diff options
-rw-r--r-- | ltshell.php | 12 | ||||
-rw-r--r-- | shell/AUTHORS | 40 | ||||
-rw-r--r-- | shell/COPYING | 340 | ||||
-rw-r--r-- | shell/ChangeLog | 225 | ||||
-rw-r--r-- | shell/INSTALL | 110 | ||||
-rw-r--r-- | shell/README | 174 | ||||
-rw-r--r-- | shell/SECURITY | 141 | ||||
-rw-r--r-- | shell/config.php | 71 | ||||
-rw-r--r-- | shell/config.php~ | 69 | ||||
-rw-r--r-- | shell/phpshell.php | 550 | ||||
-rw-r--r-- | shell/pwhash.php | 107 | ||||
-rw-r--r-- | shell/style.css | 74 |
12 files changed, 1913 insertions, 0 deletions
diff --git a/ltshell.php b/ltshell.php new file mode 100644 index 0000000..fb1eee7 --- /dev/null +++ b/ltshell.php @@ -0,0 +1,12 @@ +<?php +/* +Plugin Name: LTS WebShell +Plugin URI: http://lukeshu.ath.cx/1/src/ +Description: A web shell (phpshell-2.2) +Version: 2.2-1 +Author: Luke Shumaker +Author URI: http://lukeshu.ath.cx/1/src/ +License: GPL2 +*/ +?> + diff --git a/shell/AUTHORS b/shell/AUTHORS new file mode 100644 index 0000000..4a4aa51 --- /dev/null +++ b/shell/AUTHORS @@ -0,0 +1,40 @@ +AUTHORS file for PHP Shell +Copyright (C) 2000-2010 the Phpshell-team +Licensed under the GNU GPL. See the file COPYING for details. + + +Current maintainer: Wolfgang Dautermann <dauti@users.sourceforge.net> +Original author: Martin Geisler <mgeisler@mgeisler.net> + +Thanks goes to all these persons who have helped: + +richard@joffray.com + Fixed a problem the list of directories, if one accessed the + root-directory. + +Robert Niess <sturm@i-st.net> + Made me aware of a security hole in the handling of stderr-trapping. + +Gerry Calderhead <caldergf@everythingsucks.co.uk> + Patch for PHP 4.2.0 where register_globals are turned off. + +Jeremy Miller <JMiller@marketaxess.com> + Suggested that one could use Sudo from + + http://www.courtesan.com/sudo/ + + to let PHP Shell execute code with different privileges than the + webserver. + +Michael Zech <keldrin@web.de> + Patch to make the stderr-checkbox remember it's state. + +Wolfgang Dautermann <dauti@users.sourceforge.net> + Multiple patches, including the sorting of directory entries in the + drop down box. + +Natan Bueno Ungethuem + Patch for PHP 5.X because the function ereg was deprecated + +Tobias Unger + AddOn including an Editor ("vim") for PHP-Shell 2.1. diff --git a/shell/COPYING b/shell/COPYING new file mode 100644 index 0000000..f90922e --- /dev/null +++ b/shell/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/shell/ChangeLog b/shell/ChangeLog new file mode 100644 index 0000000..945c737 --- /dev/null +++ b/shell/ChangeLog @@ -0,0 +1,225 @@ +2010-11-29 Wolfgang Dautermann + * Reimplemented the feature to change to subdirectorys using mouseclicks (was available in older version) + +2010-11-21 Wolfgang Dautermann + * One can navigate to higher level directories using hyperlinks. + +2010-11-05 Wolfgang Dautermann + * Use SHA1 password hashing if possible. Changed project links to http://phpshell.sourceforge.net/ + +2010-01-30 Natan Bueno <natan.bueno@gmail.com> + * phpshell.php + Added AddOn to editor "vim". + +2010-01-15 Natan Bueno <natan.bueno@gmail.com> + * phpshell.php + Replaced deprecated function ereg by the function preg_match + +2005-12-27 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php: + Added code to prevent simple replay attacks by only accepting each + login form once. + +2005-12-25 Martin Geisler <mgeisler@mgeisler.net> + + * INSTALL: Information about the new internal configuration. + + * phpshell.php: Made authentication internal. + + * SECURITY: New file. + + * config.php: New file. + + * style.css: New file. Renamed from phpshell.css. + +2004-03-27 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.29: Removed debug output. + + * README 1.11: Updated documentation for new cool shell-like interface. + + * INSTALL 1.5: + Updated documentation about the command substitution using alises. + + * phpshell.css 1.2: + New styles to make the textarea and input box blend together. + + * phpshell.php 1.28: A little documentation for the alias feature. + + * phpshell.php 1.27: + The shell now looks and behaves much more like a real shell: the shell + now has a commandline history just like a real shell. + + The parsing of 'cd' commands have been rewritten so that even more + special cases are taken care of, and simple command substitution using + aliases have been introduced. + +2004-03-24 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.26: + Increased year of copyright to 2004. Fixed the references to the PNG + images, as pointed out by Michael Z. Bell. + +2003-11-11 Martin Geisler <mgeisler@mgeisler.net> + + * AUTHORS 1.6: + Added Wolfgang Dautermann <dauti@users.sourceforge.net>. + + * phpshell.php 1.25: + Ups, I commited with $passwd = array('foo' => 'bar'). + + * phpshell.php 1.24: + Wolfgang Dautermann <dauti@users.sourceforge.net> suggested + that the directory list should be sorted. + + Also, changing directory through symbolic links now works as expected, + so that it's possible to go back using 'cd ..'. + +2003-04-01 Martin Geisler <mgeisler@mgeisler.net> + + * INSTALL 1.4: + New instructions on how to change the username and password. + + * README 1.10: + Updated to be in sync with new instructions on how the password + protection works. + + * phpshell.css 1.1: New file. + + * phpshell.php 1.23: + Updated to use XHTML 1.0 Strict and the $_* variables in PHP + 4.1.0. This effectively breaks compatibility with earlier versions of + PHP. If you cannot upgrade your PHP installation (you really should + consider upgrading to get hold of the latest security and bug fixes) + when just use PhpShell version 1.7 --- there's no new functionality in + this release. + + * COPYING 1.1: New file. + + * phpshell.php 1.22: Changed PHP Shell into PhpShell. + + * phpshell.php 1.21: Added HTTP basic authentication to the script. + + * AUTHORS 1.5: Moved Jeremy Miller <JMiller@marketaxess.com>. + + * phpshell.php 1.20: Updated version. + + * AUTHORS 1.4, phpshell.php 1.19: + Applied patch from Michael Zech <keldrin@web.de> that made the + stderr-checkbox remember it's state. + +2002-09-18 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.18: + Use the directory of phpshell.php as the default working directory. + + * AUTHORS 1.3: Added Gerry Calderhead <caldergf@everythingsucks.co.uk>. + + * phpshell.php 1.17: + PHP Shell now works on PHP 4.2.0 with register_globals turned off. + +2002-06-10 Martin Geisler <mgeisler@mgeisler.net> + + * INSTALL 1.3: Added a section about Safe Mode in PHP. + + * README 1.9: + Added a section about Safe Mode in PHP. Also fixed a lot of spelling + errors. + +2002-03-23 Martin Geisler <mgeisler@mgeisler.net> + + * README 1.8: Added a version number to the file. + + * AUTHORS 1.2: Added a notice about Robert Niess <sturm@i-st.net>. + + * phpshell.php 1.16: + Added a PHPSHELL_VERSION constant. Also, when using stderr-trapping, + we now use a unique filename as returned by tempnam() - Robert Niess + <sturm@i-st.net> made