PHP Shell

PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet connection, and to a lesser degree a SSH connection.

PHP Shell has Moved

Please find the new homepage for PHP Shell here: http://phpshell.sf.net/.

Use the phpshell-devel mailing list for all discussion on PHP Shell.

257 Comments

  1. Le blog » J’arrête mes tentatives de ssher !:

    [...] utilisateur www-data n’a pas tant de privilèges que ça. Bref, je vais utiliser un shell PHP qui devrait me permettre à terme de réussir à déplacer mon blog sur mon serveur perso. Au passage, u [...]

  2. Martin Geisler:

    I have no idea what they say about PHP Shell — but look! You can now put comments on my pages too! :-)

  3. Nicolas Delsaux:

    I’m just saying that, instead of trying to access my webserver through SSH over HTTP (what I’ve never succeed), I’ll instead use PHP-shell+WebDAV to access my webserver. Main drawbacks being security provided.

  4. Martin Geisler:

    Ah, thanks for the explaination! I’ve never learned any French, so I was wondering what your comment was about.

    You’re absolutely right about the lack of security: the only good way to use PHP Shell is over SSL. The builtin authentication is made with plain-text passwords, and afterwards the traffic is unencrypted, just for the record. So use SSL (HTTPS) is you have the option.

  5. James:

    While im sure your intentions are good you application is being used to create google account stealing shadow sites around the web.

  6. Martin Geisler:

    Hmm… I don’t know anything about how that would work, but as you say, then my intentions with PHP Shell are good. It always annoys me when I hear about people misusing it.

  7. paradise:

    but it same with remview - a trojan can remote host or not, and can using linux command to remote and control it ? how can setup online from this host to another host ?

  8. Martin Geisler:

    I don’t know what you are asking here… PHP Shell just gives you a convenient interface to the normal PHP commands for executing programs. There’s no magic going on here… :-) This applies to everybody: go read the PHP documentation on proc_open() if you’re in doubt as to what PHP Shell gives you.

  9. didier Belot:

    Thanks for this really great script !

    There are so many things annoying to do without a ssh account on a web hosting, like ‘rm -rf’ a whole subtree with a ftp client !

    It works like a charm, and it’s very easy to configure.

    Well done, sir!

  10. Martin Geisler:

    Thanks for the feedback! I’m glad you like it! :-)

  11. f00li5h (remove pants to email me):

    Sexy sexy commenting layout
    /me steals the css

    Love the shell, just right for sticking on a friends server while he’s not looking << >>

    i have to say it
    Props and a worrd up! very nice

  12. Martin Geisler:

    Oh, the theme of this site (including the CSS) is the default WordPress theme, so you cannot really steal it, it’s freely available ;-)

  13. iain:

    if you are a sysadmin use the following `php.ini` line to disable this type of program:

    disable_functions = exec,passthru,proc_open,shell_exec,system,posix_kill,popen
    
  14. sporkit:

    thanks iain. this is an incredibly dangerous script. a hacker got into my server threw a phpbb flaw and has been using this to hack shell account passwords and cause all other types of damage. im currently working on setting up a chroot jail on my freebsd server. hopefully this should keep thing under conrtol till i get that setup.

  15. Martin Geisler:

    Good luck on securing your server! I’m always sad to hear when people misuse PHP Shell for that kind of things…

  16. Ehsan:

    Hi guys,

    Who knows how could login with another user and pass into server from the phpshell screen?

    I’ve tried to use “login root” but it didn’t prompt me for desired password.

    How we can have several lines command?

    Thank you

  17. Martin Geisler:

    You cannot use commands that require interaction with PHP Shell — that includes the login program. But, as described in the documentation above, it should be possible to execute commands as another user using the Sudo program.

    Not that this would be secure, of course… if somebody gets access to PHP Shell, or if some other PHP script gives the user access to executing PHP code, then they too can use Sudo to elevate their priviledges. Use with care!

  18. Martin Geisler:

    As for commands spanning multiple lines: you can’t. Normally you don’t really need multiple lines in shell commands — multiple lines are just used to make things look readable.

  19. Notizblog » Blog Archive » MGeisler Blog - PHP Shell:

    [...] http://mgeisler.net/php-shell/ [...]

  20. Kartik:

    Hey d00d, Your php shell tutorial wrected havoc on my website. Someone used that script and exploited my whole website and uploaded some fake ebay pages.

    I dont know if i shud complain the FBI to you or to shika_hackmaster@hotmail.com <== the person using your script to exploit.

    Shud i take any action ??

  21. Phillip:

    Martin;

    Thanks. This script is exactly what I need. I’ve been writing simple cgi scripts for each command I need to run, which is a pain, and is even more insecure than your script. So this should improve my security somewhat.

    However, when I attempt to log in, it acts like I’m not getting my user name or password correct. I’ve verified that they’re set in my script, so I’m wondering if something is likely to be disabled by my ISP. Any guesses? Any way to verify?

    Thanks

  22. Martin Geisler:

    I’m sorry to hear that your server was exploited.

    As for who to complain to, then I’m no expert — I’ve never tried something like that myself. But I would contact the authorities and discuss it with them. I guess that the FBI would be able to tell you who to talk to in case they’re not the right ones.

    Remember to get hold of the log files for your server, they will be important if/when someone tries to investigate this.

    Good luck! Feel free to write back (either here or by email) if you have any luck getting the bastards caught!

  23. Martin Geisler:

    I’m glad that you are finding my script useful! Or that you are optimistic about it :-)

    I don’t know why you cannot log in — I’ve received several emails about this too, but was never able to find a reason. Reading through the PHP documentation on HTTP Auth reveals that the crusial $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables wont get set if you’re running in safe mod or as CGI (as compared to running PHP as an Apache module).

    If your PHP is running as a CGI script and you have control over a .htaccess file, then try inserting the following into it:

    <IfModule mod_rewrite.c>
       RewriteEngine on
       RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
    </IfModule>
    

    Then insert the following code at the top of phpshell.php:

    if((!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_USER'])
       && preg_match(’/Basics+(.*)$/i’, $_SERVER['REMOTE_USER'], $matches)) {
       list($name, $password) = explode(’:', base64_decode($matches[1]));
       $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
       $_SERVER['PHP_AUTH_PW']    = strip_tags($password);
    }
    

    Let me know if it helps!

  24. Sim0ne:

    Hey Martin,

    Thanks for the effort. Can I use this script to unzip a file in ftp? If so can you please write a sample that would unzip “nel.zip” inside http://www.nelmaxima.com for example?

    Thank you very much. I really need this help.

  25. Martin Geisler:

    You normally cannot unzip files using FTP — you can only transfer the file. But to unzip nel.zip with PHP Shell you would execute

    unzip nel.zip
    

    after having navigated to the folder containing nel.zip. This only works if your host has installed the unzip program.

  26. QuarkBlog » Blog Archive » PHP Shell:

    [...] Estuve buscando maneras de saltarme esta imposición sin tener que cambiar de puerto al demonio SSHd ni cambiar mucho la configuración de los servidores y dí con PHPShell, un programita que simula una consola en una pagina que podemos acceder desde cualquier navegador, lo malo es que no puede manejar los programas que se “adueñan” de la consola como vim o emacs así que para editar ficheros (el 90% del trabajo de un administrador) está un poco mal la cosa. [...]

  27. Pavel:

    how to change this $ cursor ex. root@diiid.com

  28. Martin Geisler:

    There’s not builltin way to change the $ infront of the promt to something else. But you could edit phpshell.php and change line 96 if you want to.

    And please don’t use PHP Shell as root, as the password will be written in plain text in phpshell.php.

  29. Syberon:

    This is fucking good :D

    i always wanted an shell with everything and now ? i have it everything !
    i run ventrilo on it.
    it is damm handy :D
    Thank u very much guys !

    have a little problem now but i hope i can fix it soon…
    i can’t open the file phpshell.php anymore :( because i used wget for getting a file and my pc crashed :S and since then i can’t open the phpshell.php file anymore :( can’t delete the file i was getting with the shell hatefull :( but if u guys know how to fix this please tell me :s

  30. Richard:

    Anyway to automatically run commands using phpshell ie:

    http://user:password@example.com/phpshell.php+‘chmod a+x somescript’
    http://user:password@example.com/phpshell.php+’somescript’

    I am trying to automate some installs across an intranet.

    Thanks!

  31. Martin Geisler:

    Cool idea, I hadn’t thought of that!

  32. Richard:

    I have 6000+ sites that I do not have SSH access to without emailing someone to turn it on. PHPshell has been a lifesaver, but I have to run a script and add code to them on a regular basis and it is a bit overwhelming. Sure would be nice to throw the command into a curl string to force a download of a script.

