diff options
| author | Luke Shumaker <LukeShu@sbcglobal.net> | 2011-11-27 11:23:55 -0500 |
|---|---|---|
| committer | Luke Shumaker <LukeShu@sbcglobal.net> | 2011-11-27 11:23:55 -0500 |
| commit | fb0380f48203a11584773f3db335eaadd9cc6fdf (patch) | |
| tree | 98f7eb36ed8a3ec99c1cba5c9c0742af8931783b | |
| parent | 3d6790614bb0dc776e02a95835e5c274263d1d1a (diff) | |
This zip file was identified as ltshell-3.5.zip
| -rw-r--r-- | ltshell.php | 5 | ||||
| -rw-r--r-- | shell/bin/cat.php | 16 | ||||
| -rw-r--r-- | shell/bin/cd.php | 9 | ||||
| -rw-r--r-- | shell/bin/chmod.php | 23 | ||||
| -rw-r--r-- | shell/bin/cp.php | 33 | ||||
| -rw-r--r-- | shell/bin/echo.php | 11 | ||||
| -rw-r--r-- | shell/bin/editor.php | 35 | ||||
| -rw-r--r-- | shell/bin/help.php | 18 | ||||
| -rw-r--r-- | shell/bin/ls.php | 55 | ||||
| -rw-r--r-- | shell/bin/mv.php | 22 | ||||
| -rw-r--r-- | shell/bin/pwd.php | 6 | ||||
| -rw-r--r-- | shell/bin/rm.php | 10 | ||||
| -rw-r--r-- | shell/bin/stat.php | 123 | ||||
| -rw-r--r-- | shell/bin/whoami.php | 7 | ||||
| -rw-r--r-- | shell/exec.php | 38 | ||||
| -rw-r--r-- | shell/passwd.php | 3 |
16 files changed, 263 insertions, 151 deletions
diff --git a/ltshell.php b/ltshell.php index 38c4e3f..f3e348d 100644 --- a/ltshell.php +++ b/ltshell.php @@ -3,10 +3,9 @@ Plugin Name: LTS WebShell Plugin URI: http://lukeshu.ath.cx/1/src/ Description: An entirely PHP web shell (doesn't require system) -Version: 3 +Version: 3.5 Author: Luke Shumaker -Author URI: http://lukeshu.ath.cx/1/src/ +Author URI: http://lukeshu.ath.cx License: GPL2 */ -?> diff --git a/shell/bin/cat.php b/shell/bin/cat.php index fab9883..8778f22 100644 --- a/shell/bin/cat.php +++ b/shell/bin/cat.php @@ -1,7 +1,15 @@ <?php -function main($args) { - $me = array_shift($args); - foreach ($args as $file) { - echo htmlentities(file_get_contents($file)); +class p_cat extends prog { + public static function main($args, $env) { + $me = array_shift($args); + if (count($args)==0) { $args = array('-'); } + foreach ($args as $file) { + if ( ($file=='-') || ($file=='/dev/stdin') ) { + echo $_POST['stdin']; + } else { + echo htmlentities(file_get_contents($file)); + } + } } } + diff --git a/shell/bin/cd.php b/shell/bin/cd.php index 3679e88..e8505bd 100644 --- a/shell/bin/cd.php +++ b/shell/bin/cd.php @@ -1,5 +1,8 @@ <?php -function main($args) { - @$dir = $args[1]; - return php_chdir($dir); +class p_cd extends prog { + public static function main($args, $env) { + @$dir = $args[1]; + return php_chdir($dir); + } } + diff --git a/shell/bin/chmod.php b/shell/bin/chmod.php index ca66f56..b74a9ca 100644 --- a/shell/bin/chmod.php +++ b/shell/bin/chmod.php @@ -1,13 +1,16 @@ <?php -function main($args) { - $me = array_shift($args); - if (count($args)<2) { - echo $me.': usage: '.$me.' MODE FILE1 [FILE2 [FILE2]]'."\n"; - return 1; - } else { - $mode = array_shift($args); - foreach ($args as $file) { - chmod($file,octdec($mode)); +class p_chmod extends prog { + public static function main($args, $env) { + $me = array_shift($args); + if (count($args)<2) { + echo $me.': usage: '.$me.' MODE FILE1 [FILE2 [FILE2]]'."\n"; + return 1; + } else { + $mode = array_shift($args); + foreach ($args as $file) { + chmod($file,octdec($mode)); + } } } -}