me aware of this, thanks. + + * phpshell.php 1.15: Small changes in the layout. + + * phpshell.php 1.14: + Updated copyright statements - they were getting quite old :-) + + * README 1.7: + Added a tip from Jeremy Miller <JMiller@marketaxess.com> about how to + use PHP Shell together with Sudo to execute code as another user. + +2001-12-10 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.13: + I found out that 'ls -F' produced better output than 'ls -p'. + + * README 1.6: Told people about the rewriting of 'ls' into 'ls -F' + + * phpshell.php 1.12: + You can now travel through the filesystem by using the normal 'cd' + command. If your command involves 'cd', it will be intercepted and the + current working directory will be changed accordingly. + + * README 1.5: Updated the documentation a bit. + +2001-02-11 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.11: + Another suggestion from Thomas Langen <langen@langensoft.de>: some + people can't use the .php extension, so now the script uses $PHP_SELF + instead. + + * phpshell.php 1.10: + Expanded all PHP start-tags (<?) to <?php, as suggested by Thomas + Langen <langen@langensoft.de>. + +2000-11-20 Martin Geisler <mgeisler@mgeisler.net> + + * AUTHORS 1.1: New file. + + * phpshell.php 1.9: + Applied a patch from richard@joffray.com which fixed a problem with + accessing the root-directory. + +2000-09-24 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.8: Removed a debug-comment. + +2000-09-09 Martin Geisler <mgeisler@mgeisler.net> + + * README 1.4: Expanded the brief explanation at the top. + + * README 1.3: Ups, I forgot to make a description of sample.htaccess. + + * README 1.2: + Added a description of all the files found in the tarball. + + * INSTALL 1.2: Made BUGS lowercase. + + * INSTALL 1.1, README 1.1: New file. + + * phpshell.php 1.7: + Removed 'Martin Geisler' from the title, putting my name on the bottom + of the page ought to be enough :-) + +2000-08-06 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.6: + Added a link to gimpster.com at the bottom of the page + +2000-08-05 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.5: + Removed references to php3 - I now use php4 so all my files end with + just a '.php' + +2000-06-21 Martin Geisler <mgeisler@mgeisler.net> + + * phpshell.php 1.4: + Fix - there were still references to the old name: shell.php3. + + * phpshell.php 1.3: Workaround for stderr-trapping. Seams to work... + + * phpshell.php 1.2: Initial commit + + * phpshell.php 1.1: New file. + diff --git a/shell/INSTALL b/shell/INSTALL new file mode 100644 index 0000000..8d20f4b --- /dev/null +++ b/shell/INSTALL @@ -0,0 +1,110 @@ +INSTALL file for PHP Shell +Copyright (C) 2000-2010 the Phpshell-team +Licensed under the GNU GPL. See the file COPYING for details. + + +Downloading PHP Shell +===================== + +You can always get the latest version of PHP Shell from: + + http://phpshell.sourceforge.net/ + + + +Installation +============ + +Installation is easy: first unpack the tarball or zipfile downloaded +from the above website into your webserver. This will create a +subdirectory called phpshell-@VERSION@ for PHP Shell version @VERSION@. + +Try loading the file ``phpshell.php`` in your browser and check that +you are served a page that asks you to authenticate yourself with a +username and a password. If you do not see such a page, then please +check that you have entered the URL correctly and that PHP is working +on your server. + + + +Configuration +============= + +All configuration happens in the ``config.php`` file. This is an +ini-file despite its name. Ini-files consist of a number of sections, +each containing a number of 'key = "value"' pairs. PHP Shell has tree +sections: '[users]' for configuring usernames and passwords, +'[aliases]' for configuring shell aliases, and '[settings]' for +general settings. + + +Setting usernames and passwords +------------------------------- + +As a security precaution PHP Shell has no default username and +password (people often forget to change them...). To add the user +"alice" with password "secret" you simply add + + [users] + alice = "secret" + +to the file. Note that you can add as many users as you want by +simply adding more lines like this. + +This system works, but there is a better way --- a way so that the +password does not appear in clear text in the file. For that you use +the supplied script ``pwhash.php`` to generate a hashed password. +Please see the instructions given in ``pwhash.php``. + +With the above example the result could look like + + [users] + alice = "sha1:1a4861:a8640981d2a5f9452c75a7bb0491eac3ecd8bdc3" + +You will not get exactly the same line if you try it out, this is a +feature of the system which means that both "alice" and "bob" could +have "secret" as their password, and you would not be able to tell +from just looking at ``config.php``. + + +Shell Aliases +------------- + +As in a normal shell, PHP Shell supports alias expansion, albeit in a +simple form. Aliases are defined by 'key = "value"' pairs in the +'[aliases]' section. The "key" will be matched against the first +token of the command line and substituted with the "value" given. + +Two convenient aliases are already defined: + + [aliases] + ls = "ls -CvhF" + ll = "ls -lvhF" + + +General Settings +---------------- + +PHP has just one other setting right now --- the home directory. +Change this in the '[settings]' section. + + + +Bugs? Comments? +================ + +If you find a bug or miss something in PHP Shell, please take a look +at the Tracker System at SourceForge: + + http://sourceforge.net/tracker/?group_id=156638 + +There you will find trackers for Bugs, Patches, and Feature Requests. +You are invited to add items to these so that they wont get lost. + +You can also email the development list, found at: + + https://lists.sourceforge.net/lists/listinfo/phpshell-devel + +This list is for discussion about all things PHP Shell and it is a +good place to discuss a feature or bug before adding it to one of the +SourceForge trackers. diff --git a/shell/README b/shell/README new file mode 100644 index 0000000..870d661 --- /dev/null +++ b/shell/README @@ -0,0 +1,174 @@ +README file for PHP Shell +Copyright (C) 2000-2010 the Phpshell-team +Licensed under the GNU GPL. See the file COPYING for details. + +What is PHP Shell? +================== + +PHP Shell is a shell wrapped in a PHP script. It's a tool you can use +to execute arbitrary shell-commands or browse the filesystem on your +remote webserver. This replaces, to a degree, a normal +telnet-connection. + +You use it for administration and maintenance of your website, which +is often much easier to do if you can work directly on the server. +For example, you could use PHP Shell to unpack and move big files +around. All the normal command line programs like ps, free, du, df, +etc... can be used. + + +Limitations +=========== + +There are some limitations on what kind