  33. sutart:

    Just found this tool - exactly what I’ve been looking for.

    Thanks!!!

  34. Martin Geisler:

    Wow, that’s an extreme number of sites! And now that I re-read your original comment I see that you actually asked a question! (But you forgot the question mark…)

    To run PHP Shell via an URL you simply have to pass a command via the command GET argument. Remember that you have to encode it yourself like the PHP urlencode() function would do: replace spaces with + and other non-alphanumeric characters with their hexadecimal representation.

    Then something like this should work:

    http://example.com/phpshell.php?command=chmod+a%2Bx+somescript
    

    where the spaces have been encoded as + and the + itself is encoded as %2B.

  35. Martin Butt:

    I have been using this program for some time and it is excellent. To all the people that have had their sites hacked with it, stop complaining and tighten your security.

    When I now try to access my phpshell.php file, I get an internal server error with the message “The server encountered an internal error or misconfiguration and was unable to complete your request.”

    I am presuming that the web host I am using has stopped some kind of PHP functionality. Do you know what kind of things could cause this? If it could be something to do with the php.ini, I can use a custom one.

    Cheers Martin,
    Martin

  36. Martin Geisler:

    Hi Martin!

    Thanks for the comments about people complaining… I couldn’t have said it better :-)

    If someone has disabled a function (that would most probably be proc_open — the only security-related function used by PHP Shell) then you should receive an error like this:

    Warning: proc_open() has been disabled for security reasons in /some/path/phpshell.php on line 146.

    But maybe the error is redirected to an error log somewhere… but even in that case I don’t get a 500 error here on my machine, I just get a blank page.

    So I basically don’t know why you would get a 500 error from Apache… sorry.

  37. didier Belot:

    With my ISP (http://www.ovh.com/), we have a 500 error with, for example:

    • a bad .htaccess
    • bads perms on a script (rwxrwxrwx)

    hope this help

  38. kato:

    Hi Didier,

    Does phpshell work with your ISP (http://www.ovh.com/) ?

    I have a 60gp plan with the same ISP and phpshell doesn’t seems to work. :(

  39. Martin Butt:

    I have found the cause of my error. My ISP uses an Apache module mod_security (http://www.modsecurity.org/) that blocks the filenames shell.php and phpshell.php (among others) because “it is an often used hacker script”.

  40. Ed:

    Martin — this script rocks. Thanks.

    My web host ( Godaddy ) doesn’t have tar.
    I would dearly like to be able to do something like tar — is there some clever way to substitute other commands?? i don’t know much about linux… here is some info i collected that contrasts GoDaddy with iPowerweb:
    http://azbikelaw.org/computer/webhostphp.html#Fun

  41. Martin Geisler:

    Hmm… Now, I don’t want you to get into trouble, but you can always rename phpshell.php into something else — the script doesn’t care.

    But please explain your host this: PHP Shell doesn’t use any “magic” function in PHP, just the plain, built-in proc_open() function. So they should disable that function instead of trying to keep hackers out by filtering on the filename.

  42. Martin Geisler:

    I know of no pure-PHP implementations of tar, but there’s several PHP implementations of the ZIP format, so maybe you could use one of those — I just found this one.

  43. didier Belot:

    Yes, with some modifications:

    1) put it in a protected subdir, containing a .htaccess :

    AuthUserFile /home/your_login/.htpasswd
    AuthGroupFile /dev/null
    AuthName “Private zone”
    AuthType Basic

    require valid-user

    See OVH guides for creating the .htpasswd file with correctly encrypted passwords:

    http://guides.ovh.com/ToutSurHtaccess/

    http://www.ovh.com/fr/espaceclient/outils/crypt_password.pl

    2) then you can remove the phpShell part that deal with authentification…

    Mine looks like:
    if (0) {
    // not available at ovh… use .htaccess !!!
    header(’WWW-Authenticate: Basic realm=”PhpShell 2.0″‘);
    header(’HTTP/1.0 401 Unauthorized’);
    $authenticated = false;
    } else {
    $authenticated = true;

    hope this help!

    Good CLI sessions with phpShell ;-)

    didier

  44. Martin Butt:

    That is what I did.

  45. Ed:

    Thanks for pointing that out. It hadn’t even occured to me that there would be a php implementation. By the way, that one you pointed out does do tar in addition to zip.

    I couldn’t quite get it to work — i can see the contents/structure of my tar file but I can’t figure out how to extract it….and it is stuck in french :-)
    but i’m sure it’s something i’m doing wrong on my end.
    Thanks again.

  46. Zach:

    Just a suggestion to folks, change the name of the file from phpshell.php to something else, then put it in a directory with a name that is really stupid, profanity works well also :)

    then use .htaccess to block access to that directory to the world

    then simply give your IP access. Course only works if you are on at least a semi-static IP (most cable connections will retain the same IP address for years, even non static connections - unless you disconnect it for 24 hours or so, or change MAC addresses)

    Use a stupid directory name so you wont screw up and open it up to the world, change the filename to prevent someone from IP spoofing your IP and accessing the file to run whatever. (You can always spoof your outgoing IP - so sending commands, if you know what to send, and where to send is trivial - you just can not get anything back - but someone that spoofs an IP, sends a command in to change the .htaccess file to give them access, now has direct access)

    Anyway - after all that, by doing the above - you make it so you can get in and use that script, and others, with no hassle, and is actually more secure than most any other method, since you just would redirect not from the correct IP to your 404 page - which tells them that nothing exists there, and they have to look elsewhere to try to break in.

    Nice script

  47. crake:

    i saw a tutorial using version 2.63 dev. where can i download that?

  48. Martin Geisler:

    Where did you see that tutorial, could you please post a link? There’s no such version, so I’m curious :-)

  49. a2z:

    google phpshell 2.6

  50. crake:

    its is a file manager tool. by ‘macker’ it includes a tool called haxplorer. the tutorial is a tut showing how if you dont secure your server people can easily get in and find ur mysql pass and stuff

  51. kato:

    Thanks, it works !

    kato

  52. flo:

    hallo
    this piece of script is genious! im happy with it.
    i now tried it on a new webproject with an other server and every command i type in it says with always: “no such file or directory” at the end…: example if i try to get a tar file from source forge:

    sh: line 1: /wget: No such file or directory

    but i can change directories with phpshell, where is the problem? thanks and best regars, flo

  53. a2z:

    all in all great tool ;)

  54. flo:

    hi martin!
    is there something wrong with your email? i always receive an error.
    best regards, flo (from schaffhausen..)

  55. Martin Geisler:

    You’re probably trying to send to the old gimpster@gimpster.com address, right? That domain name is dead — please use mgeisler@mgeisler.net from now on.

  56. Aunt Jemima's Revenge:

    Martin…THANK YOU so very much for publishing this program. This is a lifetime accomplishment that most people never come close to executing. You have most cerainly helped hundreds of thousands of people through this program. Be sure to disregard these silly posts about people reporting you to the FBI.

    Now. I am also having the same difficulty as the orignal poster on this thread. I host with GoDaddy, who I verified does not have my PHP set to safe mode. It appears, then, that my script is recognized as a CGI file, BUT I don’t have control over a .htaccess file.

    Suggestions?

  57. Aunt Jemima's Revenge:

    Again, this is the error message I get:

    [PhpShell 2.0

    You failed to authenticate yourself to PhpShell. You can reload to try again.

    Try reading the INSTALL file if you're having problems with installing PhpShell.]

    1.

    I followed the directions to reset my password:

    $passwd = array(’username_1′ => ‘password_1′,
    ‘username_2′ => ‘password_2′,
    // …
    ‘username_n’ => ‘password_n’);

    */
    $passwd = array(’fuck’ => ‘me’);

    /* Set your aliases here. Each key in the array will be substituted
    * with the corresponding value before the commands are executed. */
    $aliases = array(’ls’ => ‘ls -CvhF’,
    ‘ll’ => ‘ls -lvhF’);

    if (!isset($_SERVER['PHP_AUTH_USER']) ||
    !isset($_SERVER['PHP_AUTH_PW']) ||
    !isset($passwd[$_SERVER['PHP_AUTH_USER']]) ||
    $passwd[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
    header(’WWW-Authenticate: Basic realm=”PhpShell 2.0″‘);
    header(’HTTP/1.0 401 Unauthorized’);
    $authenticated = false;
    } else {
    $authenticated = true;

    /* We now start the session. */
    session_start();

    /* Initialize the session variables. */
    if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
    $_SESSION['cwd'] = getcwd();
    $_SESSION['history'] = array();
    $_SESSION['output'] = ”;
    }

    1. I renamed phpshell.

    2. I’m still fucked!

    Suggestions?

  58. Martin Geisler:

    Thank you very much for your encouraging comment!

