From fb0380f48203a11584773f3db335eaadd9cc6fdf Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 27 Nov 2011 11:23:55 -0500
Subject: This zip file was identified as ltshell-3.5.zip

---
 ltshell.php          |   5 +--
 shell/bin/cat.php    |  16 +++++--
 shell/bin/cd.php     |   9 ++--
 shell/bin/chmod.php  |  23 +++++-----
 shell/bin/cp.php     |  33 ++++++++++++++
 shell/bin/echo.php   |  11 +++--
 shell/bin/editor.php |  35 ++++++++-------
 shell/bin/help.php   |  18 ++++----
 shell/bin/ls.php     |  55 ++++++++++++-----------
 shell/bin/mv.php     |  22 +++++++++
 shell/bin/pwd.php    |   6 ++-
 shell/bin/rm.php     |  10 +++--
 shell/bin/stat.php   | 123 ++++++++++++++++++++++++++-------------------------
 shell/bin/whoami.php |   7 ++-
 shell/exec.php       |  38 +++++++++++++---
 shell/passwd.php     |   3 +-
 16 files changed, 263 insertions(+), 151 deletions(-)
 create mode 100644 shell/bin/cp.php
 create mode 100644 shell/bin/mv.php

diff --git a/ltshell.php b/ltshell.php
index 38c4e3f..f3e348d 100644
--- a/ltshell.php
+++ b/ltshell.php
@@ -3,10 +3,9 @@
 Plugin Name: LTS WebShell
 Plugin URI: http://lukeshu.ath.cx/1/src/
 Description: An entirely PHP web shell (doesn't require system)
-Version: 3
+Version: 3.5
 Author: Luke Shumaker
-Author URI: http://lukeshu.ath.cx/1/src/
+Author URI: http://lukeshu.ath.cx
 License: GPL2
 */
-?>
 