of programs you can run. It +won't do no good if you start a graphical program like Firefox or even +a console based one like vi. All programs have to be strictly command +line programs, and they will have no chance of getting user input +after they have been lunched. + +They probably also have to terminate within 30 seconds, as this is the +default time-limit imposed unto all PHP scripts, to prevent them from +running in an infinite loop. Your ISP may have set this time-limit to +something else. + +But you can rely on all the normal shell-functionality, like pipes, +output and input redirection, etc... (There is no <tab>-completion, +though :-) + + +Safe Mode +========= + +Safe Mode is the nemisis of PHP Shell. If PHP is running in Safe Mode +then PHP Shell will normally not work --- sorry. Please read the +detailed explanation in the SECURITY file. + + +Who am I? +========= + +You may not be the same user when using PHP Shell, as you are when you +upload your files with FTP. On some systems you will be ``nobody``, +on other systems you will become ``httpd`` or ``www-data``. This is a +rather dangerous "feature" of the way PHP is run by the webserver. A +possible effect of this is that you might end up creating files using +PHP Shell which you cannot delete afterwards using FTP and maybe not +even using PHP Shell. Strange, but true :-) + +If you want to execute code as different user, then it's possible to +do so by using the Sudo program available from this address: + + http://www.courtesan.com/sudo/ + +The trick is to configure Sudo to allow the user running the webserver +to execute certain commands as a more privileged user. This will have +to be done by the administrator of the server. Please refer to the +documentation for Sudo for further information about doing this. + + +How to Use It +============= + +When you point your browser at PHP Shell you will be asked to +authenticate yourself. By default no username/password will work, so +please go read INSTALL for information about adding a user. + +You're back? Good. Enter your username and password and press +the "Login" button. + +You will then be presented with a rather simple page containing +nothing much except a big window with the cursor blinking at the +bottom, signaling that it's ready to obey your commands. + +Write a command and press ENTER --- or alternatively, press the 'Execute +Command' button if you really want. The command will be executed and +the result will be shows in the terminal. You can now enter another +command. + +To be more precise: the terminal is updated with the command line you +have just executed, the output of the command to standard out +(stdout), and following that any error output sent to stderr. + +The commands are executed relative to a current working directory, +which is written at the top. You change this by the normal 'cd' +command (or by selecting a other working directory using the links). + +The commands must also be complete, so you cannot enter a multiline command: +$ for i in a b c ; do +> echo $i +> done +However, in one line it is allowed: for i in a b c ; do echo $i ; done + +Variables are also not preserved between the commands, so +$ A=1 +$ echo $A +will output 0 instead of 1. But in one line it works as expected: +$ A=1 ; echo $A +will give you the expected result: 1 + +Alternatives +============ + +An incomplete list of alternatives to PHP Shell would be: + +* SSH. The Secure Shell is the standard solution to the problem that + PHP Shell tries to solve. SSH lets you login to a remote system in a + secure way where the traffic and password is encrypted at all + times. You can also upload and download files securely and make + encrypted TCP tunnels. + + If your host supports SSH then use it and forget about PHP Shell or + any other solution. + +* Telnet. This is the old way to obtain an interactive login on a + remote system. Unfortunately telnet is insecure since the password + and subsequent traffic are sent in clear text. SSH was developed + precisely to replace telnet. The advantage of telnet over PHP Shell + is that it gives you an interactive session. + +* See more alternatives at the Anyterm homepage: + + http://anyterm.org/compared.html + + +Download +======== + +You can download the newest version of PHP Shell from + + http://phpshell.sourceforge.net/ + +The tarball/zipfile contains these files: + +phpshell.php + This is the script you run when you use PHP Shell. + +pwhash.php + A utility used to generate a hashed password. Please read INSTALL + for more information. This file poses no security risk. + +ChangeLog + This file describe the changes I've made to PHP Shell. By reading + it you'll always know when I've added a new feature or made a + bugfix, and the nature of the feature/bugfix. + +README + This file! :-) + +INSTALL + Tells you how to install PHP Shell. Among other things, it + explains how to change the password protection so that you can use + PHP Shell. + + Remember that it's very important to have PHP Shell password + protected, or else everybody will be able so snoop into your files + and perhaps also be able to delete them! Please take the time to + protect your installation of PHP Shell. + +SECURITY + A separate guide about security with PHP in general and PHP Shell in + particular. Be sure to read this too, especially if you are getting + strange errors back from PHP Shell. + +COPYING + Standard GNU GPL. diff --git a/shell/SECURITY b/shell/SECURITY new file mode 100644 index 0000000..888c554 --- /dev/null +++ b/shell/SECURITY @@ -0,0 +1,141 @@ +SECURITY file for PHP Shell +Copyright (C) 2005-2010 the Phpshell-team +Licensed under the GNU GPL. See the file COPYING for details. + + +PHP Security +============ + +Installing PHP on your server is an inherently dangerous thing to do, +somewhat similar to the danger one faces when one buys a car: it might +kill you if you have an accident. On the other hand a car makes so +many things so much more convenient, so most people are willing to +accept the risk of accidents. + +Likewise, PHP is a powerful tool which will let you build your +webpages easier and faster than without. But it is a *very* powerful +tool --- PHP is a full programming language which can be used for +general purpose programming and not just to format HTML for display in +a browser. + +So PHP has support for reading and writing files on the filesystem. +But PHP also has support for *deleting* files. PHP even has support +for executing other programs. In other words, PHP has lots of support +for interacting with the rest of the computer it runs on. This +interaction is potentially much more powerful than you want it to, and +this can be a problem if this power ends up in the wrong hands. + + +What about Safe Mode? +--------------------- + +As they note in the PHP manual, Safe Mode is an inherently wrong way +to secure PHP, but is nevertheless used in many installations. +Turning Safe Mode on in PHP