    About your problem: I have no real idea of the solution. Judging from the number of posts about failed authentification, I guess I need to make an internal solution for PHP Shell — what I once thought was the easy solution of just sending out a header, has turned into something not as easy for a lot of people.

    So I’ll rewrite that… someday. Right now I have an exam coming up next Tuesday which I need to focus on first :-)

  59. Ryan:

    Thanks for such a great script. I created my own shell.php script a few years back, but yours is MUCH better. Great job and thank you again.

    I am having the same passwd problem. I created a similar, but not as advanced shell.php script. It works fine, so my guess with the phpshell.php script is that there may be an issue with the way it authenticates. I tried your suggestions, but nothing worked. I finally commented out the authentication and now use a .htaccess file to do that.

    My question: Is using a .htaccess file more or less secure than the built-in authentication phpshell.php uses?

    If it is equally secure, will you please add that option with instruction on how to do it to the INSTALL file.

  60. master:

    hi martin and thx for ur perfect script.
    I’ve been using phpshell for some weeks but suddenly it stoped working and the error
    is : sh line 1: /public/home/autice/auth//ls: No such file or directorys :
    what can I do?!
    thx

  61. Argyll:

    My Whole site was wiped out.. all that was left was this proggy, guess someone managed to get it into a folder and run it,
    5 years of work, over a dial-up all wiped out………..

  62. Martin Geisler:

    Oh boy… I’m sorry to hear that — I hope you have a backup of your work. I always have a copy of my site on my own computer, which I then upload to the Internet when I’ve changed something. Then it’s only stuff like the database which isn’t on my machine, but for that I’ve arranged a nightly backup too.

    Everybody: please understand that enabling PHP on your webserver is a risk — you turn something which would normally just server static pages (an idempotent operation) into something which can potentially make a whole lot of problems.

    I’ve said it before and I’ll say it again: PHP Shell has no “magic” commands in it, just a simple call to the builtin proc_open() PHP function. So the problem lies with PHP — PHP Shell just makes it more convenient to exploit insecure PHP installations, but it does not fundamentally change the problem.

  63. Argyll:

    NAh it was getting to big to manage over a dial up modem … used to do that but was taking to long even to update a few pages…… last year or so was updating Live…. 256 MB wiped out……

  64. Martin Geisler:

    But, but… the type of connection has nothing to do with how difficult it is to manage! It’s a matter of using an reasonable intelligent tool to mirror the stuff from your computer to the server. I use sitecopy myself, but any self-respecting FTP program should be able to copy just the changes.

  65. Roy Schestowitz:

    How does one get notification about updates? Maybe it’s worth putting on Freshmeat/Sourceforge with download links that point to this site? Either way, the tool is very valuable.

  66. Roy Schestowitz:

    I suggest you urge people to also put the script under password-protected directories. It gives a double-layered protection: Apache(/equiv.)-PHP

  67. Martin Geisler:

    I’ve been using Freshmeat for years now, so it should be easy: PHP Shell on Freshmeat. I might put it on SF too one day, but so far it has just been a little script with no big needs (but maybe that’s changing — I’m getting a lot of comments about it now…)

  68. GoDaddy User:

    I have shared hosting on GoDaddy… when I upload the phpshell.php and change the user/password to my choice… I cannot login. GoDaddy serves the page, prompts me for the phpshell username/password… and then when I submit the form, it asks me to login again… I cannot authenticate. I’m sure I’m using the username/password I’ve set. What can I do?

  69. Syberon:

    Hi GoDaddy user,

    if u get the window to enter your username and password fill in the username and password u edited in phpshell file.. then u can login :D if u didn’t done that u can’t login …

  70. ardhizer:

    I allready change password
    and the script ask me the password over and over again
    can you explain me?

  71. Martin Geisler:

    New version released! I’ve made the authentication internal and hope that this will solve all the problems people have had with repeating login boxes.

    Please download it and give it a go! I’ll be offline the next couple of days, but when I get back some time in the new year I’ll look at your comments.

  72. Tobias:

    Hi,
    thank you for that great software.
    It spares me moving to an other provider!!!

    Tobias

  73. Dmitriy:

    Hi! When i tried your script i cant recieve an output from progs such as "less, man etc...", so any progs waiting interaction from user cant be run… Can it be solved?

  74. Tobias:

    Hi Dmitriy,
    I am not Martin Geisler, but I think I can give you an answer, too.
    No! Because this works with an where you see the results of what you entered and an where you can enter new commands. So these are do different areas. And the thinks you type will not be sent to the server before you hit Enter or the botton under these fields. So using interactive software can not be possible on this way!

    Hope I could help you!
    Tobias

  75. ardhizer:

    Your new version work fine, many thanks for that
    Good job martin, I love it

  76. ardhizer:

    Martin, can you add ‘Clear” button to clear phpshell main screen ?

  77. Martin Geisler:

    Yes sure. I can add that to the next version — in the meantime just log out with exit or use the logout-button.

  78. Martin Geisler:

    I guess Safe Mode has been enabled in your PHP installation. Please see the SECURITY file in the latest release where I write a bit about the problems with Safe Mode.

  79. Martin Geisler:

    Could you please try the newly released version 2.1? I’ve changed the authentication logic and hope it helps with problems like yours.

  80. Martin Geisler:

    Please try version 2.1 in which I totally rewrote the authentication logic.

  81. Martin Geisler:

    Has the new version 2.1 helped with this situation so that such hacks aren’t necessary?

  82. Martin Geisler:

    Please try out version 2.1 where I rewrote the authentication code. I hope that it works on your host too.

  83. -CD-:

    AWESOME!
    As long as all persons use the internet responsibly, there will be never be a disincentive for the development for tools such as this.

    Thanks. -CD-

  84. Martin Geisler:

    Sorry about the late reply — both forms for authentication sends the password in cleartext over the wire, and are thus equally bad.

  85. father:

    i thought sitecopy updated the “site” with changes made locally, not the reverse. so if you deleted or changed the file on your local machine, the file would be changed or delted on the server.

    this doesn’t sound like it would help to archive/restore a site if it was destroyed.

    then i could be reading the “description” the author provided incorrectly.

  86. father:

    Fatal error: Call to undefined function: proc_open() in /home/httpd/vhosts/xyz.com/httpdocs/phpshell/phpshell.php on line 237

    everything works great until i type in a command like “dir”

  87. Martin Geisler:

    No, you have gotten it right: sitecopy will copy changed files from your computer to your website, without you having to remember what you have changed, added, or deleted.

    There are tons of such programs, and with any of them you automatically get a backup of your site on your own computer. So if someone manages to destroy the online copy, you still have your offline copy. That was the why I suggested sitecopy.

  88. Martin Geisler:

    But you can succesfully execute other commands?! Then it is very strange since the proc_open() shouldn’t just become undefined from one moment to another…

  89. Dave Matthews:

    Excellent script! I created a PHP Shell back in 2004 when I was with iPowerweb and discovered that my webhosting company was not secure. Later, I decided that I would run my own dedicated systems and not allow php access to users or shell access. This seems to be the most secure setup so far. This script is legal and it illustrates how vurnable secuiry can be.

  90. Eric:

    I can not seem to change directories under phpshell when the the destination contains a space. I have tried cd name\ with\ space and cd "name with space" but both seem to fail. I am able to ln - s name\ with\ space namewithnospace and then cd to this new name but that is not desired. How can I cd to a directory with a space?

  91. Martin Geisler:

    Uh… you cannot, sorry :-( I’ll fix it for the next version.

  92. RibaNet:

    hello

    thanks for this software!! I hace installed in my private directory in my domain http://www.ribanet.com

    regards from spain!

  93. Dan:

    As long as all persons use the internet responsibly

    Well, that’s certainly something we can count on!

  94. Seattle Web:

    This is a great script - thanks!

  95. Stephane:

    is there a way to make this script work with windows xp because i can ask for dir command off the directory where the application have been lauch but i cant change it i am stall to this directory
    thanks!

  96. Tobias Unger:

    Hi,

    I have published a patch containing an editor feature - you may download it at http://www.tobias-unger.de/download (GERMAN) or at http://sourceforge.net/projects/phpshell/ (in the patches categorie (ENGLISH) !

    If you find errors or have problems with the patch please tell me (mail@tobias-unger.de).

    Tobias

  97. Martin Geisler:

    Like I told you in a private mail, then I don’t know why this doesn’t work. My guess is that it is because of the use of \ in paths on Windows, as compared to / on Unix/Linux. But I haven’t really looked into this.

  98. Martin Geisler:

    Great with addons! As you can tell from the SourceForge URL, I’ve begun moving the project there. Right now only the files are there along with a mailinglist, but I will move this page (or one like it) there at some point in the future.