\ No newline at end of file +} + diff --git a/shell/bin/cp.php b/shell/bin/cp.php new file mode 100644 index 0000000..4a6cfae --- /dev/null +++ b/shell/bin/cp.php @@ -0,0 +1,33 @@ +<?php +class p_cp extends prog { + /* This method (recurse_copy) was written by gimmicklessgpt@gmail.com + * and posted to the PHP manual comments section on 20-May-2009 11:04 + */ + function recurse_copy($src,$dst) { + $dir = opendir($src); + @mkdir($dst); + while(false !== ( $file = readdir($dir)) ) { + if (( $file != '.' ) && ( $file != '..' )) { + if ( is_dir($src . '/' . $file) ) { + recurse_copy($src . '/' . $file,$dst . '/' . $file); + } + else { + copy($src . '/' . $file,$dst . '/' . $file); + } + } + } + closedir($dir); + } + + public static function main($args, $env) { + $me = array_shift($args); + $flags = ''; + while (strstr($args[0],0,1) == '-') { + $flags .= array_shift($args); + } + $flags = preg_replace('/[ -]/','',$flags); + if (strpos($flags,'r')===false) { copy($args[0],$args[1]); } + else { recurse_copy($args[0],$args[1]); } + } +} + diff --git a/shell/bin/echo.php b/shell/bin/echo.php index 82487b0..75f1c3b 100644 --- a/shell/bin/echo.php +++ b/shell/bin/echo.php @@ -1,6 +1,9 @@ <?php -function main($args) { - array_shift($args); - echo implode(' ',$args)."\n"; - return 0; +class p_echo extends prog { + public static function main($args, $env) { + array_shift($args); + echo implode(' ',$args)."\n"; + return 0; + } } + diff --git a/shell/bin/editor.php b/shell/bin/editor.php index 6eac87e..39db3d8 100644 --- a/shell/bin/editor.php +++ b/shell/bin/editor.php @@ -1,21 +1,24 @@ <?php -function main($args) { - if (isset($_POST['stdin'])) { - if (isset($args[1])) { - file_put_contents($args[1],$_POST['stdin']); +class p_editor extends prog { + public static function main($args, $env) { + if (isset($_POST['stdin'])) { + if (isset($args[1])) { + file_put_contents($args[1],$_POST['stdin']); + } else { + echo $_POST['stdin']; + } } else { - echo $_POST['stdin']; + if (isset($args[1]) && file_exists($args[1])) { + $text = file_get_contents($args[1]); + } else { + $text = ''; + } + echo '<div class="editor">'; + echo '<input type="hidden" name="stddest" value="'.$_POST['c'].'" />'; + echo '<textarea name="stdin">'.$text.'</textarea>'."\n"; + echo '<input type="submit" value="save" />'; + echo '</div>'; } - } else { - if (isset($args[1]) && file_exists($args[1])) { - $text = file_get_contents($args[1]); - } else { - $text = ''; - } - echo '<div class="editor">'; - echo '<input type="hidden" name="stddest" value="'.$_POST['c'].'" />'; - echo '<textarea name="stdin">'.$text.'</textarea>'."\n"; - echo '<input type="submit" value="save" />'; - echo '</div>'; } } + diff --git a/shell/bin/help.php b/shell/bin/help.php index 95d2641..186c7ea 100644 --- a/shell/bin/help.php +++ b/shell/bin/help.php @@ -1,12 +1,14 @@ <?php -function main($args, $env) { - $commands = array(); - foreach (explode(';',$env['PATH']) as $dir) { - $commands = array_merge($commands,glob($dir.'