basically tries to restrict the language +and its functions to make it "safe". + +This involves a strict check on file ownership so that PHP wont +operate on files and directories which are not owned by the owner of +the current script. Other restrictions in Safe Mode include limits on +which files can be executed and includes (thus making a primitive form +of chroot or jail around the PHP script). + +PHP Shell is made mostly useless with Safe Mode since it restricts the +two commands that PHP Shell uses: ``chdir()`` and ``proc_open()``: + +* With Safe Mode you cannot change to a directory unless you are the + owner of that directory. This means that you cannot change to, say, + ``/etc`` since ``root`` own that directory. + + You'll see this when 'cd /etc' results in this error from PHP Shell: + + chdir(): SAFE MODE Restriction in effect. The script whose uid is + 500 is not allowed to access /etc owned by uid 0 + cd: could not change to: /etc + +* When Safe Mode is active, PHP forces the argument to ``proc_open()`` + to be escaped, which means that you cannot use normal shell + wildcards, pipes or any such stuff. + + So if you enter 'ls *.txt' in a directory where you know for certain + that there is a text file ending in '.txt', you will get the + following error: + + /bin/ls: *.txt: No such file or directory + + This is because PHP has silently changed the command into 'ls + \*.txt' to disable the wildcard. + +* You cannot execute programs unless they are placed in a directory + listed in ``safe_mode_exec_dir``. Say you want to execute the + program ``tr`` (which translates between sets of characters) and you + get this strange messages back: + + sh: line 1: /bin/tr: No such file or directory + + Then you have a problem with the ``safe_mode_exec_dir`` setting. In + this case ``safe_mode_exec_dir`` is set to just ``/bin`` and so PHP + has forced the shell to execute ``/bin/tr`` and since ``tr`` is + installed in ``/usr/bin`` it could not be found. + + If you have write access to a directory listed in + ``safe_mode_exec_dir``, then try copying the wanted program there + first. Executing it should now work. + + +Even without enabling Safe Mode some functions might have been +disabled via the ``disabled_functions`` setting. If the +``proc_open()`` function used by PHP Shell has been disabled, then you +will see an error like this: + + Fatal Error! + + proc_open() has been disabled for security reasons + + in /path/to/your/installation/phpshell.php, line 221. + + + +PHP Shell Security +================== + +As noted above, PHP is a powerful tool --- how does PHP Shell fit into +this? PHP Shell is actually quite simple and does one thing: it uses +the standard PHP function ``proc_open()`` to execute programs. + +Executing other programs is probably the most powerful thing you can +do in PHP, and so PHP Shell gives you a convenient interface to this +the most powerful feature of PHP. Nothing more. + + +Is PHP Shell Dangerous? +----------------------- + +Short answer: *yes*! PHP Shell has been used in the past by people +with not-so-good intentions to destroy valuable content on servers. + +The longer answer is that installing PHP Shell is like building a new +door in your house --- if you leave it unlocked, then people can (and +probably will!) walk into it and steal your possessions. So you want +to lock it, and make sure you use a good lock. + +With PHP Shell that is equivalent of using a secure password. A +secure password is one which is hard to guess (make it long, make it +random, and put both numbers, special characters and normal letters in +it). + + Remember that guessing the password is all that stands between the + crackers and your files! + +If you use a good password, then PHP Shell does not make your system +any more insecure than it already was. Security is always a matter of +finding the weakest link in the chain: if you use FTP with a simple +password for updating your site, then it would be much easier for the +crackers to attack that instead of trying to guess your super-hard PHP +Shell password. So make sure that you tighten security on all fronts +you know of. + + +If you have comments or suggestions for improvements to this little +guide in system security, then please do not hesitate to contact the +author at <mgeisler@mgeisler.net>. diff --git a/shell/config.php b/shell/config.php new file mode 100644 index 0000000..843069b --- /dev/null +++ b/shell/config.php @@ -0,0 +1,71 @@ +; <?php die('Forbidden'); ?> -*- conf -*- +; Do not remove the above line, it is all that prevents this file from +; being downloaded. +; +; config.php file for PHP Shell +; Copyright (C) 2005-2010 the Phpshell-team +; Licensed under the GNU GPL. See the file COPYING for details. + +; This ini-file has three parts: +; +; * [users] where you add usernames and passwords to give users access +; to PHP Shell. +; +; * [aliases] where you can configure shell aliases. +; +; * [settings] where general settings are placed. + + +[users] + +luke = "sha1:da6c3f7:1c125210c15b45a083e77674693ceda9dc4750f3" + +; The default configuration has no users defined, you have to add your +; own (choose good passwords!). Add uses as simple +; +; username = "password" +; +; lines. Please quote your password using double-quotes as shown. +; The semi-colon ':' is a reserved character, so do *not* use that in +; your passwords. +; +; For improved security it is *strongly suggested* that you the +; pwhash.php script to generate a hashed password and store that +; instead of the normal clear text password. Keeping your passwords +; in hashed form ensures that they cannot be found, even if this file +; is disclosed. The passwords are still visible in clear text during +; the login, though. Please follow the instructions given in +; pwhash.php. + + + +[aliases] + +; Alias expansion. Change the two examples as needed and add your own +; favorites --- feel free to suggest more defaults! The command line +; you enter will only be expanded on the very first token and only +; once, so having 'ls' expand into 'ls -CvhF' does not cause an +; infinite recursion. + +ls = "ls -CvhF" +ll = "ls -lvhF" + + + +[settings] + +; General settings for PHP Shell. + +; Home directory. PHP Shell will change to this directory upon +; startup and whenever a bare 'cd' command is given. This can be an +; absolute path or a path relative to the PHP Shell installation +; directory. + +home-directory = "." + +; Safe Mode warning. PHP Shell will normally display a big, fat +; warning if it detects that PHP is running in Safe Mode. If you find +; that PHP Shell works anyway, then set this to false to get rid of +; the warning. + +safe-mode-warning = true diff --git a/shell/config.php~ b/shell/config.php~ new file mode 100644 index 0000000..b9b48ca --- /dev/null +++ b/shell/config.php~ @@ -0,0 +1,69 @@ +; <?php die('Forbidden'); ?