diff --git a/shell/bin/cat.php b/shell/bin/cat.php
index fab9883..8778f22 100644
--- a/shell/bin/cat.php
+++ b/shell/bin/cat.php
@@ -1,7 +1,15 @@
 <?php
-function main($args) {
-	$me = array_shift($args);
-	foreach ($args as $file) {
-		echo htmlentities(file_get_contents($file));
+class p_cat extends prog {
+	public static function main($args, $env) {
+		$me = array_shift($args);
+		if (count($args)==0) { $args = array('-'); }
+		foreach ($args as $file) {
+			if ( ($file=='-') || ($file=='/dev/stdin') ) {
+				echo $_POST['stdin'];
+			} else {
+				echo htmlentities(file_get_contents($file));
+			}
+		}
 	}
 }
+
diff --git a/shell/bin/cd.php b/shell/bin/cd.php
index 3679e88..e8505bd 100644
--- a/shell/bin/cd.php
+++ b/shell/bin/cd.php
@@ -1,5 +1,8 @@
 <?php
-function main($args) {
-	@$dir = $args[1];
-	return php_chdir($dir);
+class p_cd extends prog {
+	public static function main($args, $env) {
+		@$dir = $args[1];
+		return php_chdir($dir);
+	}
 }
+
diff --git a/shell/bin/chmod.php b/shell/bin/chmod.php
index ca66f56..b74a9ca 100644
--- a/shell/bin/chmod.php
+++ b/shell/bin/chmod.php
@@ -1,13 +1,16 @@
 <?php
-function main($args) {
-	$me = array_shift($args);
-	if (count($args)<2) {
-		echo $me.': usage: '.$me.' MODE FILE1 [FILE2 [FILE2]]'."\n";
-		return 1;
-	} else {
-		$mode = array_shift($args);
-		foreach ($args as $file) {
-			chmod($file,octdec($mode));
+class p_chmod extends prog {
+	public static function main($args, $env) {
+		$me = array_shift($args);
+		if (count($args)<2) {
+			echo $me.': usage: '.$me.' MODE FILE1 [FILE2 [FILE2]]'."\n";
+			return 1;
+		} else {
+			$mode = array_shift($args);
+			foreach ($args as $file) {
+				chmod($file,octdec($mode));
+			}
 		}
 	}
-}
\ No newline at end of file
+}
+
diff --git a/shell/bin/cp.php b/shell/bin/cp.php
new file mode 100644
index 0000000..4a6cfae
--- /dev/null
+++ b/shell/bin/cp.php
@@ -0,0 +1,33 @@
+<?php
+class p_cp extends prog {
+	/* This method (recurse_copy) was written by gimmicklessgpt@gmail.com
+	 * and posted to the PHP manual comments section on 20-May-2009 11:04
+	 */
+	function recurse_copy($src,$dst) {
+		$dir = opendir($src);
+		@mkdir($dst);
+		while(false !== ( $file = readdir($dir)) ) {
+			if (( $file != '.' ) && ( $file != '..' )) {
+				if ( is_dir($src . '/' . $file) ) {
+					recurse_copy($src . '/' . $file,$dst . '/' . $file);
+				}
+				else {
+					copy($src . '/' . $file,$dst . '/' . $file);
+				}
+			}
+		}
+		closedir($dir);
+	}
+	
+	public static function main($args, $env) {
+		$me = array_shift($args);
+		$flags = '';
+		while (strstr($args[0],0,1) == '-') {
+			$flags .= array_shift($args);
+		}
+		$flags = preg_replace('/[ -]/','',$flags);
+		if (strpos($flags,'r')===false) { copy($args[0],$args[1]); }
+		else {                    recurse_copy($args[0],$args[1]); }
+	}
+}
+
diff --git a/shell/bin/echo.php b/shell/bin/echo.php
index 82487b0..75f1c3b 100644
--- a/shell/bin/echo.php
+++ b/shell/bin/echo.php
@@ -1,6 +1,9 @@
 <?php
-function main($args) {
-	array_shift($args);
-	echo implode(' ',$args)."\n";
-	return 0;
+class p_echo extends prog {
+	public static function main($args, $env) {
+		array_shift($args);
+		echo implode(' ',$args)."\n";
+		return 0;
+	}
 }
+
diff --git a/shell/bin/editor.php b/shell/bin/editor.php
index 6eac87e..39db3d8 100644
--- a/shell/bin/editor.php
+++ b/shell/bin/editor.php
@@ -1,21 +1,24 @@
 <?php
-function main($args) {
-	if (isset($_POST['stdin'])) {
-		if (isset($args[1])) {
-			file_put_contents($args[1],$_POST['stdin']);
+class p_editor extends prog {
+	public static function main($args, $env) {
+		if (isset($_POST['stdin'])) {
+			if (isset($args[1])) {
+				file_put_contents($args[1],$_POST['stdin']);
+			} else {
+				echo $_POST['stdin'];
+			}
 		} else {
-			echo $_POST['stdin'];
+			if (isset($args[1]) && file_exists($args[1])) {
+				$text = file_get_contents($args[1]);
+			} else {
+				$text = '';
+			}
+			echo '<div class="editor">';
+			echo '<input type="hidden" name="stddest" value="'.$_POST['c'].'" />';
+			echo '<textarea name="stdin">'.$text.'</textarea>'."\n";
+			echo '<input type="submit" value="save" />';
+			echo '</div>';
 		}
-	} else {
-		if (isset($args[1]) && file_exists($args[1])) {
-			$text = file_get_contents($args[1]);
-		} else {
-			$text = '';
-		}
-		echo '<div class="editor">';
-		echo '<input type="hidden" name="stddest" value="'.$_POST['c'].'" />';
-		echo '<textarea name="stdin">'.$text.'</textarea>'."\n";
-		echo '<input type="submit" value="save" />';
-		echo '</div>';
 	}
 }
+
diff --git a/shell/bin/help.php b/shell/bin/help.php
index 95d2641..186c7ea 100644
--- a/shell/bin/help.php
+++ b/shell/bin/help.php
@@ -1,12 +1,14 @@
 <?php
-function main($args, $env) {
-	$commands = array();
-	foreach (explode(';',$env['PATH']) as $dir) {
-		$commands = array_merge($commands,glob($dir.'/*.php'));
+class p_help extends prog {
+	public static function main($args, $env) {
+		$commands = array();
+		foreach (explode(';',$env['PATH']) as $dir) {
+			$commands = array_merge($commands,glob($dir.'/*.php'));
+		}
+		foreach ($commands as $command) {
+			echo preg_replace('@.*/([^/]*)\.php$@',"\$1\n",$command);
+		}
+		return 0;
 	}
-	foreach ($commands as $command) {
-		echo preg_replace('@.*/([^/]*)\.php$@',"\$1\n",$command);
-	}
-	return 0;
 }
 
