PHP jQuery WebTerminal

PHP jQuery WebTerminal

README

I am a Security Analyst, so all the time in my work I found many request attempts searching vulnerabilities in the web applications of my host; so I decided to develop a simple PHP WebTerminal script where I could test the php.ini file configuration, specially the parameter disable_functions and another security things. Also a jQuery plugin structure to process the Intro event (Key 13) and send of AJAX request to the PHP WebTerminal handler.

Code

It’s better to see the video that I made and learn how to code the script yourself, additionally I show the execution process through HTTP; but if you want to check the full code written in the video screencast, decode this Base64 string. Remember to download the latest jQuery library version and put it in the same place that this PHP shell.

if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])
    && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'
) {
    $return = array('status' => 0, 'content' => null);
    $req = $_SERVER['REQUEST_METHOD'] === 'GET' ? $_GET : $_POST;

    if (isset($req['action'])
        && $req['action'] === 'cixtor_webterm'
        && isset($req['xhr_filehandler'])
        && $req['xhr_filehandler'] === @basename(__FILE__)
    ) {
        if (isset($req['command']) && !empty($req['command'])) {
            $_ = ''; /* Execute here the PHP shell function */
            if ($_) {
                $return['status'] = 1;
                $return['content'] = "\$ {$command}\n{$_}\n\$";
            } else {
                $return['content'] = "\$ {$command}\nPermission denied.\n\$";
            }
        }
    }

    print(json_encode($return));

    exit(0);
}
/* styles.css */
#_cixtorwebterm{
    display:table;
    background:-moz-linear-gradient(center top,#EEE,#BBB);
    margin:0px auto;
    padding:3px;
    border:1px solid #999;
    border-radius:5px}
#_cixtorwebterm h1{
    max-width:350px;
    font-family:georgia,'timew new roman',times,serif;
    font-size:16px;
    font-style:italic;
    font-weight:bold;
    color:#000;
    text-shadow:1px 1px 1px #FFF;
    text-align:center;
    margin:5px auto 10px auto}
#_cixtorwebterm #command_field, #_cixtorwebterm #command_output{
    display:block;
    width:700px;
    background-color:#000;
    font-family:monospace;
    font-size:12px;
    color:#00DD00;
    padding:3px 10px;
    border:1px solid #FFF}
#_cixtorwebterm #command_field{
    margin:5px 0px 0px 0px}
#_cixtorwebterm #command_output{
    height:300px;
    overflow:auto;
    resize:none}
// cixtor_webterms.js
(function($){
    $.cixtor_webterm = {
        settings: {
            xhr_filehandler: 'cixtor_webterm.php',
            request_method: 'POST',
            command_fieldid: 'cixtor_commandfieldid',
            command_outputid: 'cixtor_commandoutputid'
        }
    };
    $.fn.cixtor_webterm = function(settings){
        settings = $.extend( $.cixtor_webterm.settings, settings );
        if( $('#'+settings.command_fieldid).length>0 ){
            // console.info('The element exists: ' + settings.command_fieldid);
            $('#'+settings.command_fieldid).keyup(function(event){
                if( event.which==13 ){ // Return key was pressed.
                    var callback_content = getDataJson();
                    if( callback_content!=null ){
                        var _tagname = $('#'+settings.command_outputid).get(0).tagName;
                        switch(_tagname){
                            case 'INPUT':
                            case 'TEXTAREA':
                                $('#'+settings.command_outputid)
                                    .val( callback_content.content );
                                break;
                            case 'DIV':
                                $('#'+settings.command_outputid)
                                    .html( callback_content.content );
                                break;
                        }
                    }
                }
            });
        }
        function getDataJson(){
            var data_json = {
                action: 'cixtor_webterm',
                xhr_filehandler: settings.xhr_filehandler,
                command: $('#'+settings.command_fieldid).val()
            };
            return data_json.command.length>0 ? _ajax(data_json) : false;
        }
        function _ajax(data_json){
            var callback_content = false;
            jQuery.ajax({
                url: settings.xhr_filehandler,
                type: settings.request_method,
                dataType: 'json',
                data: data_json,
                cache: false,
                async: false,
                success: function(data, textStatus, jqXHR){
                    callback_content = data; // This wont work if ASYNC is TRUE
                }
            });
            return callback_content;
        }
    };
})(jQuery);

<!DOCTYPE html>
    <head>
        <title>Quick PHP/jQuery Web-Terminal</title>
        <link rel="stylesheet" type="text/css" href="styles.css" />
        <script type="text/javascript" src="jquery.min.js"></script>
        <script type="text/javascript" src="cixtor_webterm.js"></script>
        <script type="text/javascript">
        jQuery(function(){
            $('#_cixtorwebterm').cixtor_webterm({
                xhr_filehandler: 'index.php',
                request_method: 'POST',
                command_fieldid: 'command_field',
                command_outputid: 'command_output'
            });
        });
        </script>
    </head>
    <body>
        <div id="_cixtorwebterm">
            <h1>Quick PHP/jQuery Web-Terminal</h1>
            <input type="text" id="command_field" />
            <textarea id="command_output" readonly="readonly"></textarea>
        </div>
    </body>
</html>
Do you have a project idea? Let's make it together!