> -*- conf -*- +; Do not remove the above line, it is all that prevents this file from +; being downloaded. +; +; config.php file for PHP Shell +; Copyright (C) 2005-2010 the Phpshell-team +; Licensed under the GNU GPL. See the file COPYING for details. + +; This ini-file has three parts: +; +; * [users] where you add usernames and passwords to give users access +; to PHP Shell. +; +; * [aliases] where you can configure shell aliases. +; +; * [settings] where general settings are placed. + + +[users] + +; The default configuration has no users defined, you have to add your +; own (choose good passwords!). Add uses as simple +; +; username = "password" +; +; lines. Please quote your password using double-quotes as shown. +; The semi-colon ':' is a reserved character, so do *not* use that in +; your passwords. +; +; For improved security it is *strongly suggested* that you the +; pwhash.php script to generate a hashed password and store that +; instead of the normal clear text password. Keeping your passwords +; in hashed form ensures that they cannot be found, even if this file +; is disclosed. The passwords are still visible in clear text during +; the login, though. Please follow the instructions given in +; pwhash.php. + + + +[aliases] + +; Alias expansion. Change the two examples as needed and add your own +; favorites --- feel free to suggest more defaults! The command line +; you enter will only be expanded on the very first token and only +; once, so having 'ls' expand into 'ls -CvhF' does not cause an +; infinite recursion. + +ls = "ls -CvhF" +ll = "ls -lvhF" + + + +[settings] + +; General settings for PHP Shell. + +; Home directory. PHP Shell will change to this directory upon +; startup and whenever a bare 'cd' command is given. This can be an +; absolute path or a path relative to the PHP Shell installation +; directory. + +home-directory = "." + +; Safe Mode warning. PHP Shell will normally display a big, fat +; warning if it detects that PHP is running in Safe Mode. If you find +; that PHP Shell works anyway, then set this to false to get rid of +; the warning. + +safe-mode-warning = true diff --git a/shell/phpshell.php b/shell/phpshell.php new file mode 100644 index 0000000..34a651b --- /dev/null +++ b/shell/phpshell.php @@ -0,0 +1,550 @@ +<?php // -*- coding: utf-8 -*-
+
+define('PHPSHELL_VERSION', '2.2');
+/*
+
+ **************************************************************
+ * PHP Shell *
+ **************************************************************
+
+ PHP Shell is an interactive PHP script that will execute any command
+ entered. See the files README, INSTALL, and SECURITY or
+ http://phpshell.sourceforge.net/ for further information.
+
+ Copyright (C) 2000-2010 the Phpshell-team
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You can get a copy of the GNU General Public License from this
+ address: http://www.gnu.org/copyleft/gpl.html#SEC1
+ You can also write to the Free Software Foundation, Inc., 59 Temple
+ Place - Suite 330, Boston, MA 02111-1307, USA.
+
+*/
+
+/* There are no user-configurable settings in this file anymore, please see
+ * config.php instead. */
+
+header("Content-Type: text/html; charset=utf-8");
+
+/* This error handler will turn all notices, warnings, and errors into fatal
+ * errors, unless they have been suppressed with the @-operator. */
+function error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
+ /* The @-operator (used with chdir() below) temporarely makes
+ * error_reporting() return zero, and we don't want to die in that case.
+ * We do note the error in the output, though. */
+ if (error_reporting() == 0) {
+ $_SESSION['output'] .= $errstr . "\n";
+ } else {
+ die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+ "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>PHP Shell ' . PHPSHELL_VERSION . '</title>
+ <meta http-equiv="Content-Script-Type" content="text/javascript">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <meta name="generator" content="phpshell">
+ <link rel="stylesheet" href="style.css" type="text/css">
+</head>
+<body>
+ <h1>Fatal Error!</h1>
+ <p><b>' . $errstr . '</b></p>
+ <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
+
+ <hr>
+
+ <p>Please consult the <a href="README">README</a>, <a
+ href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
+ instruction on how to use PHP Shell.</p>
+
+ <hr>
+
+ <address>
+ Copyright © 2000–2010, the Phpshell-team. Get the latest
+ version at <a
+ href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
+ </address>
+
+</body>
+</html>');
+ }
+}
+
+/* Installing our error handler makes PHP die on even the slightest problem.
+ * This is what we want in a security critical application like this. */
+set_error_handler('error_handler');
+
+
+function logout() {
+ /* Empty the session data, except for the 'authenticated' entry which the
+ * rest of the code needs to be able to check. */
+ $_SESSION = array('authenticated' => false);
+
+ /* Unset the client's cookie, if it has one. */
+// if (isset($_COOKIE[session_name()]))
+// setcookie(session_name(), '', time()-42000, '/');
+
+ /* Destroy the session data on the server. This prevents the simple
+ * replay attach where one uses the back button to re-authenticate using
+ * the old POST data since the server wont know the session then.*/
+// session_destroy();
+}
+
+/* Clear history */
+function clear()
+{
+ $_SESSION['output'] = '';
+}
+
+function stripslashes_deep($value) {
+ if (is_array($value))
+ return array_map('stripslashes_deep', $value);
+ else
+ return stripslashes($value);
+}
+
+if (get_magic_quotes_gpc())
+ $_POST = stripslashes_deep($_POST);
+
+/* Initialize some variables we need again and again. */
+$username = isset($_POST['username']) ? $_POST['username'] : '';
+$password = isset($_POST['password']) ? $_POST['password'] : '';
+$nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
+
+$command = isset($_POST['command']) ? $_POST['command'] : '';
+$rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
+$columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
+
+
+/* Load the configuration. */
+$ini = parse_ini_file('config.php', true);
+
+if (empty($ini['settings']))
+ $ini['settings'] = array();
+
+/* Default settings --- these settings should always be set to something. */
+$default_settings = array('home-directory' => '.');
+$showeditor = false;
+
+/* Merge settings. */
+$ini['settings'] = array_merge($default_settings, $ini['settings']);
+
+session_start();
+
+/* Delete the session data if the user requested a logout. This leaves the
+ * session cookie at the user, but this is not important since we
+ * authenticates on $_SESSION['authenticated']. */
+if (isset($_POST['logout']))
+ logout();
+
+/* Delete history if submitted */
+if (isset($_POST['clear']))
+ clear();
+
+/* Attempt authentication. */
+if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce'] &&
+ isset($ini['users'][$username])) {
+ if (strchr($ini['users'][$username], ':') === false) {
+ // No seperator found, assume this is a password in clear text.