diff --git a/shell/bin/ls.php b/shell/bin/ls.php
index fa01f2e..aa938c1 100644
--- a/shell/bin/ls.php
+++ b/shell/bin/ls.php
@@ -1,34 +1,37 @@
 <?php
-function main($args) {
-	if (count($args)<2) {
-		$args[]='.';
-	}
-	$ret=0;
-	$me = array_shift($args);
-	foreach ($args as $name) {
-		if (file_exists($name)) {
-			if (is_dir($name)) {
-				@$dh = opendir($name);
-				if ($dh === false) {
-					echo $me.': can not open directory: `'.$name."'\n";
-					$ret++;
-				} else {
-					if (count($args)>1) { echo $name.":\n"; }
-					$files = array();
-					while (false !== ($file = readdir($dh))) {
-						$files[]="$file";
+class p_ls extends prog {
+	public static function main($args, $env) {
+		if (count($args)<2) {
+			$args[]='.';
+		}
+		$ret=0;
+		$me = array_shift($args);
+		foreach ($args as $name) {
+			if (file_exists($name)) {
+				if (is_dir($name)) {
+					@$dh = opendir($name);
+					if ($dh === false) {
+						echo $me.': can not open directory: `'.$name."'\n";
+						$ret++;
+					} else {
+						if (count($args)>1) { echo $name.":\n"; }
+						$files = array();
+						while (false !== ($file = readdir($dh))) {
+							$files[]="$file";
+						}
+						sort($files);
+						echo implode("\n",$files)."\n";
+						closedir($dh);
 					}
-					sort($files);
-					echo implode("\n",$files)."\n";
-					closedir($dh);
+				} else {
+					echo $name."\n";
 				}
 			} else {
-				echo $name."\n";
+				echo $me.': file does not exist: `'.$name."'\n";
+				$ret++;
 			}
-		} else {
-			echo $me.': file does not exist: `'.$name."'\n";
-			$ret++;
 		}
+		return $ret;
 	}
-	return $ret;
 }
+
diff --git a/shell/bin/mv.php b/shell/bin/mv.php
new file mode 100644
index 0000000..8fc35cd
--- /dev/null
+++ b/shell/bin/mv.php
@@ -0,0 +1,22 @@
+<?php
+class p_mv extends prog {
+	public static main($args, $env) {
+		$me = array_shift($args);
+		if (count($args)>2) {
+			$dest = array_pop($args);
+			if (!is_dir($dest) {
+				echo $me.': dest must be a directory: `'.$dest."'\n";
+				return 1;
+			}
+			foreach ($args as $src) {
+				rename($src,$dest.'/'.basename($src));
+			}
+		} elseif (count($args)==2) {
+			rename($args[0],$args[1]);
+		} else {
+			echo 'Usage: '.$me." SOURCE [SOURCE2 [SOURCE3 ...]] DEST\n";
+			return 1;
+		}
+	}
+}
+
diff --git a/shell/bin/pwd.php b/shell/bin/pwd.php
index 2b43d00..c5b30c7 100644
--- a/shell/bin/pwd.php
+++ b/shell/bin/pwd.php
@@ -1,5 +1,7 @@
 <?php
-function main($args) {
-	echo getcwd()."\n";
+class p_pwd extends prog {
+	public static function main($args, $env) {
+		echo getcwd()."\n";
+	}
 }
 
diff --git a/shell/bin/rm.php b/shell/bin/rm.php
index 7bb7aef..5eadaff 100644
--- a/shell/bin/rm.php
+++ b/shell/bin/rm.php
@@ -1,8 +1,10 @@
 <?php
-function main($args) {
-	$me = array_shift($args);
-	foreach ($args as $file) {
-		unlink($file);
+class p_rm extends prog {
+	public static function main($args, $env) {
+		$me = array_shift($args);
+		foreach ($args as $file) {
+			unlink($file);
+		}
 	}
 }
 