    So please go to http://sf.net/projects/phpshell in the future with your feature requests, your bug reports, and all your other good ideas. Please use the tracker system there so that the reports are properly sorted.

    If you have found PHP Shell especially useful for you, you can now show your appreciation in a concrete way by donating money from SourceForge. Of course you can also continue to use it for free, if you so wish.

    In any case: PHP Shell is going to SourceForge, please follow along! :-)

  99. Online Beesh head:

    I just found this tool . its freakain awsome and i hope you keep updating :] but im having some problems =\ .. im running this on http://www.ripway.com and when i try to unzip a ziped folder for example lol.zip i get
    ” ‘/unzip’ is not recognized as an internal or external command,
    operable program or batch file. ”
    and when i try to use the command “cd” to open a folder/file i get an error such as
    ” chdir(): SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access \ owned by uid 0
    cd: could not change to: /ventrilo ”
    What does it mean by “uid 0″ how would i edit that so i can make it so i can open other folders and run files and such?

  100. Martin Geisler:

    Hi! Did you read the SECURITY file? It contains information about Safe Mode — it basically comes down to this: PHP Shell wont work on your server. If it is your own server, then you can disable Safe Mode in your php.ini file. Otherwise you’re probably out of luck :-(

  101. Dawn A:

    Love the script, thanks Martin, worth a $10 Paypal donation after the first command I executed :). I’m using GoDaddy too. One question. I found you from the MediaWiki FAQ, http://meta.wikimedia.org/wiki/MediaWiki_FAQ where we are advised to run “php rebuildMessages.php –rebuild”. Every other typical shell command works for me in your script (cd, ls, and so on), but this command spends 4 minutes with Firefox saying “Waiting for [my host]” and then “Done”. But no command output, no new $ prompt in the window. At this point, even clicking Logout has the same result.

    Am I hitting a timeout, or is the php command generating output like “vi” or “less/more”, or … ?? I know the rebuild didn’t complete because my wiki doesn’t reflect the changes (even with shift+reload). Can I determine if it took errors, somehow? (I’m thinking output pipe or redirection won’t work if the command isn’t completing….) Grateful for any ideas.

  102. Martin Geisler:

    Thank you very much for you donation, it is very much appreciated!

    I’m afraid that I have no good suggestions for your problems right now… and I’m in the middle of moving from Switzerland to Denmark, so it will be a little while before I have time to think of some :-(

    One small suggestion, though: since you’re trying to run a PHP script, maybe you could simply look at rebuildMessages.php and see what is executed when it is run? Then simply call that function from a little PHP script. I hope you see what I mean, if not then I’ll try and explain again when I get some time.

    Thanks again for your support!

  103. ardhizer:

    hey martin. im still waiting for “Clear button”
    I just wanna remind you. thanks

  104. Matthew:

    I think its a GoDaddy thing, as I’ve experienced it to (GoDaddy with PHP Shell and Phonsole). I think it has something to do with the PHP script trying to fork (but not being able too). So far haven’t found a workaround.

  105. Gregory L. Magnusson:

    Nice. Very nice.

  106. shawty:

    Excelent bit of code, means i can access my site from work now!!!

    Here’s a little tip…

    if you add

    if(!isset($_SERVER['HTTPS']))
    {
    print “

    I refuse to run, unless i’m secure!

    \n”;
    die();
    }

    right to the top of the index file, then your forcing it to only run if on a https connection..

  107. chris:

    how can i clear the history?

  108. Martin Geisler:

    I’m afraid that you have to close your browser at the moment. This will make your browser delete the session cookie, thus clearing your history.

    I could make a button for this in the next version. Work on PHP Shell has been stalled by lots of exams in all of February, a move from Switzerland to Denmark, and now a move into my new appartment.

    But I will have my computer back online some time next week and hopefully start to settle in with my Ph.D work. So lots of stuff is going as you can see :-)

  109. Martin Butt:

    Well done on the Ph.D! As ever, always looking forward to the next version!

  110. Martin Geisler:

    Thank you! You’re very welcome to add your suggestions for the next version to the SourceForge tracker system. That should make it harder for me to forget about them :-)

  111. MR:

    Perhaps it is a stupid question, but i did not find a solution for the problem.

    I always get the message:

    Fatal Error!

    proc_open() has been disabled for security reasons

    phpshell.php, line 240.

    I found it in the SECURITY file but didn’t find a solution for it. Can someone help me?

  112. Martin:

    Well, it means what it says: the essential proc_open() function has been disabled on your webserver by the administrator.

    He or she has probably done so to prevent scripts like PHP Shell from working and there is nothing that you can do about it except asking for it to be enabled again.

  113. Michel:

    Thanks for the script Martin.
    Just wanted to mention a few simple ideas. It could be useful to emulate the ‘clear/cls’ command to empty session output. Which lead me to think some *nix - WinNT translations might come in handy. I.e. accept command equivalents like ‘cp/copy’, ‘diff/comp’, ‘fgrep/find’. I experimented with this for a bit with a ‘which’ command for WinNT (for which you could use PEAR’s System::which()).

  114. Sridhar:

    When I unzip a file that creates directories, I get permission denied. Is there any way other than creating a directory, CHMODing it to 777 and executing the unzip inside this directory?

  115. Martin Geisler:

    No, that should work. And you can unzip files okay if they don’t create directories?

  116. Sridhar:

    well, I am not able to place any files or unpack (whether or not it has directories) if while using the PHP shell, my present working directory doesn’t have CHMOD 777. Basically only if my present working directory is CHMODed to 777 am I able to do any ‘write’ activity i.e., downloading files in that directory or unpacking to create new files and directories.

    Check this screenshot: http://img88.imageshack.us/img88/6632/phpshell17rc.gif

    Now in the above screenshot example, if I CHMOD phpshell directory to 777, it works. Currently it’s at 755.

  117. Martin Geisler:

    Your problem might be that your webserver (apache probably) is running as a different user than what you use when you FTP or otherwise upload files. Check the ownership of your files with ls -l, then try creating a file with touch test and see if test is owned by a user like nobody or www-data or similar. If so, then that is why you need to CHMOD 777 your directories first (using your FTP program I assume).

    Apache (or whatever webserver you are using) can be reconfigured to have PHP run as the proper user, but it is something your admin has to do. I believe one has to use something called suExec but I’ve never tried it myself…

  118. Sri’s weblog » Blog Archive » links for 2006-04-20:

    [...] Martin Geisler Online » PHP Shell a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. (tags: PHP script shell SSH) [...]

  119. hossam elkazaz:

    hello mr://
    i upload the script in the site and i cann’t sign in what the master id and when i go the config fill it tell me that masseg ” Forbidden” and the sell php fill open easy what this can you tell me plz email me
    thanks

  120. Martin Geisler:

    I’m sorry, but I don’t know what would cause the “Forbidden” page you see. Those pages are normally something you configure your webserver to send back for URLs that are forbidden, but PHP Shell cannot do that.

    Please tell me if you have PHP working at all? I mean, do a simple test page work (one with just <?php phpinfo(); ?> in it).

    It could be that your administrator have configured the webserver to send out those “403 Forbidden” errors for URLs that look like PHP Shell. Try contacting them and ask if you are allowed to run PHP Shell at all.

  121. Martin Geisler:

    Ahh, I just remembered: you cannot view config.php in your browser, it sends out the “403 Forbidden” header you saw. You should not load it anyway, you should edit it with a text editor and then go to phpshell.php as stated in the INSTALL file.

  122. Rex MIS Blog » Blog Archive »:

    [...] http://mgeisler.net/php-shell/ [...]

  123. etynos - noticias tecnologicas y contenido vario » Blog Archive » PHP Shell desde Web:

    [...] Descarga PHP Shell .ZIP Descarga PHP Shell tar.bz2 Más información en PHP Shell [...]

  124. Sleepy:

    Martin,

    this is a tremendous tool.
    Thanks a lot and keep up the good work.

  125. irving:

    Hi, I wonder if anyone have tried to use this script in PHP 5.1. Because I did, and it doesn’t work. At first, login does not work. I tried to debug the script and have to remove the checking for the nounce Session variable.

    But then, after I managed to login, each time I typed a command, I was kicked back to the login page.

    I tought it was something to do with Session_start() command. But then, I tought, well, maybe I shoud use PHP 4 just like everyone else. Then, it works.

    So, what’s wrong? What has changed in PHP 5 that makes your script does not work?

    Thanks.

    • irving
  126. Martin Geisler:

    I’m using PHP version 5.1.2-1+b1 myself (Debian packages from testing) and it’s working fine with PHP Shell version 2.1 and the SVN trunk.

  127. irving:

    Hmm, what’s the difference then? I hosted at phpwebhosting.com, and they’re using PHP in CGI mode. Any problem with this config? I saw several posts before about authentication problem with CGI-mode PHP, but I tought this is solved in 2.1.