+ $_SESSION['authenticated'] = ($ini['users'][$username] == $password);
+ } else {
+ list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
+ $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
+ }
+}
+
+
+/* Enforce default non-authenticated state if the above code didn't set it
+ * already. */
+if (!isset($_SESSION['authenticated']))
+ $_SESSION['authenticated'] = false;
+
+
+if ($_SESSION['authenticated']) {
+ /* Initialize the session variables. */
+ if (empty($_SESSION['cwd'])) {
+ $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
+ $_SESSION['history'] = array();
+ $_SESSION['output'] = '';
+ }
+ /* Clicked on one of the directory links in the working directory - ignore the command */
+ if (isset($_POST['levelup'])) {
+ $levelup = $_POST['levelup'] ;
+ while ($levelup > 0) {
+ $command = '' ; /* ignore the command */
+ $_SESSION['cwd'] = dirname($_SESSION['cwd']) ;
+ $levelup -- ;
+ }
+ }
+ /* Selected a new subdirectory as working directory - ignore the command */
+ if (isset($_POST['changedirectory'])) {
+ $changedir= $_POST['changedirectory'];
+ if (strlen($changedir) > 0) {
+ if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
+ $command = '' ; /* ignore the command */
+ $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir) ;
+ }
+ }
+ }
+
+ /* Save content from 'editor' */
+ if(isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
+ $filetoedit_handle = fopen($_POST["filetoedit"], "w");
+ fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
+ fclose($filetoedit_handle);
+ }
+
+ if (!empty($command)) {
+ /* Save the command for late use in the JavaScript. If the command is
+ * already in the history, then the old entry is removed before the
+ * new entry is put into the list at the front. */
+ if (($i = array_search($command, $_SESSION['history'])) !== false)
+ unset($_SESSION['history'][$i]);
+
+ array_unshift($_SESSION['history'], $command);
+
+ /* Now append the commmand to the output. */
+ $_SESSION['output'] .= '$ ' . $command . "\n";
+
+ /* Initialize the current working directory. */
+ if (preg_match('/^[[:blank:]]*cd[[:blank:]]*$/', $command)) {
+ $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
+ } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {
+ /* The current command is a 'cd' command which we have to handle
+ * as an internal shell command. */
+
+ /* if the directory starts and ends with quotes ("), remove them -
+ allows command like 'cd "abc def"' */
+ if ((substr($regs[1],0,1) == '"') && (substr($regs[1],-1) =='"') ) {
+ $regs[1] = substr($regs[1],1) ;
+ $regs[1] = substr($regs[1],0,-1) ;
+ }
+
+ if ($regs[1]{0} == '/') {
+ /* Absolute path, we use it unchanged. */
+ $new_dir = $regs[1];
+ } else {
+ /* Relative path, we append it to the current working
+ * directory. */
+ $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
+ }
+
+ /* Transform '/./' into '/' */
+ while (strpos($new_dir, '/./') !== false)
+ $new_dir = str_replace('/./', '/', $new_dir);
+
+ /* Transform '//' into '/' */
+ while (strpos($new_dir, '//') !== false)
+ $new_dir = str_replace('//', '/', $new_dir);
+
+ /* Transform 'x/..' into '' */
+ while (preg_match('|/\.\.(?!\.)|', $new_dir))
+ $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
+
+ if ($new_dir == '') $new_dir = '/';
+
+ /* Try to change directory. */
+ if (@chdir($new_dir)) {
+ $_SESSION['cwd'] = $new_dir;
+ } else {
+ $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
+ }
+
+ } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]*$/', $command)) {
+ /* You called 'editor' without a filename so you get an short help
+ * on how to use the internal 'editor' command */
+
+ $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";
+
+ } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {
+ /* This is a tiny editor which you can start with 'editor filename' */
+ $filetoedit = $regs[1];
+ if ($regs[1]{0} != '/') {
+ /* relative path, add it to the current working directory.*/
+ $filetoedit = $_SESSION['cwd'].'/'.$regs[1];
+ } ;
+ if(is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {
+ $showeditor = true;
+ if(file_exists(realpath($filetoedit)))
+ $filetoedit = realpath($filetoedit);
+ } else {
+ $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";
+ }
+
+ } elseif (trim($command) == 'exit') {
+ logout();
+ } elseif (trim($command) == 'logout') {
+ logout();
+ } else {
+
+ /* The command is not an internal command, so we execute it after
+ * changing the directory and save the output. */
+ chdir($_SESSION['cwd']);
+
+ // We canot use putenv() in safe mode.
+ if (!ini_get('safe_mode')) {
+ // Advice programs (ls for example) of the terminal size.