/*.php')); +class p_help extends prog { + public static function main($args, $env) { + $commands = array(); + foreach (explode(';',$env['PATH']) as $dir) { + $commands = array_merge($commands,glob($dir.'/*.php')); + } + foreach ($commands as $command) { + echo preg_replace('@.*/([^/]*)\.php$@',"\$1\n",$command); + } + return 0; } - foreach ($commands as $command) { - echo preg_replace('@.*/([^/]*)\.php$@',"\$1\n",$command); - } - return 0; } diff --git a/shell/bin/ls.php b/shell/bin/ls.php index fa01f2e..aa938c1 100644 --- a/shell/bin/ls.php +++ b/shell/bin/ls.php @@ -1,34 +1,37 @@ <?php -function main($args) { - if (count($args)<2) { - $args[]='.'; - } - $ret=0; - $me = array_shift($args); - foreach ($args as $name) { - if (file_exists($name)) { - if (is_dir($name)) { - @$dh = opendir($name); - if ($dh === false) { - echo $me.': can not open directory: `'.$name."'\n"; - $ret++; - } else { - if (count($args)>1) { echo $name.":\n"; } - $files = array(); - while (false !== ($file = readdir($dh))) { - $files[]="$file"; +class p_ls extends prog { + public static function main($args, $env) { + if (count($args)<2) { + $args[]='.'; + } + $ret=0; + $me = array_shift($args); + foreach ($args as $name) { + if (file_exists($name)) { + if (is_dir($name)) { + @$dh = opendir($name); + if ($dh === false) { + echo $me.': can not open directory: `'.$name."'\n"; + $ret++; + } else { + if (count($args)>1) { echo $name.":\n"; } + $files = array(); + while (false !== ($file = readdir($dh))) { + $files[]="$file"; + } + sort($files); + echo implode("\n",$files)."\n"; + closedir($dh); } - sort($files); - echo implode("\n",$files)."\n"; - closedir($dh); + } else { + echo $name."\n"; } } else { - echo $name."\n"; + echo $me.': file does not exist: `'.$name."'\n"; + $ret++; } - } else { - echo $me.': file does not exist: `'.$name."'\n"; - $ret++; } + return $ret; } - return $ret; } + diff --git a/shell/bin/mv.php b/shell/bin/mv.php new file mode 100644 index 0000000..8fc35cd --- /dev/null +++ b/shell/bin/mv.php @@ -0,0 +1,22 @@ +<?php +class p_mv extends prog { + public static main($args, $env) { + $me = array_shift($args); + if (count($args)>2) { + $dest = array_pop($args); + if (!is_dir($dest) { + echo $me.': dest must be a directory: `'.$dest."'\n"; + return 1; + } + foreach ($args as $src) { + rename($src,$dest.'/'.basename($src)); + } + } elseif (count($args)==2) { + rename($args[0],$args[1]); + } else { + echo 'Usage: '.$me." SOURCE [SOURCE2 [SOURCE3 ...]] DEST\n"; + return 1; + } + } +} + diff --git a/shell/bin/pwd.php b/shell/bin/pwd.php index 2b43d00..c5b30c7 100644 --- a/shell/bin/pwd.php +++ b/shell/bin/pwd.php @@ -1,5 +1,7 @@ <?php -function main($args) { - echo getcwd()."\n"; +class p_pwd extends prog { + public static function main($args, $env) { + echo getcwd()."