xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
添加工具English Version


工具大小:6719 Bytes
文件MD5 :539baa0d39a9cf3c64d65ee7a8738620

README for PhpShell 2.0
Copyright (C) 2000-2004 Martin Geisler <gimpster@gimpster.com>
Licensed under the GNU GPL.  See the file COPYING for details.

What is PhpShell?
PhpShell is a shell wrapped in a PHP script.  It's a tool you can use
to execute arbitrary shell-commands or browse the filesystem on your
remote webserver.  This replaces, to a degree, a normal
telnet-connection.  You can use it for transferring your site as a
compressed file, and then unpack it on the webserver, administration
and maintenance of your website using commands like ps, free, du, df

There are some limitations on what kind of programs you can run.  It
won't do no good if you start something like Netscape or even vi.  All
programs have to be strictly command-line programs, and they will have
no chance of getting user input after they have been lunched.  They
probably also have to terminate within 30 seconds, as this is the
default time-limit imposed unto all PHP scripts, to prevent them from
running in an infinite loop.  Your ISP may have set this time-limit to
something else.

But you can rely on all the normal shell-functionality, like pipes,
output and input redirection, etc...  (There is no <tab>-completion,
though :-)

Safe Mode
If PHP is running in Safe Mode, then you cannot use PhpShell ---
sorry.  Safe Mode restricts the commands that can be executed using
the shell_exec() call in PHP, and it also restricts the files and
directories that can be accessed using other calls in PHP.

The effect is, that PhpShell simply doesn't work --- you cannot
change directory and you cannot execute any commands.

Safe Mode is often used on servers that host several websites for
different users to limit the users ability to peek at each others

Who am I?
(Well, my name is Martin, but that's not the point :-)

You may not be the same user when using PhpShell, as you are when you
upload your files with ftp.  On some systems you will be 'nobody', on
other systems you will become 'httpd' or 'www-data'.  This is a rather
dangerous "feature" of PhpShell! So use it at your own risk and
remember to choose a good password as described in the INSTALL file.

If you want to execute code as different user, then it's possible to
do so by using the Sudo program available from this address:


The trick is to configure Sudo to allow the user running the webserver
to execute certain commands as a more privileged user.  Please refer
to the documentation for Sudo for further information about doing

How to Use It
When you point your browser at PhpShell and types in your password
(see the file INSTALL for more information on how to change the
password), you'll be presented with a rather simple page containing
nothing much except a big window with the cursor blinking at the
bottom, signaling that it's ready to obey your commands.

Write a command and press RET --- or alternatively, press the 'Execute
Command' button if you insist.  The command will be executed and the
result will be shows in the terminal.  You can now enter another

To be more precise: the terminal is updated with the command line you
have just executed, the output of the command to standard out (stdout)
and following that any error output sent to stderr.

The commands are executed relative to a current working directory,
which is written at the top.  You change this by the normal 'cd'

You can download PhpShell from http://www.gimpster.com/wiki/PhpShell.
The tarball/zipfile contains these files:

  This is the script you run when you use PhpShell.

  This file describe the changes I've made to PhpShell.  By reading
  it you'll always know when I've added a new feature or made a
  bugfix, and the nature of the feature/bugfix.

  This file :-)

  Tells you how to install PhpShell.  Amoung other things, it
  explains how to change the password protection so that you can use

  Remember that it's very important to have PhpShell password
  protected, or else everybody will be able so snoop into your files
  and perhaps also be able to delete them!  I've already seen one site
  that were using PhpShell without password-protection --- I was able
  so quickly find their config.inc.php file from phpMyAdmin, and read
  the password to the database!  So please take the time to protect

  Standard GNU disclaimer.

>> 下载 <<