diff --git a/shell/bin/stat.php b/shell/bin/stat.php
index 2a13743..1057e7c 100644
--- a/shell/bin/stat.php
+++ b/shell/bin/stat.php
@@ -1,67 +1,70 @@
-	<?php
-	function perms($perms) {
-	if (($perms & 0xC000) == 0xC000) {
-		$info = 's'; // Socket
-	} elseif (($perms & 0xA000) == 0xA000) {
-		$info = 'l'; // Symbolic Link
-	} elseif (($perms & 0x8000) == 0x8000) {
-		$info = '-'; // Regular
-	} elseif (($perms & 0x6000) == 0x6000) {
-		$info = 'b'; // Block special
-	} elseif (($perms & 0x4000) == 0x4000) {
-		$info = 'd'; // Directory
-	} elseif (($perms & 0x2000) == 0x2000) {
-		$info = 'c'; // Character special
-	} elseif (($perms & 0x1000) == 0x1000) {
-		$info = 'p'; // FIFO pipe
-	} else {
-		$info = 'u'; // Unknown
-	}
+<?php
+class p_stat extends prog {
+	public static function perms($perms) {
+		if (($perms & 0xC000) == 0xC000) {
+			$info = 's'; // Socket
+		} elseif (($perms & 0xA000) == 0xA000) {
+			$info = 'l'; // Symbolic Link
+		} elseif (($perms & 0x8000) == 0x8000) {
+			$info = '-'; // Regular
+		} elseif (($perms & 0x6000) == 0x6000) {
+			$info = 'b'; // Block special
+		} elseif (($perms & 0x4000) == 0x4000) {
+			$info = 'd'; // Directory
+		} elseif (($perms & 0x2000) == 0x2000) {
+			$info = 'c'; // Character special
+		} elseif (($perms & 0x1000) == 0x1000) {
+			$info = 'p'; // FIFO pipe
+		} else {
+			$info = 'u'; // Unknown
+		}
 
-	// Owner
-	$info .= (($perms & 0x0100) ? 'r' : '-');
-	$info .= (($perms & 0x0080) ? 'w' : '-');
-	$info .= (($perms & 0x0040) ?
-	         (($perms & 0x0800) ? 's' : 'x' ) :
-	         (($perms & 0x0800) ? 'S' : '-'));
+		// Owner
+		$info .= (($perms & 0x0100) ? 'r' : '-');
+		$info .= (($perms & 0x0080) ? 'w' : '-');
+		$info .= (($perms & 0x0040) ?
+			 (($perms & 0x0800) ? 's' : 'x' ) :
+			 (($perms & 0x0800) ? 'S' : '-'));
 
-	// Group
-	$info .= (($perms & 0x0020) ? 'r' : '-');
-	$info .= (($perms & 0x0010) ? 'w' : '-');
-	$info .= (($perms & 0x0008) ?
-	         (($perms & 0x0400) ? 's' : 'x' ) :
-	         (($perms & 0x0400) ? 'S' : '-'));
+		// Group
+		$info .= (($perms & 0x0020) ? 'r' : '-');
+		$info .= (($perms & 0x0010) ? 'w' : '-');
+		$info .= (($perms & 0x0008) ?
+			 (($perms & 0x0400) ? 's' : 'x' ) :
+			 (($perms & 0x0400) ? 'S' : '-'));
 
-	// World
-	$info .= (($perms & 0x0004) ? 'r' : '-');
-	$info .= (($perms & 0x0002) ? 'w' : '-');
-	$info .= (($perms & 0x0001) ?
-	         (($perms & 0x0200) ? 't' : 'x' ) :
-	         (($perms & 0x0200) ? 'T' : '-'));
+		// World
+		$info .= (($perms & 0x0004) ? 'r' : '-');
+		$info .= (($perms & 0x0002) ? 'w' : '-');
+		$info .= (($perms & 0x0001) ?
+			 (($perms & 0x0200) ? 't' : 'x' ) :
+			 (($perms & 0x0200) ? 'T' : '-'));
 
-	return '('.substr(sprintf('%o',$perms),-4).'/'.$info.')';
-}
+		return '('.substr(sprintf('%o',$perms),-4).'/'.$info.')';
+	}
 
