted: Tue Mar 11, 2008 8:40 pm
by toasty2
Ah good suggestion. New version uploaded.