+ putenv('ROWS=' . $rows);
+ putenv('COLUMNS=' . $columns);
+ }
+
+ /* Alias expansion. */
+ $length = strcspn($command, " \t");
+ $token = substr($command, 0, $length);
+ if (isset($ini['aliases'][$token]))
+ $command = $ini['aliases'][$token] . substr($command, $length);
+
+ $io = array();
+ $p = proc_open($command,
+ array(1 => array('pipe', 'w'),
+ 2 => array('pipe', 'w')),
+ $io);
+
+ /* Read output sent to stdout. */
+ while (!feof($io[1])) {
+ $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
+ ENT_COMPAT, 'UTF-8');
+ }
+ /* Read output sent to stderr. */
+ while (!feof($io[2])) {
+ $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
+ ENT_COMPAT, 'UTF-8');
+ }
+
+ fclose($io[1]);
+ fclose($io[2]);
+ proc_close($p);
+ }
+ }
+
+ /* Build the command history for use in the JavaScript */
+ if (empty($_SESSION['history'])) {
+ $js_command_hist = '""';
+ } else {
+ $escaped = array_map('addslashes', $_SESSION['history']);
+ $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+ "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>
+ <meta http-equiv="Content-Script-Type" content="text/javascript">
+ <meta http-equiv="Content-Style-Type" content="text/css">
+ <meta name="generator" content="phpshell">
+ <link rel="stylesheet" href="style.css" type="text/css">
+
+ <script type="text/javascript">
+ <?php if ($_SESSION['authenticated'] && ! $showeditor) { ?>
+
+ var current_line = 0;
+ var command_hist = new Array(<?php echo $js_command_hist ?>);
+ var last = 0;
+
+ function key(e) {
+ if (!e) var e = window.event;
+
+ if (e.keyCode == 38 && current_line < command_hist.length-1) {
+ command_hist[current_line] = document.shell.command.value;
+ current_line++;
+ document.shell.command.value = command_hist[current_line];
+ }
+
+ if (e.keyCode == 40 && current_line > 0) {
+ command_hist[current_line] = document.shell.command.value;
+ current_line--;
+ document.shell.command.value = command_hist[current_line];
+ }
+
+ }
+
+ function init() {
+ document.shell.setAttribute("autocomplete", "off");
+ document.shell.output.scrollTop = document.shell.output.scrollHeight;
+ document.shell.command.focus()
+ }
+
+ <?php } elseif($_SESSION['authenticated'] && $showeditor) { ?>
+
+ function init() {
+ document.shell.filecontent.focus();
+ }
+
+ <?php } else { ?>
+
+ function init() {
+ document.shell.username.focus();
+ }
+
+ <?php } ?>
+ function levelup(d) {
+ document.shell.levelup.value=d ;
+ document.shell.submit() ;
+ }
+ function changesubdir(d) {
+ document.shell.changedirectory.value=document.shell.dirselected.value ;
+ document.shell.submit() ;
+ }
+ </script>
+</head>
+
+<body onload="init()">
+
+<h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
+
+<form name="shell" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post">
+<div><input name="levelup" id="levelup" type="hidden"></div>
+<div><input name="changedirectory" id="changedirectory" type="hidden"></div>
+<?php
+if (!$_SESSION['authenticated']) {
+ /* Genereate a new nounce every time we preent the login page. This binds
+ * each login to a unique hit on the server and prevents the simple replay
+ * attack where one uses the back button in the browser to replay the POST
+ * data from a login. */
+ $_SESSION['nounce'] = mt_rand();
+
+?>
+
+<fieldset>
+ <legend>Authentication</legend>
+ <?php
+ if (!empty($username))
+ echo " <p class=\"error\">Login failed, please try again:</p>\n";
+ else
+ echo " <p>Please login:</p>\n";
+ ?>
+
+ <label for="username">Username:</label>
+ <input name="username" id="username" type="text" value="<?php echo $username
+ ?>"><br>
+ <label for="password">Password:</label>
+ <input name="password" id="password" type="password">
+ <p><input type="submit" value="Login"></p>
+ <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>">
+
+</fieldset>
+
+<?php } else { /* Authenticated. */ ?>
+<fieldset>
+ <legend><?php echo "Phpshell running on: " . $_SERVER['SERVER_NAME']; ?></legend>
+<p>Current Working Directory:
+<span class="pwd"><?php
+ if( $showeditor ) {
+ echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8') . '</span>';
+ } else { /* normal mode - offer navigation via hyperlinks */
+ $parts = explode('/', $_SESSION['cwd']);
+
+ for($i=1; $i<count($parts); $i=$i+1) {
+ echo '<a class="pwd" title="Change to this directory. Your command will not be executed." href="javascript:levelup(' . (count($parts)-$i) . ')">/</a>' ;
+ echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8') ;
+ }
+ echo '</span>';
+ /* Now we make a list of the directories. */
+ $dir_handle = opendir($_SESSION['cwd']);
+ /* We store the output so that we can sort it later: */
+ $options = array();
+ /* Run through all the files and directories to find the dirs. */
+ while ($dir = readdir($dir_handle)) {
+ if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) {
+ $options[$dir] = "<option value=\"/$dir\">$dir</option>";
+ }
+ }
+ closedir($dir_handle);
+ if (count($options)>0) {
+ ksort($options);
+ echo '<br><a href="javascript:changesubdir()">Change to subdirectory</a>: <select name="dirselected">';
+ echo implode("\n", $options);
+ echo '</select>';
+ }
+ }
+?>
+<br>
+
+ <?php if(! $showeditor) { /* Outputs the 'terminal' without the editor */ ?>
+
+<div id="terminal">
+<textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
+<?php
+$lines = substr_count($_SESSION['output'], "\n");
+$padding = str_repeat("\n", max(0, $rows+1 - $lines));
+echo rtrim($padding . $_SESSION['output']);
+?>
+</textarea>
+<p id="prompt">
+ $ <input name="command" type="text"
+ onkeyup="key(event)" size="<?php echo $columns-2 ?>" tabindex="1">
+</p>
+</div>
+
+ <?php } else { /* Output the 'editor' */ ?>
+ <?php print("You are editing this file: ".$filetoedit); ?>
+
+<div id="terminal">
+<textarea name="filecontent" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
+<?php
+ if(file_exists($filetoedit)) {
+ print(htmlspecialchars(str_replace("%0D%0D%0A", "%0D%0A", file_get_contents($filetoedit))));