-function main($args) {
-	$me = array_shift($args);
-	$ret = 0;
-	foreach ($args as $file) {
-		$data = stat($file);
-		if ($data === false) {
-			echo $me.': cannot stat file: `'.$file."'\n";
-			$ret++;
-		} else {
-			echo '  File: `'.$file."'\n";
-			echo '  Size: '.$data['size']."\t";
-			echo 'Blocks: '.$data['blocks']."\t";
-			//echo 'IO Block: ';
-			echo $data['rdev']."\n";
-			echo 'Device: '.$data['dev']."\t";
-			echo 'Inode: '.$data['ino']."\t";
-			echo 'Links: '.$data['nlink']."\n";
-			echo 'Access: '.perms($data['mode'])."\t";
-			echo "\n";
+	public static function main($args, $env) {
+		$me = array_shift($args);
+		$ret = 0;
+		foreach ($args as $file) {
+			$data = stat($file);
+			if ($data === false) {
+				echo $me.': cannot stat file: `'.$file."'\n";
+				$ret++;
+			} else {
+				echo '  File: `'.$file."'\n";
+				echo '  Size: '.$data['size']."\t";
+				echo 'Blocks: '.$data['blocks']."\t";
+				//echo 'IO Block: ';
+				echo $data['rdev']."\n";
+				echo 'Device: '.$data['dev']."\t";
+				echo 'Inode: '.$data['ino']."\t";
+				echo 'Links: '.$data['nlink']."\n";
+				echo 'Access: '.self::perms($data['mode'])."\t";
+				echo "\n";
+			}
 		}
+		return $ret;
 	}
-	return $ret;
-}
\ No newline at end of file
+}
+
diff --git a/shell/bin/whoami.php b/shell/bin/whoami.php
index 84db5a1..7e560f2 100644
--- a/shell/bin/whoami.php
+++ b/shell/bin/whoami.php
@@ -1,4 +1,7 @@
 <?php
-function main($args) {
-	echo get_current_user();
+class p_whoami extends prog {
+	public static function main($args, $env) {
+		echo get_current_user();
+	}
 }
+
diff --git a/shell/exec.php b/shell/exec.php
index f3dc8d1..b842ea8 100644
--- a/shell/exec.php
+++ b/shell/exec.php
@@ -6,6 +6,8 @@ function php_chdir($dir) {
 	return $ret;
 }
 
+abstract class prog { public static abstract function main($args, $env); }
+
 function php_exec($com, $cwd='') {
 	if ($cwd != '') { php_chdir($cwd); }
 	if ($com=='') { return 0; }
@@ -17,7 +19,7 @@ function php_exec($com, $cwd='') {
 
 	$env = array('IFS' => $ifs, 'PATH' => $path);
 
-	$coms = array();
+	$coms = array(); $stdout_dest = array();
 	$a = 0;
 	$c = 0;
 	$q = '';
@@ -37,22 +39,44 @@ function php_exec($com, $cwd='') {
 				$a++;
 			}
 		} elseif (substr_count (';',$char)!==0) {
-			$c++;
+			$stdout_dest[$c] = '/dev/stdout';
+			$c++; $a=0;
+		} elseif (substr_count ('|',$char)!==0) {
+			$stdout_dest[$c] = '/dev/stdin';
+			$c++; $a=0;
 		} else {
 			$coms[$c][$a].=$char;
 		}
 	}
+	if (!isset($stdout_dest[$c])) {
+		$stdout_dest[$c] = '/dev/stdout';
+	}
 	
 	$ret=0;
-	foreach ($coms as $args) {
-		$file=$path.'/'.$args[0].'.php';
-		if (file_exists($file)) {
-			include($file);
-			$ret = main($args,$env);
+	if (!isset($_POST['stdin'])) { $_POST['stdin']=''; }
+	foreach ($coms as $key => $args) {
+		if ($stdout_dest[$key] != '/dev/stdout') {
+			ob_start();
+		}
+		if (!class_exists('p_'.$args[0])) {
+			$file=$path.'/'.$args[0].'.php';
+			if (file_exists($file)) {
+				include($file);
+			}
+		}
+		if (class_exists('p_'.$args[0])) {
+			$ret = call_user_func(array('p_'.$args[0],'main'),$args,$env);//main($args,$env);
 		} else {
 			echo 'sh: command not found: `'.$args[0]."'\n";
 			$ret = 1;
 		}
+		if ($stdout_dest[$key] != '/dev/stdout') {
+			switch ($stdout_dest[$key]) {
+				case '/dev/stdin': $_POST['stdin']=ob_get_contents(); break;
+				default: file_put_contents($stdout_dest[$key],ob_get_contents()); break;
+			}
+			ob_end_clean();
+		}
 	}
 	return $ret;
 }
diff --git a/shell/passwd.php b/shell/passwd.php
index cf6fdaf..0e1cec6 100644
--- a/shell/passwd.php
+++ b/shell/passwd.php
@@ -1,6 +1,5 @@
 <?php global $users; $users = array (
 
-'http://10.10.24.64/1/',   // Luke Shumaker (at home)
-'http://lukeshu.ath.cx/1/' // Luke Shumaker (not at home)
+'http://lukeshu.ath.cx/1/' // Luke Shumaker
 
 ); ?>
-- 
cgit v1.2.3