\n"; + } } diff --git a/shell/bin/rm.php b/shell/bin/rm.php index 7bb7aef..5eadaff 100644 --- a/shell/bin/rm.php +++ b/shell/bin/rm.php @@ -1,8 +1,10 @@ <?php -function main($args) { - $me = array_shift($args); - foreach ($args as $file) { - unlink($file); +class p_rm extends prog { + public static function main($args, $env) { + $me = array_shift($args); + foreach ($args as $file) { + unlink($file); + } } } diff --git a/shell/bin/stat.php b/shell/bin/stat.php index 2a13743..1057e7c 100644 --- a/shell/bin/stat.php +++ b/shell/bin/stat.php @@ -1,67 +1,70 @@ - <?php - function perms($perms) { - if (($perms & 0xC000) == 0xC000) { - $info = 's'; // Socket - } elseif (($perms & 0xA000) == 0xA000) { - $info = 'l'; // Symbolic Link - } elseif (($perms & 0x8000) == 0x8000) { - $info = '-'; // Regular - } elseif (($perms & 0x6000) == 0x6000) { - $info = 'b'; // Block special - } elseif (($perms & 0x4000) == 0x4000) { - $info = 'd'; // Directory - } elseif (($perms & 0x2000) == 0x2000) { - $info = 'c'; // Character special - } elseif (($perms & 0x1000) == 0x1000) { - $info = 'p'; // FIFO pipe - } else { - $info = 'u'; // Unknown - } +<?php +class p_stat extends prog { + public static function perms($perms) { + if (($perms & 0xC000) == 0xC000) { + $info = 's'; // Socket + } elseif (($perms & 0xA000) == 0xA000) { + $info = 'l'; // Symbolic Link + } elseif (($perms & 0x8000) == 0x8000) { + $info = '-'; // Regular + } elseif (($perms & 0x6000) == 0x6000) { + $info = 'b'; // Block special + } elseif (($perms & 0x4000) == 0x4000) { + $info = 'd'; // Directory + } elseif (($perms & 0x2000) == 0x2000) { + $info = 'c'; // Character special + } elseif (($perms & 0x1000) == 0x1000) { + $info = 'p'; // FIFO pipe + } else { + $info = 'u'; // Unknown + } - // Owner - $info .= (($perms & 0x0100) ? 'r' : '-'); - $info .= (($perms & 0x0080) ? 'w' : '-'); - $info .= (($perms & 0x0040) ? - (($perms & 0x0800) ? 's' : 'x' ) : - (($perms & 0x0800) ? 'S' : '-')); + // Owner + $info .= (($perms & 0x0100) ? 'r' : '-'); + $info .= (($perms & 0x0080) ? 'w' : '-'); + $info .= (($perms & 0x0040) ? + (($perms & 0x0800) ? 's' : 'x' ) : + (($perms & 0x0800) ? 'S' : '-')); - // Group - $info .= (($perms & 0x0020) ? 'r' : '-'); - $info .= (($perms & 0x0010) ? 'w' : '-'); - $info .= (($perms & 0x0008) ? - (($perms & 0x0400) ? 's' : 'x' ) : - (($perms & 0x0400) ? 'S' : '-')); + // Group + $info .= (($perms & 0x0020) ? 'r' : '-'); + $info .= (($perms & 0x0010) ? 'w' : '-'); + $info .= (($perms & 0x0008) ? + (($perms & 0x0400) ? 's' : 'x' ) : + (($perms & 0x0400) ? 'S' : '-')); - // World - $info .= (($perms & 0x0004) ? 'r' : '-'); - $info .= (($perms & 0x0002) ? 'w' : '-'); - $info .= (($perms & 0x0001) ? - (($perms & 0x0200) ? 't' : 'x' ) : - (($perms & 0x0200) ? 'T' : '-')); + // World + $info .= (($perms & 0x0004) ? 'r' : '-'); + $info .= (($perms & 0x0002) ? 'w' : '-'); + $info .= (($perms & 0x0001) ? + (($perms & 0x0200) ? 't' : 'x' ) : + (($perms & 0x0200) ? 'T' : '-')); - return '('.substr(sprintf('%o',$perms),-4).'/'.$info.')'; -} + return '('.substr(sprintf('%o',$perms),-4).'/'.$info.')'; + } -function main($args) { - $me = array_shift($args); - $ret = 0; - foreach ($args as $file) { - $data = stat($file); - if ($data === false) { - echo $me.': cannot stat file: `'.$file."'\n"; - $ret++; - } else { - echo ' File: `'.$file."'\n"; - echo ' Size: '.$data['size']."\t"; - echo 'Blocks: '.$data['blocks']."\t"; - //echo 'IO Block: '; - echo $data['rdev']."\n"; - echo 'Device: '.$data['dev']."\t"; - echo 'Inode: '.$data['ino']."\t"; - echo 'Links: '.$data['nlink']."