PHPShell - Access Shell on a FTP Account

One of the most annoying things to any Webmaster or end user that is allotted space on a hosted server is not having shell access. I can think of countless legitimate reasons why a user would need to access his shell and besides, he is paying for it! This issue is most prevalent in the web hosting industry, as they have made it almost standard operating procedure to restrict access down to FTP and maybe provide a low grade GUI control panel. Because most of us need to have a lot more flexibility than this I decided to write a script to take advantage of my hosted web servers PHP environment and create a program that will run with my credentials and pass commands directly to the shell.

What does all this mean? Well if you have a hosted web server and only have FTP access to it, this PHP script will partially emulate you being directly at the command line. In this tutorial I will briefly dissect my script and explain various functions within it. At the end of this page you can download the completed PHP script directly and upload it right to your server.

PHPShell v1.0b

Purpose: To execute shell commands on a hosted account or similar where you only have FTP access.

Requirements: PHP environment with a web server, i.e. PHP with Apache (httpd). This script is confirmed to work on most Windows boxes with the PHP environment installed. Note: This script might fail completely if the hosted server has certain access controls enabled like SELinux!

Usage: Upload to your user directory, set permissions to 744, and run as a normal php script. i.e. www.yoursite.com/phpshell.php.

Note: Some commands may not process properly and will return a blank screen, possibly because of PHP timing out or unsupported output. Working on this, remember this is still beta!

Caution! Do not leave this script on a publicly accessible web server, this script runs with the same privileges that you have so do not leave it for someone else to use.

Anatomy of the script:

1. We have a basic html form that submits to a PHP script, which happens to be itself.

<form method="post" action="<?php echo $PHP_SELF;?>">
Enter Command: <input type="text" name="command" style="width:300px;"> <input type="submit" value="Enter" name="submit">

2. When a command is submitted through the form it is then stored in a variable called $command.

$command = $_POST["command"];

3. We then check if the variable $command holds some value then pass it off to the PHP “exec” function. This function in turn processes the command on the server and stores the output in an array, which is held in the variable “$output”. The array is looped through and printed to the screen.

if ($command)
{
exec ("$command", $output);
foreach ($output as $text) {
print $text."<br>";
}
}

4. I’m sure if you look through the full code you will see a lot of CSS, this is not necessary but I was going for a green on black terminal look.

Download The Script!
http://www.beyondthebit.com/files/downloads/phpshell.zip

Further: Since this script is still in beta I cant fully illustrate all of its functionality or potential so I will have to rely on you, the community for feedback and requests. So please tell me what you think here and we’ll help you out the best we can.

R00tk1ll | BeyondTheBit