    From phpinfo(), I get that the PHP version is 5.1.0RC1, CGI-mode, safe-mode OFF, session.use_cookies ON.

    Can I email you directly? So I can share the links and give you some access to test it.

    Thanks.

    • irving
  128. Martin Butt:

    I’m on PHP webhosting and had the same problem. I’ve just disabled the login and intergrated it in to my administration area which has it’s own authentication. Let me know if you get to the bottom of this.

  129. irving:

    Martin, after you disabled the authentication codes, does the code works? Because mine keeps encountering 500 Internal Server Error.

  130. Martin Butt:

    You’ll need to rename the script t osomething obsqure. Security in Apache wont allow anything called shell.php or phpshell.php.

  131. irving:

    Oh, I did that already (renaming). Like I said, when using PHP5.1 setting, I can’t login. So, I used PHP4 (using .htaccess). I can pass login, issued a single “ls” command successfully, then when I tried to “cd” to a directory, get the 500 Internal Server Error.

    So, I just want to know whether everything run smoothly with PHP5.1 aside from the authentication problem.

  132. Martin Butt:

    The server I’m on is using PHP Version 5.1.0RC1. I’ve tested the script to ensure it is still working and it is.

    Set it back to use PHP5, remove the password protection, put a .htaccess password on it.

    If it works, then sort out some better security than a .htaccess password. If it doesn’t, then I have no idea.

  133. Martin Geisler:

    I gather from this that we should make the authentication optional (with big warnings if you disable it). I’ve created a Feature Request for tracking this.

  134. Martin Geisler:

    This is a good tip! I’ll include something about this in SECURITY or somewhere else… both because I feel that the administrators should know that this is a useless way of “protecting” a server, and because I want to make it easy to use PHP Shell.

    The feature request is here.

  135. Makaveli:

    Hello, i have a question, could you tell me (or do it for me) what needs to be changed for the script to work on windows machines? And another question, could you make the editor work for version 2.0? I have made a skin for 2.0 and i like it better than 2.1 but the editor would be a much appreciated feature. Please let me know.

  136. Martin Geisler:

    I have no idea about Windows machines, I don’t use any myself…

    I’m also uncertain as to what you mean by a “skin” since PHP Shell doesn’t support themes. But 2.1 isn’t that much different from 2.0 in apperence, so shouldn’t it be easy to port any theme from one to the other?

  137. Makaveli:

    I know that the script doesn’t support sking, i didn’t know how to expres myself better as english is not my native language. I ment i have changed the design a little and also made it in my native language.

  138. Martin Geisler:

    Sorry, when that was what you meant, then what you wrote makes sense :-)

  139. Murray Mintz:

    I first learned abut phpshell a couple of weeks ago, when someone installed it into an Image directory (un protected) in an OSCommerce sandbox I had installed on a development url that I use to test things. It wasn’t regularly used and somehow a thief got in and setup a site to collect information for his phishing scheme used to trick PayPal customers into giving him their personal and credit information. He actually had 28 people respond before I stopped it. Fortunately I was notified by a saavy web developer who found me through whois and let me know. By using PhpShell . . . he took over a site without shell access and wouldn’t let me delete folders. I had to delete the entire site and reinstall it. Luckily, it was only a Sandbox and not a working site. It made me aware of security holes. I don’t blame your program, as bad people can always misuse a tool, but I thought you should be aware that people are using it maliciously.

  140. Martin Geisler:

    I’m sorry to hear about your trouble, but glad to see that you understand the issue. The core point is that PHP Shell does nothing sophisticated, it’s equivalent to uploading a PHP file with

    <?php system('evil command'); ?>
    

    in it and then executing it. Nothing more. So the problems basically come from badly configured webservers with writable directories.

    That there are so many such servers is frightening, and that people then actually get tricked by those phising sites is even more frightening!

  141. rob:

    Hey Great Script altho I couldnt get it to work. I read through a couple of comments and none had the same problem. I keep getting this:

    “Forbidden
    You don’t have permission to access /phpshell.php on this server”

    I CHMD”D it to 777 along with the other files but no luck. I am guessing my host disabled it.

  142. Martin Geisler:

    Yeah, they probably did. It sounds like somebody has tought Apache to deny requests for files called phpshell.php.

    You could try renaming it, but you should probably just ask your host first if you’re allowed to run something like PHP Shell at all.

  143. Val:

    Thank you for that great script! It is very useful, I really like it!

  144. ssteam security weblog » Blog Archive » PHP Based Remote Shells Review:

    [...] PHP-Shell by Martin Geisler [...]

  145. links for 2006-08-16 at 59ideas:

    [...] Martin Geisler Online » PHP Shell (tags: php opensource tools) [...]

  146. Fred:

    Is it still possible to automatically run commands (eg with lynx and cron).

    In former times (with older versions) the following was possible:
    http://user:password@example.com/phpshell?...
    (look at comment nr. 34)

    Thanks!

  147. Martin Geisler:

    Hmm, no, unfortunately not. (I think)…

    It is complicated by the fact that each login is associated with a so-called nounce, a number used once. This means that you have to first go to the login screen to get the nounce, and then you can POST your username/password to actually log in and have a command executed.

    I introduced this two-step thing to prevent people from logging in after one has logged out by simply going back in the browser history.

    But what you really want from PHP Shell is this little bit of code:

    $io = array();
    $p = proc_open($command,
                   array(1 => array('pipe', 'w'),
                         2 => array('pipe', 'w')),
                   $io);
    
    /* Read output sent to stdout. */
    while (!feof($io[1])) {
        $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
                                                ENT_COMPAT, ‘UTF-8′);
    }
    /* Read output sent to stderr. */
    while (!feof($io[2])) {
        $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
                                                ENT_COMPAT, ‘UTF-8′);
    }
    
    fclose($io[1]);
    fclose($io[2]);
    proc_close($p);
    

    This is what does the “magic” — executing what’s in $command and getting the output. You’ll want to simply print it instead of saving it to $_SESSION['output'].

    Putting that code in it’s own little PHP script should be perfect for calling from cron jobs. Store it in a directory with a random name and violá, you have your own special-purpose PHP Shell :-)

  148. links for 2006 Aug 14-20 at 59ideas:

    [...] Martin Geisler Online » PHP Shell (tags: php opensource tools) [...]

  149. sgardner:

    I just downloaded this via sourceforge, and clamav reports that it is infected with a virus.
    phpshell-2.1.tar.bz2:PHP.Defash.B FOUND

  150. Martin Geisler:

    Hmm, this is strange. But you’re right — I don’t have ClamAV on the machine I’m with right now, but I tested the file online at http://virusscan.jotti.org/. They will check your files against no less than 15 virus scanners.

    And ClamAV really reports PHP Shell as being infected with something called PHP.Defash.B. I was unable to dig up any description of this virus code. I guess I’ll have to complain to the ClamAV people and ask for an explaination, thanks for bringing this to my attention.

    I’ll start signing the files released on SourceForge — I briefly looked them over and they look fine, but having digital signatures would be better.

  151. andreas:

    hehe i discovered a funny mistake on ur page ;)
    i also wanna lunch a command line tool, as i dont know how it will taste ;)

    “All programs have to be strictly command line programs, and they will have no chance of getting user input >after they have been lunched.”

  152. Martin Geisler:

    Hehe, I hope they taste good :-)

  153. Konsolenzugriff ber eine Webseite mglich? - Server Support Forum:

    [...] Es gibt PHP-Scripts, ber die Du auf die Shell zugreifen kannst, zB. das hier: Martin Geisler Online PHP Shell. Ist Port 443 auf der Firewall nicht offen? Sonst knntest Du SSH auf diesen Port legen. Geht natrlich nur, wenn Du kein HTTPS brauchst. Oder Du erstellst eine iptables-Regel auf dem Server, die alle Pakete von Deiner Bro-IP aus kommend auf Port 80 lokal auf Port 22 weiterleiten. So hast Du quasi fr Dich persnlich SSH auf Port 80, ohne den Apache zu stren. Geht aber nur, wenn ihr im Bro nur einen Paketfilter und keinen Proxy habt. Aber Vorsicht: Das absichtliche Umgehen von Sperrmassnahmen ist bei Arbeitgebern nicht sehr beliebt und kann zu einer fristlosen Kndigung fhren. Der Dialog mit dem Netzwerkverantwortlichen ist besser, vielleicht ffnet er Dir ja Port 22. [...]

  154. Fred:

    Thank you for your hint (comment 147). I works great!

  155. Fred:

    PHP-Shell is getting slower and slower if I work several minutes with it. Is it because also the “screen” (output of former commands) is sent to the server? What is the reason? Isnt there a better way?