\n"; - echo 'Access: '.perms($data['mode'])."\t"; - echo "\n"; + public static function main($args, $env) { + $me = array_shift($args); + $ret = 0; + foreach ($args as $file) { + $data = stat($file); + if ($data === false) { + echo $me.': cannot stat file: `'.$file."'\n"; + $ret++; + } else { + echo ' File: `'.$file."'\n"; + echo ' Size: '.$data['size']."\t"; + echo 'Blocks: '.$data['blocks']."\t"; + //echo 'IO Block: '; + echo $data['rdev']."\n"; + echo 'Device: '.$data['dev']."\t"; + echo 'Inode: '.$data['ino']."\t"; + echo 'Links: '.$data['nlink']."\n"; + echo 'Access: '.self::perms($data['mode'])."\t"; + echo "\n"; + } } + return $ret; } - return $ret; -}
\ No newline at end of file +} + diff --git a/shell/bin/whoami.php b/shell/bin/whoami.php index 84db5a1..7e560f2 100644 --- a/shell/bin/whoami.php +++ b/shell/bin/whoami.php @@ -1,4 +1,7 @@ <?php -function main($args) { - echo get_current_user(); +class p_whoami extends prog { + public static function main($args, $env) { + echo get_current_user(); + } } + diff --git a/shell/exec.php b/shell/exec.php index f3dc8d1..b842ea8 100644 --- a/shell/exec.php +++ b/shell/exec.php @@ -6,6 +6,8 @@ function php_chdir($dir) { return $ret; } +abstract class prog { public static abstract function main($args, $env); } + function php_exec($com, $cwd='') { if ($cwd != '') { php_chdir($cwd); } if ($com=='') { return 0; } @@ -17,7 +19,7 @@ function php_exec($com, $cwd='') { $env = array('IFS' => $ifs, 'PATH' => $path); - $coms = array(); + $coms = array(); $stdout_dest = array(); $a = 0; $c = 0; $q = ''; @@ -37,22 +39,44 @@ function php_exec($com, $cwd='') { $a++; } } elseif (substr_count (';',$char)!==0) { - $c++; + $stdout_dest[$c] = '/dev/stdout'; + $c++; $a=0; + } elseif (substr_count ('|',$char)!==0) { + $stdout_dest[$c] = '/dev/stdin'; + $c++; $a=0; } else { $coms[$c][$a].=$char; } } + if (!isset($stdout_dest[$c])) { + $stdout_dest[$c] = '/dev/stdout'; + } $ret=0; - foreach ($coms as $args) { - $file=$path.'/'.$args[0].'.php'; - if (file_exists($file)) { - include($file); - $ret = main($args,$env); + if (!isset($_POST['stdin'])) { $_POST['stdin']=''; } + foreach ($coms as $key => $args) { + if ($stdout_dest[$key] != '/dev/stdout') { + ob_start(); + } + if (!class_exists('p_'.$args[0])) { + $file=$path.'/'.$args[0].'.php'; + if (file_exists($file)) { + include($file); + } + } + if (class_exists('p_'.$args[0])) { + $ret = call_user_func(array('p_'.$args[0],'main'),$args,$env);//main($args,$env); } else { echo 'sh: command not found: `'.$args[0]."'\n"; $ret = 1; } + if ($stdout_dest[$key] != '/dev/stdout') { + switch ($stdout_dest[$key]) { + case '/dev/stdin': $_POST['stdin']=ob_get_contents(); break; + default: file_put_contents($stdout_dest[$key],ob_get_contents()); break; + } + ob_end_clean(); + } } return $ret; } diff --git a/shell/passwd.php b/shell/passwd.php index cf6fdaf..0e1cec6 100644 --- a/shell/passwd.php +++ b/shell/passwd.php @@ -1,6 +1,5 @@ <?php global $users; $users = array ( -'http://10.10.24.64/1/', // Luke Shumaker (at home) -'http://lukeshu.ath.cx/1/' // Luke Shumaker (not at home) +'http://lukeshu.ath.cx/1/' // Luke Shumaker ); ?> |