+ }
+?>
+</textarea>
+</div>
+
+<?php } /* End of terminal */ ?>
+
+<p>
+<?php if(! $showeditor) { /* You can not resize the textarea while
+ * the editor is 'running', because if you would
+ * do so you would lose the changes you have
+ * already made in the textarea since last saving */
+?>
+ <span style="float: right">Size: <input type="text" name="rows" size="2"
+ maxlength="3" value="<?php echo $rows ?>"> × <input type="text"
+ name="columns" size="2" maxlength="3" value="<?php echo $columns
+ ?>"></span>
+<?php } ?>
+
+
+<?php if(! $showeditor) { /* for normal 'non-editor-mode' */ ?>
+<input type="submit" value="Execute Command">
+<input type="submit" name="clear" value="Clear">
+<?php } else { /* for 'editor-mode' */ ?>
+<input type="hidden" name="filetoedit" id="filetoedit" value="<?php print($filetoedit) ?>">
+<input type="submit" value="Save and Exit">
+<input type="reset" value="Undo all Changes">
+<input type="submit" value="Exit without saving" onclick="javascript:document.getElementById('filetoedit').value='';return true;">
+<?php } ?>
+
+ <input type="submit" name="logout" value="Logout">
+</p>
+</fieldset>
+
+<?php } ?>
+
+</form>
+
+<hr>
+
+<p>Please consult the <a href="README">README</a>, <a
+href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
+instruction on how to use PHP Shell.</p>
+<p>If you have not created accounts for phpshell, please use <a href="pwhash.php">pwhash.php</a> to create secure passwords.</p>
+
+<hr>
+<address>
+Copyright © 2000–2010, the Phpshell-team. Get the
+latest version at <a
+href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
+</address>
+</body>
+</html>
diff --git a/shell/pwhash.php b/shell/pwhash.php new file mode 100644 index 0000000..08e8171 --- /dev/null +++ b/shell/pwhash.php @@ -0,0 +1,107 @@ +<?php +/* + * pwhash.php file for PHP Shell + * Copyright (C) 2005-2010 the Phpshell-team + * Licensed under the GNU GPL. See the file COPYING for details. + * + */ + +define('PHPSHELL_VERSION', '2.2'); + +function stripslashes_deep($value) { + if (is_array($value)) + return array_map('stripslashes_deep', $value); + else + return stripslashes($value); +} + +if (get_magic_quotes_gpc()) + $_POST = stripslashes_deep($_POST); + +$username = isset($_POST['username']) ? $_POST['username'] : ''; +$password = isset($_POST['password']) ? $_POST['password'] : ''; + +?> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + <title>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></title> + <meta http-equiv="Content-Script-Type" content="text/javascript"> + <meta http-equiv="Content-Style-Type" content="text/css"> + <meta name="generator" content="phpshell"> + <link rel="stylesheet" href="style.css" type="text/css"> +</head> + +<body> + +<h1>Password Hasher for PHP Shell <?php echo PHPSHELL_VERSION ?></h1> + +<form action="<?php $_SERVER['PHP_SELF']; ?>" method="POST"> + +<fieldset> + <legend>Username</legend> + <input name="username" type="text" value="<?php echo $username ?>"> +</fieldset> + +<fieldset> + <legend>Password</legend> + <input name="password" type="text" value="<?php echo $password ?>"> +</fieldset> + +<fieldset> + <legend>Result</legend> + +<?php +if ($username == '' || $password == '') { + echo " <p><i>Enter a username and a password and update.</i></p>\n"; +} else { + + $u = strtolower($username); + + if (preg_match('/[[ |&~!()]/', $u) || $u == 'null' || + $u == 'yes' || $u == 'no' || $u == 'true' || $u == 'false') { + + echo ' <p class="error">Your username cannot contain any of the following reserved + word: "<tt>null</tt>", "<tt>yes</tt>", "<tt>no</tt>", "<tt>true</tt>", or + "<tt>false</tt>". The following characters are also prohibited: + "<tt> </tt>" (space), "<tt>[</tt>" (left bracket), "<tt>|</tt>" (pipe), + "<tt>&</tt>" (ampersand), "<tt>~</tt>" (tilde), "<tt>!</tt>" (exclamation + mark), "<tt>(</tt>" (left parenthesis), or "<tt>)</tt>" (right + parenthesis).</p>' . "\n"; + + echo ' <p>Please choose another username and try again.</p>' . "\n"; + + } else { + echo " <p>Write the following line into <tt>config.php</tt> " . + "in the <tt>users</tt> section:</p>\n"; + + if ( function_exists('sha1') ) { $fkt = 'sha1' ; } else { $fkt = 'md5' ; } ; + $salt = dechex(mt_rand()); + + $hash = $fkt . ':' . $salt . ':' . $fkt($salt . $password); + + echo "<pre>\n"; + echo htmlentities(str_pad($username, 8) . ' = "' . $hash . '"') . "\n"; + echo "</pre>\n"; + } +} +?> + +<p><input type="submit" value="Update"></p> + +</fieldset> + +</form> + + +<hr> + +<address> + Copyright © the Phpshell-team, please see <a href="AUTHORS">AUTHORS</a>. + This is PHP Shell <?php echo PHPSHELL_VERSION ?>, get the latest version at <a + href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>. +</address> + +</body> +</html> diff --git a/shell/style.css b/shell/style.css new file mode 100644 index 0000000..f84afb4 --- /dev/null +++ b/shell/style.css @@ -0,0 +1,74 @@ +/* style.css file for PHP Shell + * Copyright (C) 2003-2010 the Phpshell-team + * Licensed under the GNU GPL. See the file COPYING for details. + * + */ + +body { + font-family: sans-serif; + color: black; + background: white; +} + +h1 { + color: red; + background: white; +} + +img { + border: none; +} + +div#terminal { + border: inset 2px red; + padding: 2px; + margin-top: 0.5em; +} + +div#terminal textarea { + font-size: 100%; + width: 100%; + border: none; +} + +p { + margin-top: 0.5em; + margin-bottom: 0.5em; +} + +p#prompt { + font-family: monospace; + margin: 0px; +} + +p#prompt input { + border: none; + font-family: monospace; +} + +legend { + padding-right: 0.5em; +} + +fieldset { + padding: 0.5em; +} + +.error { + color: red; +} + +div.warning { + background-color: rgb(255, 150, 150); + border: medium solid rgb(255, 60, 60); + padding: 0.5em; + margin: 0.25em; +} +.pwd { + font-family: monospace; + padding: 0.5em; + margin: 0.25em; +} +a.pwd { + font-weight: bold; +} |