  156. Fred:

    Ive got a second question (same topic). There was a “reset” button in the old version of php-shell. After pressing this button the “screen” was cleared and anything was faster. Is there a chance for a reset-button in phpshell 2.2?

  157. Giorgos:

    I get the following error using 2.1 and 2.0

    Not Acceptable
    An appropriate representation of the requested resource /php/phpshell.php could not be found on this server.

    Apache/1.3.37 Server at http://www.ezbytes.net Port 80

    Anyone has any pointers ?
    Thanks

  158. Giorgos:

    renamed phpshell.php to something else and it finally worked

    I guess my host is aware of phpshell and does not want it running!!

  159. Joe:

    i need to run a shell script in php which i run from command prompt as C:\WAMP\PHP\PHP-CGI C:\WAMP\WWW\IP.PHP. What I need is, I want to print the script with the public IP of the same mchine (my server running on windows). how s is possible??? PLease please help me if anyone knows. thanks in advance. joe@ihawk17.net

  160. Scott:

    To past and future comments that:
    * Don’t know what proc_open() is
    * Want to know how this got installed on your site
    * Blame the author for misuse of the script
    * Complain or assign blame to anyone other than yourself for negligence (ie, “I lost 5 years work because I was too moronic to keep backups”)

    Basically, you are in over your head doing whatever it is on your website or company. Hire a competent developer, or hit the PHP books HARD and learn those boring Security chapters you skipped over. Even experts can get blindsided by security holes, but only a fool tries to blame someone else.

    Neat script BTW. These days I use SSH keys as it’s more restrictive in what can be run, but I can see the usefulness of this.

    For me, the BEST part was reading the ignorant comments. I hope these people used their real names, so that someday future employers can assess the poster’s um, technical skills and risk management abilities. :-)

  161. Kenny Scott » PHP Shell:

    [...] I might need to install PHP Shell to upgrade my version of MediaWiki to v1.8.1. [...]

  162. Tom70:

    I have two domains and my provider points it to one site (hate him for that). E.g. http://www.site1.com will show the same as http://www.site2.com.
    So, on to my question: Is there a possibility (small script) to switch to http://www.site2.com/site2/ when a user writes http://www.site2.com into the browser?

    Thanks for your help and sorry for the bad english.

    Tom70

  163. reza:

    RE: GoDaddy

    phpshell works fine for me on godaddy.
    and no, godaddy doesn’t have tar (dont know why) so I just copied it over from my linux box and it works fine. I’m trying to figure out a way to tunnel a connection directly to bash on the box so I can avoid using phpshell.

    Reza

  164. panayotis:

    I have a similar problem with “Sridhar”, who wrote a message a couple of months ago.
    I actually have hosting accounts in two companies. In the first company the script works perfectly (and really really thank you…)
    On the second machine, I can not create any file or directory at all, although I can browse the filesystem, run commands and cat files. For example:
    $ touch ko
    touch: cannot touch `ko’: Permission denied

    The directory permissions are 755 and I can’t change this.

    Thank you for this time saving script!

  165. Alegolas:

    hey..
    really good code man..
    very tnks for public that..

    i have a problem when i change the code..

    in javascript, when i write “” the page dont load..
    i mean, load a white page withou all im done in code.. undestand?

    i dont know how to fix that..
    can u help me in this question?

    so very tnks for the code and his are very very good..
    tnks.. and i hope u answer me..
    tnks :D

  166. Martin Geisler:

    @Alegolas: Eh, I don’t really know what you’re talking about. You’re not supposed to change the JavaScript. Your question sounds more like a general JavaScript question and not so much about PHP Shell.

  167. DC:

    This is a nice little app Martin… May I suggest a probably simple mod? Let it execute PHP commands too… These of course could be multiline scripts… I suppose I could hack your code and do it myself, and I’m willing to help, but if it got built into your code it would help more people…

    <

    p>My specific reason for thinking this feature is useful is my hosting account does not come with shell access… I thought your script would work, which it largely does, but I need to make symlinks and while I can make links from php evidently the your script running under my uid doesn’t have permission to exec ln and who knows what other commands … i suppose they just changed the permissions on those to admin or something… and i suppose *nix trusts php built in libraries more than it trusts me even under the same uid… hehehe … anyways you could probably just add a few lines of code… maybe just check for a

  168. Sed:

    Hello world

  169. tita lang:

    hi martin,
    thanks for your script, helped me a lot.
    just one thing. made a password in md5. wasnt sure if its right. refreshed it a second time and took the second md5 into the config. login failed. deinstalled the cript from the server. put it on again with a normal password, written in the congif. - login failed. how can i login?
    thanks

  170. Martin:

    Either MD5 hashed password should work. The hash changes every time because a small random string is added infront of the password, this is a called a salt.

    I don’t know why you couldn’t log in with your password. Try putting something simple like test = test into the config.php file and see if it works.

  171. bob:

    Brilliant, thank you. I was searching for this for a while.

  172. valley:

    Is this programme any good for a LOGMEIN style remote access of the server ? Please excuse me if that sounds daft. I am looking for a simpler solution.

  173. Martin Geisler:

    No, PHP Shell has nothing to do with LOGMEIN.

  174. Amanita.net » Blog Archive » Quicklinks for 2005-10-26:

    [...] `PHP Shell It’s a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet-connection. (tags: php) [...]

  175. dae:

    Re: Comment 157, reporting this problem:
    Not Acceptable
    An appropriate representation of the requested resource /php/phpshell.php could not be found on this server.

    Solution:
    Create an .htaccess file with this in it:

    SecFilterEngine Off
    SecFilterScanPOST Off

    Place that file in the same directory as the phpshell files.

    Worked for me. Hope it works for you.

  176. dae:

    That last post lost info:

    What is needed is this:
    Left pointy angle LESS_THAN_SYMBOL and
    right pointy angle GREATER_THAN_SYMBOL
    which don’t want to appear in HTML on this page.
    Note: there is a forward slash in the last line.

    LESS_THAN_SYMBOLIfModule mod_security.cGREATER_THAN_SYMBOL
    SecFilterEngine Off
    SecFilterScanPOST Off
    LESS_THAN_SYMBOL/IfModuleGREATER_THAN_SYMBOL

  177. gs:

    Thanks dae, unfortunately after applying your solution I got this.

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, webmaster@.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    Apache/1.3.37 Server at .com Port 80

    What Can I do now?

  178. gs:

    Ahh ok, according to the server error log
    SecFilterEngine not allowed here

    I guess I’m out of luck?

  179. France-Logiciel:

    This is a great system.
    I started to use it on my website for my customers !
    Thank you !

  180. France-Logiciel:

    i forgot an essential thing :
    Please, note that there is a component for the Joomla CMS that wraps php-shell to enable users from a website design with Joomla to have access to php-shell within the interface !!!

  181. Rooftop » Friday shitlist: PHPShell:

    [...] I can’t decide which should be on my shit list: PHPShell or the staff member who installed it in his account with public access. [...]

  182. 777 - TYPO3forum.net:

    [...] permalink knnte es funktionieren die archive am server mit einem php-script wie phpshell zu entpacken? wrde der owner dann stimmen? wenn nicht, dann wende ich mich mal an meinem provider und hoffe, dass die helfen knnen… … gibt es irgendeinen trick mit dem ich doch ein deutsches backend bekommen knnte? der rest von typo3 scheint mit 16mb php limit gut zu funktionieren… … danke fr die hilfe! [...]

  183. Thierry Bothorel:

    well, just read all these 182 messages as well as sourceforge messages, no one with my problem :

    With Firefox 1.5.0.9 on linux, the browser simply close as soon as i tried to open phpshell.php on ovh.com. I tried with IE6 on windows and it WORKS ! It does not crash with FF if I open the file on my local web server. Any idea ?

    About PHP.Defash.B virus, just for fun I played with the archive and narrowed the warning down to the file and to the faulty line :

    file phpshell.php -> line 181 :

    } elseif (ereg(’^[[:blank:]]*cd[[:blank:]]+([^;]+)$’, $command, $regs)) {

  184. Thierry Bothorel:

    Well, is seems there is someting broken with my FF installation, I ran the same version from another linux computer with success. I even disabled all extensions.

  185. Martin Geisler:

    I don’t know about your Firefox problem — it seems to me that something strange is going on at your end, as you have also concluded.

