Ever wanted to execute commands on your server through php to mimick a shell login? Now you can. I'm calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.

Loading Video

Table of Contents

  1. Introduction
    1. PHP for shell.php
    2. Read this
      1. Example shell script as cgi
    3. Locking Down Access to your shell.php
      1. Secure your remote shell by adding this to your shell.php
      2. Secure your remote shell with htaccess
    4. Secure your remote shell with mod_rewrite and htaccess

PHP for shell.php

Substitue 1.1.1.1 for your IP address.. or see below for password authentication methods.

<?php
 if ($_SERVER['REMOTE_ADDR'] !== '1.1.1.1') die();
 ob_start();
 if (!empty($_GET['cmd'])){
 $ff=$_GET['cmd'];
 #shell_exec($ff);
 system($ff);
 #exec($ff);
 #passthru($ff);
 }
 else {
?>




PHP AJAX Shell
:->
<?php } ?>

Read this

Note: The history feature works by remembering the last commands that you typed.. Access them by pressing the up or down arrows on your keyboard.

This is not an interactive session, so you cannot cd to a directory and then do stuff in that directory.. You may however be able to do stuff like /bin/bash -c "cd ../../;mv this there;ls -la;" or you could try exporting your current dir or something..

Writing shell scripts and serving them on your web server works by renaming the file.sh to file.cgi and chmodding it to 750 or +x. Also make sure you try dos2unix -dv file.cgi If you can't get it to work..

Example shell script as cgi 

#!/bin/sh
export MYBNAME=`date +%mx%dx%y-%Hx%M.tgz`
tar -czf ${HOME}/backups/${MYBNAME} ${HOME}/site1/
exit 0;

Locking Down Access to your shell.php

Thanks to the comment by Andrew Ramsden, Here are a couple ways to secure your shell.php file so that only you can run this script.

Secure your remote shell by adding this to your shell.php

Add this line to the very top of your shell.php file to make sure that only you can access this script. Everyone else sees a blank screen.

if ($_SERVER['REMOTE_ADDR'] !== '1.1.1.1') die();

Secure your remote shell with htaccess

This only allows access from IP 1.1.1.1 and redirects everyone else. See Using the Allow Directive in Apache htaccess for more info.

Order deny,allow
Deny from all
Allow from 1.1.1.1
ErrorDocument 403 https://www.askapache.com

Secure your remote shell with mod_rewrite and htaccess

Based on the code from htaccess article This only allows access from user with IP of 1.1.1.1 and redirects everyone else.

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^1.1.1.1
RewriteRule .* https://www.askapache.com [R=302,L]

PHP and AJAX shell console - AskApache

Charles Torvalds
14 Jun 2009

AJAX, PHP
  • Site Map WireShark GNU Non-GNU Tor Project cURL TLDP - Documentation
  • Htaccess Files Hacking Htaccess Javascript Linux Optimization PHP Security Shell Scripting WordPress
  • Base64 Image Converter Raw HTTP Header Debugger Graphical ASCII Text Generator Mac Address Vendor Lookup Who Am I – Your IP Information Request Method Security Scanner .htpasswd file Generator Compress CSS DNS Tracer
Copyright © 2024 AskApache
  • Site Map
  • Htaccess Files
  • Hacking
  • Htaccess
  • Javascript
  • Linux
  • Optimization
  • PHP
  • Security
  • Shell Scripting
  • WordPress
  • Base64 Image Converter
  • Raw HTTP Header Debugger
  • Graphical ASCII Text Generator
  • Mac Address Vendor Lookup
  • Who Am I – Your IP Information
  • Request Method Security Scanner
  • .htpasswd file Generator
  • Compress CSS
  • DNS Tracer
Exit mobile version