From 76ead734626996f82caddaca57dc2f84243b0947 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 27 Nov 2011 11:26:20 -0500 Subject: This zip file was identified as ltshell-3.6.zip --- ltshell.php | 2 +- shell/bin/cd.php | 2 +- shell/bin/editor.php | 7 +++--- shell/bin/whoami.php | 2 +- shell/exec.php | 71 +++++++++++++++++++++++++++++----------------------- shell/shell.php | 54 ++++++++++++++++++++++++++------------- shell/shell2.php | 48 +++++++++++++++++++++++++++++++++++ 7 files changed, 131 insertions(+), 55 deletions(-) create mode 100644 shell/shell2.php diff --git a/ltshell.php b/ltshell.php index f3e348d..88a993e 100644 --- a/ltshell.php +++ b/ltshell.php @@ -3,7 +3,7 @@ Plugin Name: LTS WebShell Plugin URI: http://lukeshu.ath.cx/1/src/ Description: An entirely PHP web shell (doesn't require system) -Version: 3.5 +Version: 3.6 Author: Luke Shumaker Author URI: http://lukeshu.ath.cx License: GPL2 diff --git a/shell/bin/cd.php b/shell/bin/cd.php index e8505bd..baf30f3 100644 --- a/shell/bin/cd.php +++ b/shell/bin/cd.php @@ -2,7 +2,7 @@ class p_cd extends prog { public static function main($args, $env) { @$dir = $args[1]; - return php_chdir($dir); + return lts_chdir($dir); } } diff --git a/shell/bin/editor.php b/shell/bin/editor.php index 39db3d8..a136cd2 100644 --- a/shell/bin/editor.php +++ b/shell/bin/editor.php @@ -2,7 +2,8 @@ class p_editor extends prog { public static function main($args, $env) { if (isset($_POST['stdin'])) { - if (isset($args[1])) { + if (false) {//if (isset($args[1])) { + echo $args[0].': saving to `'.$args[1]."'\n"; file_put_contents($args[1],$_POST['stdin']); } else { echo $_POST['stdin']; @@ -14,8 +15,8 @@ class p_editor extends prog { $text = ''; } echo '
'; - echo ''; - echo ''."\n"; + echo ''; + echo ''."\n"; echo ''; echo '
'; } diff --git a/shell/bin/whoami.php b/shell/bin/whoami.php index 7e560f2..fd7afa1 100644 --- a/shell/bin/whoami.php +++ b/shell/bin/whoami.php @@ -1,7 +1,7 @@ '; + if ($ret == false) { echo 'chdir: unable to change directories: `'.$dir."'\n"; return $ret; } abstract class prog { public static abstract function main($args, $env); } -function php_exec($com, $cwd='') { - if ($cwd != '') { php_chdir($cwd); } +function lts_shell_exec($com, $env) { + if ($env['CWD'] != '') { lts_chdir($env['CWD']); } if ($com=='') { return 0; } - $root = dirname(__FILE__); - - $ifs=' '; - $path = $root.'/bin'; - - $env = array('IFS' => $ifs, 'PATH' => $path); - - $coms = array(); $stdout_dest = array(); - $a = 0; - $c = 0; - $q = ''; + $coms = array(); + $stdout_dest = array(); + + // Parse command(s) + $a = 0; $c = 0; $q = ''; while ($com != '') { $char = substr($com,0,1); $com = substr($com,1); - if (substr_count ('\'',$char)!==0) { + if (substr_count ('\'',$char)!==0) { if (substr($q,0,1)===$char) { $q = substr($q,1); } else { @@ -34,14 +29,16 @@ function php_exec($com, $cwd='') { } } elseif ($q != '') { $coms[$c][$a].=$char; - } elseif (substr_count ($ifs,$char)!==0) { + } elseif (substr_count ($env['IFS'],$char)!==0) { if (isset($coms[$c][$a])) { $a++; } - } elseif (substr_count (';',$char)!==0) { - $stdout_dest[$c] = '/dev/stdout'; + } elseif ($char==';') { + if (!isset($stdout_dest[$c])) { + $stdout_dest[$c] = '/dev/stdout'; + } $c++; $a=0; - } elseif (substr_count ('|',$char)!==0) { + } elseif ($char=='|') { $stdout_dest[$c] = '/dev/stdin'; $c++; $a=0; } else { @@ -52,25 +49,18 @@ function php_exec($com, $cwd='') { $stdout_dest[$c] = '/dev/stdout'; } + // execude commands $ret=0; - if (!isset($_POST['stdin'])) { $_POST['stdin']=''; } foreach ($coms as $key => $args) { if ($stdout_dest[$key] != '/dev/stdout') { ob_start(); } - if (!class_exists('p_'.$args[0])) { - $file=$path.'/'.$args[0].'.php'; - if (file_exists($file)) { - include($file); - } - } - if (class_exists('p_'.$args[0])) { - $ret = call_user_func(array('p_'.$args[0],'main'),$args,$env);//main($args,$env); + + lts_exec($args, $env); + + if ($stdout_dest[$key] == '/dev/stdout') { + unset($_POST['stdin']); } else { - echo 'sh: command not found: `'.$args[0]."'\n"; - $ret = 1; - } - if ($stdout_dest[$key] != '/dev/stdout') { switch ($stdout_dest[$key]) { case '/dev/stdin': $_POST['stdin']=ob_get_contents(); break; default: file_put_contents($stdout_dest[$key],ob_get_contents()); break; @@ -80,3 +70,20 @@ function php_exec($com, $cwd='') { } return $ret; } + +function lts_exec($args, $env) { + if (!class_exists('p_'.$args[0])) { + $file=$env['PATH'].'/'.$args[0].'.php'; + if (file_exists($file)) { + include($file); + } + } + if (class_exists('p_'.$args[0])) { + $ret = call_user_func(array('p_'.$args[0],'main'),$args,$env); + } else { + echo 'lts_exec: command not found: `'.$args[0]."'\n"; + $ret = 1; + } + return $ret; +} + diff --git a/shell/shell.php b/shell/shell.php index 7ad8ae2..499441d 100644 --- a/shell/shell.php +++ b/shell/shell.php @@ -1,28 +1,48 @@
'; + echo $term; + echo ''; + echo ''; + echo ''; ?>
+ diff --git a/shell/shell2.php b/shell/shell2.php new file mode 100644 index 0000000..345064d --- /dev/null +++ b/shell/shell2.php @@ -0,0 +1,48 @@ + +
'; + echo $term; + echo ''; + echo ''; + echo ''; +?>
+ + -- cgit v1.2.3-54-g00ecf