    PHP Shell is a really simple script and it uses nothing fancy except for some mild JavaScript :-)

  186. Dan D:

    Hey, just thought I’d post another success story. I’ve saved myself $10 a month by not having a webhosting package with SSH access, since all I really need the shell for is the little things like “rm” and “tar”. This fits the bill perfectly and is a real time and money saver for me! I originally wrote a really basic php script with a form and exec() which worked ok, but this is way better!
    Thanks a bunch!
    Dan

  187. .:: Securnetwork.net Blog - Massimo Rabbi ::. » Know your Enemy: Web Application Threats:

    [...] Sul sito internet dell’Honeynet Project è comparso un interessantissimo articolo redatto da vari autori intitolato: Know your Enemy: Web Application Threats Using Honeypots to learn about HTTP-based attacks L’articolo può essere letto a partire da qui. Basato sui dati collezionati dal progetto e dall’analisi del malware incontrato, il paper delinea una serie di attacchi HTTP-based contro web applications e propone alcuni metodi per proteggere i web servers. Tra gli esempi inclusi: code-injection, remote code-injection, SQL injection, cross-site scripting e explotation dell’applicativo PHPShell. [...]

  188. Review do Freehostia, free web hosting de qualidade – RSS Feeds by Pedro Paulo:

    [...] para algumas tarefas de manutenção só está presente para usuários pagantes. Acredito que o PHP Shell possa resolver (parte d)este [...]

  189. Ant:

    Very nice, its beautiful lol, ive been looking for something like this for ages, but everything else was always too complex/error prone.

  190. magical14:

    just curious .. can i login as root using this amazing script?? :)

  191. Martin Geisler:

    magical14: only if you run your webserver as root (not recommended). PHP Shell doesn’t “log in”, it simply executes commands as the user under which PHP executes.

  192. David Heim:

    Thank you, Martin! Your tool is fantastic!

  193. dozens:

    Is there anyway to become a useful user with phpshell ? when I connect I am user “nobody” and can not do much.

  194. wale:

    please i need php mailer and shell who can help me contact with this email sth_swa@yahoo.com
    thanks

  195. wale:

    wat is this source use for

  196. febriansasi:

    Hi Martin, I’m using your phpshell script but still i cannot use ls and other command, it always ended like this
    $ ls
    /ls: not found
    $ cd /home
    chdir(): SAFE MODE Restriction in effect. The script whose uid is 1952 is not allowed to access /home owned by uid 0
    cd: could not change to: /home
    What’s the problem ? is it because Php safemode?
    Btw, I’m using a cgi-script who also gives shell, and now i’m still using it. But when i try your script, it seems promising, hope you can find how to settle this safe-mode stuff.
    Thanks.

  197. Martin Geisler:

    febriansasi: PHP Shell cannot do anything about safe-mode in PHP. It is a setting made by the administrator of the box, and all PHP scripts are restricted by it. Plain cgi-scripts have not such restrictions, as you have found out.

  198. Disaster recovery backup » GeoLand.org:

    [...] I usually do in this case is grab the database from within my control panel and use the excellent php-shell of Martin Geisler to zip the folder of the site and then download the zip file (using FTP) in one [...]

  199. century:

    interesting site

  200. links for 2007-04-24 · Mansoor Nathani’s Blog:

    [...] Martin Geisler Online » PHP Shell PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet connection, and to a lesser degree a SSH connection. (tags: php shell web remote) [...]

  201. Korben » Installer WP-Cache sans accès au shell:

    [...] bien trouvé un truc qui s’appelle PHPShell et qui sert à taper des lignes de commandes sur votre serveur comme si vous aviez ssh sous les [...]

  202. BLOG DE LA ComAO » Archive du blog » Installer WP-Cache sans accès au shell:

    [...] bien trouvé un truc qui s’appelle PHPShell et qui sert à taper des lignes de commandes sur votre serveur comme si vous aviez ssh sous les [...]

  203. 二黑的BLOG » PHP Shell:

    [...] PHPShell is a PHP script which allows shell commands to be executed on a web server. Typically the PHPShell script is protected by a password so only the server administrator can access it. We deployed honeypots that advertise an unrestricted PHPShell application, which attackers often tried to exploit. [...]

  204. village-idiot.org -- wp-cache and that symbolic link:

    [...] I decided to tackle the problem myself. What I came up with was a slightly modified version of PHP Shell, which will allow users to create the symbolic link via their [...]

  205. xenofiend:

    um, you mentioned that phpshell could do sudo, but mine won’t. here is a screen capture:

    $ sudo ls
    Password:
    $ junk
    sh: line 1: junk: command not found

    so how can I sudo if it won’t let me enter a password? (supposing I did know the password for user: www-data, which I don’t… but just suppose)

  206. akses ke shell server » TCP/IP == tEMPAT cARI(/iLMU) pENGETAHUAN:

    [...] terus gimana solusinya?,,,,aha ada kok?Untuk saat ini yang gw tahu yaitu make phpShell gampang ko [...]

  207. AltaGid:

    Hello! Help solve the problem.
    Very often try to enter the forum, but says that the password is not correct.
    Regrettably use of remembering. Give like to be?
    Thank you!

  208. Martin Geisler:

    AltaGid: I don’t understand what you’re talking about — there is no forum associated with PHP Shell, only this page where you can leave comments.

  209. ryan:

    im getting Forbidden
    You don’t have permission to access /test/phpshell.php on this server.
    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

    although i have filled out the config file and everything

  210. bello nurudeen owolabi:

    how can i get mailer and the script from you?…………..and how can i get hack shell
    from you

  211. I'm Not 1337, I Was Hacked Today at The Gong Show by Andrew Parker:

    [...] to browse my blog today and find that the background of the site was black and there was a PHP shell script located in my sidebar. See screenshots at the bottom of the [...]

  212. Roelof:

    Take a look at these pages:
    http://www.microsoft.com/technet/sysinternals/Utilities/PsTools.mspx

    You can run them with your tool and view for example with pslist.exe [name of program] if your program is running on the server.

    It works great since these tools allow you to send a username and password also.

  213. Valerie:

    I downloaded this, opened phpshell.php in notepad and immediately was greeted with a Trend Micro PC-cillin Internet Security notice:
    Real-time Protection has detected a virus, spyware, or other security risk, and performed the action specified.

    Detection name: TROJ_Generic.ADV

    Is this because of the nature of the script, or does it actually contain a trojan?

  214. Martin Geisler:

    It seems that some virus scanners flag the PHP Shell zip file. It was reported before (http://mgeisler.net/php-shell/#comment-8627) and I didn’t find anything wrong with the files back then.

    So I guess it’s because PHP Shell has been misused in the past to break into webservers. Sigh :-(

  215. hiutopor:

    Hello

    Very interesting information! Thanks!

    G’night

  216. How to get a shell when your Web hosting provider won't give you one. | zenlike.ca:

    [...] your web server supports php, you will be able to use PHP Shell described as “…a shell wrapped in a PHP script. It’s a tool you can use to execute [...]

  217. banon:

    i’m getting an error:

    $ dir
    sh: /dir: No such file or directory

    what can i do? 2 people before had some problem but i can’t see solution in comments here.
    thx in advance for reply:)

  218. BARTMAN227NJ:

    Yes so my organization has a site on ipoweweb and I have just taken over admin. As a person with a background in web admin on windows and unix I was flabbergasted that they did not offer shell(I asked)! Big time problem as default permissions on their server are 755 and this doesn’t fly…. I found this out when attempting to put up a joomla test site. There’s no easy way to do a chmod -f -R 777 * (for example). Even through FTP its not so easy and only goes to 1 level. Anyway with this script I was able to get the site to work by

    1)setting up a directory for the sh tool and then chmodding it 777. Also created a directory for my joomla stuff and chmod’d that 777.
    2)installing the tool securely into that directory.
    3)copying /bin/ls to my installation driectory and then chmodin’g it to 775
    4) uploading my joomla tar.gz file.
    5) gunziping and untarring the file in the desired subidr and then running chmod -f -R 777 * on that directory
    6) I then was able to config joomla very easily and I let it set permissions on the files for me.

    Also since they have permissions locked down on many system binaries, I did have to ‘roll my own’ over to get some things to work.

    THANKS for a very nice tool.

    -Bartman227nj
    PS I remove the tool when not needed so that no one can hack me.

  219. Phil:

    I’ve installed phpshell on my webhost and it works. My problem is I can’t figure out the directory path to my website. Is there a php command that would give me the path to where phpshell is located so I could get the basic path?

  220. Martin Geisler:

    Perhaps you can upload a script with only

    < ?php echo realpath('.'); ?>

    to your server. Running that should tell you the path on the server to the script. But normally that should not be necessary since PHP Shell starts in the directory you uploaded it to, and so you should be right where you want to be :-)

  221. Phil:

    Thanks,
    Is there a way to tell if php is locked by some method. I can do things like ls and cd, but when I try to execute php with a script, nothing happens.

  222. www.simonfella.de » Blog Archiv » PHP-Anwendungen individuell absichern:

    [...] über den Webspace, etwa die User-ID, lassen sich beispielsweise mit Zusatzprogrammen wie der PHPShell [...]

