From fb0380f48203a11584773f3db335eaadd9cc6fdf Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 27 Nov 2011 11:23:55 -0500 Subject: This zip file was identified as ltshell-3.5.zip --- ltshell.php | 5 +-- shell/bin/cat.php | 16 +++++-- shell/bin/cd.php | 9 ++-- shell/bin/chmod.php | 23 +++++----- shell/bin/cp.php | 33 ++++++++++++++ shell/bin/echo.php | 11 +++-- shell/bin/editor.php | 35 ++++++++------- shell/bin/help.php | 18 ++++---- shell/bin/ls.php | 55 ++++++++++++----------- shell/bin/mv.php | 22 +++++++++ shell/bin/pwd.php | 6 ++- shell/bin/rm.php | 10 +++-- shell/bin/stat.php | 123 ++++++++++++++++++++++++++------------------------- shell/bin/whoami.php | 7 ++- shell/exec.php | 38 +++++++++++++--- shell/passwd.php | 3 +- 16 files changed, 263 insertions(+), 151 deletions(-) create mode 100644 shell/bin/cp.php create mode 100644 shell/bin/mv.php diff --git a/ltshell.php b/ltshell.php index 38c4e3f..f3e348d 100644 --- a/ltshell.php +++ b/ltshell.php @@ -3,10 +3,9 @@ Plugin Name: LTS WebShell Plugin URI: http://lukeshu.ath.cx/1/src/ Description: An entirely PHP web shell (doesn't require system) -Version: 3 +Version: 3.5 Author: Luke Shumaker -Author URI: http://lukeshu.ath.cx/1/src/ +Author URI: http://lukeshu.ath.cx License: GPL2 */ -?> diff --git a/shell/bin/cat.php b/shell/bin/cat.php index fab9883..8778f22 100644 --- a/shell/bin/cat.php +++ b/shell/bin/cat.php @@ -1,7 +1,15 @@ '; + echo ''; + echo ''."\n"; + echo ''; + echo ''; } - } else { - if (isset($args[1]) && file_exists($args[1])) { - $text = file_get_contents($args[1]); - } else { - $text = ''; - } - echo '
'; - echo ''; - echo ''."\n"; - echo ''; - echo '
'; } } + diff --git a/shell/bin/help.php b/shell/bin/help.php index 95d2641..186c7ea 100644 --- a/shell/bin/help.php +++ b/shell/bin/help.php @@ -1,12 +1,14 @@ 1) { echo $name.":\n"; } - $files = array(); - while (false !== ($file = readdir($dh))) { - $files[]="$file"; +class p_ls extends prog { + public static function main($args, $env) { + if (count($args)<2) { + $args[]='.'; + } + $ret=0; + $me = array_shift($args); + foreach ($args as $name) { + if (file_exists($name)) { + if (is_dir($name)) { + @$dh = opendir($name); + if ($dh === false) { + echo $me.': can not open directory: `'.$name."'\n"; + $ret++; + } else { + if (count($args)>1) { echo $name.":\n"; } + $files = array(); + while (false !== ($file = readdir($dh))) { + $files[]="$file"; + } + sort($files); + echo implode("\n",$files)."\n"; + closedir($dh); } - sort($files); - echo implode("\n",$files)."\n"; - closedir($dh); + } else { + echo $name."\n"; } } else { - echo $name."\n"; + echo $me.': file does not exist: `'.$name."'\n"; + $ret++; } - } else { - echo $me.': file does not exist: `'.$name."'\n"; - $ret++; } + return $ret; } - return $ret; } + diff --git a/shell/bin/mv.php b/shell/bin/mv.php new file mode 100644 index 0000000..8fc35cd --- /dev/null +++ b/shell/bin/mv.php @@ -0,0 +1,22 @@ +2) { + $dest = array_pop($args); + if (!is_dir($dest) { + echo $me.': dest must be a directory: `'.$dest."'\n"; + return 1; + } + foreach ($args as $src) { + rename($src,$dest.'/'.basename($src)); + } + } elseif (count($args)==2) { + rename($args[0],$args[1]); + } else { + echo 'Usage: '.$me." SOURCE [SOURCE2 [SOURCE3 ...]] DEST\n"; + return 1; + } + } +} + diff --git a/shell/bin/pwd.php b/shell/bin/pwd.php index 2b43d00..c5b30c7 100644 --- a/shell/bin/pwd.php +++ b/shell/bin/pwd.php @@ -1,5 +1,7 @@ $ifs, 'PATH' => $path); - $coms = array(); + $coms = array(); $stdout_dest = array(); $a = 0; $c = 0; $q = ''; @@ -37,22 +39,44 @@ function php_exec($com, $cwd='') { $a++; } } elseif (substr_count (';',$char)!==0) { - $c++; + $stdout_dest[$c] = '/dev/stdout'; + $c++; $a=0; + } elseif (substr_count ('|',$char)!==0) { + $stdout_dest[$c] = '/dev/stdin'; + $c++; $a=0; } else { $coms[$c][$a].=$char; } } + if (!isset($stdout_dest[$c])) { + $stdout_dest[$c] = '/dev/stdout'; + } $ret=0; - foreach ($coms as $args) { - $file=$path.'/'.$args[0].'.php'; - if (file_exists($file)) { - include($file); - $ret = main($args,$env); + if (!isset($_POST['stdin'])) { $_POST['stdin']=''; } + foreach ($coms as $key => $args) { + if ($stdout_dest[$key] != '/dev/stdout') { + ob_start(); + } + if (!class_exists('p_'.$args[0])) { + $file=$path.'/'.$args[0].'.php'; + if (file_exists($file)) { + include($file); + } + } + if (class_exists('p_'.$args[0])) { + $ret = call_user_func(array('p_'.$args[0],'main'),$args,$env);//main($args,$env); } else { echo 'sh: command not found: `'.$args[0]."'\n"; $ret = 1; } + if ($stdout_dest[$key] != '/dev/stdout') { + switch ($stdout_dest[$key]) { + case '/dev/stdin': $_POST['stdin']=ob_get_contents(); break; + default: file_put_contents($stdout_dest[$key],ob_get_contents()); break; + } + ob_end_clean(); + } } return $ret; } diff --git a/shell/passwd.php b/shell/passwd.php index cf6fdaf..0e1cec6 100644 --- a/shell/passwd.php +++ b/shell/passwd.php @@ -1,6 +1,5 @@ -- cgit v1.2.3-54-g00ecf