  223. Ausome1:

    This code is riddled with XSS holes and CSRF that can be use to get around the login with a little Social Engineering to a valid user. You need to sanitize you outputs. Here’s some examples. Put “alert(’xss’) in the username and hit enter. A little htmlentities on variables that you echo out might be nice. Also “” is a xss hole, it’s not sanitize. Instead use “” because the constant FILE isn’t injectable. Also I would suggest adding tokens to your forms to make sure the request is coming from the script and not from some remote script with evil intentions. Read up on CSRF (cross site request forgeries). Chris Schifflet has a good article on how it works and the fix. http://shiflett.org/articles/cross-site-request-forgeries. Also, may I suggest, if you would like to learn some more about php flaws, I deal with some more like path discloser vulns, sql injections, etc .. on my site at http://www.enigmagroup.org with live challenges on how they work, so you can see the vulns in action.

  224. Ausome1:

    Looks like my comment got filtered on the use of basename and the constant __ FILE __

  225. Ausome1:

    Lets try again. $SERVER['PHP_SELF'] isn’t sanitized in this script use basename ( _ FILE __ ) instead without all the spaces.

  226. Martin Geisler:

    Hi Ausome1! Thanks for your comments. I’m sure you’re right when you say that there are cross site scripting holes in PHP Shell since I haven’t thought of them when I wrote the script. But does it matter? Isn’t PHP Shell one big security hole anyway? :-)

    I think that PHP Shell is something you upload to your server, then to do whatever maintenance work it can help you with and then you move it out of the document root or simply delete it.

    I am not actively developing PHP Shell and I have had SSH access to all my webserver for some time, so I am not even using it any more. If you would like to help out, then please join the project on SourceForge. I can give you SVN access if you mail me your username. I would love to hand this project over to someone else, especially someone who is more interested in the latest on web vulnerabilities than I am.

    Oh, and I’m sorry that some stuff was filtered from your first comment — they are formatted with Markdown.

  227. Xavier:

    Very cool stuff !
    Only few buttons missing : ’session_destroy’ and ‘clear screen’
    All the activity is logged in the sessions file on the server, isn’t it ?

  228. Martin Geisler:

    Xavier: you’re right, everything is saved in the session on the server. This is rather bad if you have a long session since more and more data is being sent back and forth… I suggest closing the browser if this becomes a problem :-)

  229. Php İle Alternatif *nix Shell | Açık kaynak ve kişisel tecrübeler:

    [...] pek anlamıyorken esaslı bir araştırma yapmıştım, en sonunda php tabanlı bir scripti buldum. Bu script sayesinde herhangi bir program yüklemeden shell hizmetini kullanılabiliyormuşuz fakat bilmeniz [...]

  230. Exploit Hunter:

    Hllo There ,Really It’s a nice Php Shell
    Good Luck All :)
    Best Wiches
    MaLaZ

  231. Lamiuks:

    Ok im having a weird problem? What does it means i cant write it i will just post links to photos.
    1. http://www.ipix.lt/out.php/i359125_untitled.JPG
    2. http://www.ipix.lt/out.php/i359128_untitled2.JPG
    Please help me to fix this problem i really need php-shell to work!!!
    Thank you verry much.

  232. Martin Geisler:

    Lamiuks: I think the pictures show that PHP is not running on your server, otherwise you wouldn’t see PHP code in the browser.

    You can always make a small file with just the line “< ?php phpinfo(); ?>” in it. Save that to test.php and load it in your browser. You should see a page with lots of PHP information — if not, then PHP is not installed properly.

  233. Lamiuks:

    Omg thnks man i forgot to install it LOL :D

  234. Lamiuks:

    Ou one more question when im executing trough Firefox a launching command its reaaly lags ang nothing happends its just writting- Waiting… and lags alot and nothing happens what i need to do? Maybe dont use firefox something other?

  235. Lamiuks:

    Its allways like this and im waiting alot http://www.ipix.lt/out.php/i360714_lag.JPG sorry for double comment.

  236. Lamiuks:

    Same in the internet explorer this image will tell you everything if dont understand what im talking about im just whanna launch some stuff and waiting alot the pages not refreshes and etc…
    http://www.ipix.lt/out.php/i360732_lag2.JPG

  237. Martin Geisler:

    I am sorry, but I have no idea why it would lag… When your command is finished, the output is shown, it is as simple as that.

  238. Lamiuks:

    Yes but i waited about ~1h and same lag… No output…

  239. Martin Geisler:

    Well, I don’t know the reason — I have never seen or heard of it before.

  240. chown -R ZeIT:TeAM blog.zeit.ro | chown -R ZeIT:TeAM blog.zeit.ro:

    [...] SSH you may think you’ll have trouble executing commands on the hosted server. Not so — PHP Shell allows execution of some commands without having SSH access to the LAMP [...]

  241. PHP Shell, for secure remote access when SSH isn’t available | Computers:

    [...] SSH you may think you’ll have trouble executing commands on the hosted server. Not so — PHP Shell allows of some commands without having SSH access to the LAMP [...]

  242. PHP Shell, for secure remote access when SSH isn’t available | Development Feeds:

    [...] SSH you may think you’ll have trouble executing commands on the hosted server. Not so — PHP Shell allows execution of some commands without having SSH access to the LAMP [...]

  243. PHP Shell, alternatif akses shell tanpa SSH : Indonesia Free Open Source Software:

    [...] anda ingin mengakses server via command line namun tidak memiliki akses SSH, mungkin PHP Shell patut dicoba. PHP Shell adalah script sederhana berbasis open source utk mengakses command line [...]

  244. IronLinux.org » PHP Shell, for secure remote access when SSH isn’t available:

    [...] SSH you may think you’ll have trouble executing commands on the hosted server. Not so — PHP Shell allows execution of some commands without having SSH access to the LAMP [...]

  245. Aldi:

    Is there any full .htaccess file so phpshell works on safe mode?

    Thank you

  246. Martin Geisler:

    @245: no, that would be a bug in PHP…

  247. PHP Shell -:

    [...] para ejecutar comandos en el server para hacer tu tarea diaria mas facil sin embargo tenemos  PHP Shell que permite la ejecucion de comandos sin acceso SSH al server podria ser usado para descomprimir [...]

  248. Ubergamer:

    Hello Im am Using UrPHP Shell but im having problems i would really liketo talk to you via email or sumthing :D hit me back

  249. Martin Geisler:

    @248: People often have problems with PHP Shell because their administrator has configured the webserver to deny access to it (PHP Shell is a potential back-door into the server…).

    If you get unexplained “500 Internal Error” messages, then you can always try renaming phpshell.php to something else, but you should really talk to your sysadmin to see if you can run a (properly secured) PHP Shell.

  250. WC Leung:

    Thanks for the interesting script. I’ll try it to delete files created by ‘apache’ - can’t do that in any other way since I’m not the administrator of the system!

  251. DKNY:

    I’m having the same problem and as #221 above: for some reason I can’t run any php scripts using PHPShell. ls, cd, perl and other commands work ok, but if I try a simple “php –version”, the whole thing gets stuck and no output is provided.
    Any ideas?

    Other than that - great tool. Thanks, Martin.

  252. kangkenyot:

    Reading comment from from Ausome1 and replied by Marting, i enjoy and learning much more from this page. Thanks for both and ready to stop by on Ausome1’s page.

  253. Mohmmad Ali:

    Dear its nice but please tell me can i telnet,ssh throgh this php shell yes or not and please tell me how i can call command shell in web page.

  254. hadi:

    hi martin, i havent tested your php shell,but i wanna ask something first…
    i want to run my snm thru command prompt, the program will not be stop (because it’s always looping in 5 minutes) and i have to press ctrl^ C to stop it….is it be done with php shell ?

    thanks
    /hadi

  255. Martin:

    No, you cannot provide inputs to a program started with PHP Shell — so you cannot do SSH or telnet or Control-C. It is for non-interactive programs only.

  256. matt:

    Thanks for the awesome script. It makes my life much easier.

    One security issue, in my humble opinion, is that it allows people to pound the server with username/password combos trying to brute force it. I modified the script just a bit to lock a user out after 10 consecutive bad attempts and lock the script entirely after 100 consecutive bad login attempts. Are you interested in putting a functionality like this into the main package? If so, I’ll write a patch. It would probably be the kind of thing to leave off by default and enable in config.php

    Take care,
    -mat

  257. Martin Geisler:

    @matt: cool that you have extended PHP Shell! I am not using PHP Shell any more, so if you are interested in developing it further, then please join the SourceForge project: http://sourceforge.net/projects/phpshell/. If you tell me your SourceForge login I can give you SVN access.