It appears that your browser does not support JavaScript, or you have it disabled. This site is best viewed with JavaScript enabled.
 
Products
In addition to a broad range of customized services, we have a number of quality offerings for businesses large and small: TrollDrum»   FreqLoader»   Contest management »   Voice messaging »   Shipping »   XML parsing »   VoiceXML browser »   Mail hosting »   RPM creation » Error Log browser » PHP Shell access »
The Frontal lobes
The frontal Lobes - and the Psychogenic team - are involved in planning, organizing and problem solving.
More »
 :: Feedback :: 

Absolutely fantastic work - I have no hesitation in recommending psychgenic to other people and will certainly be using them regularly from now on. Not does it function perfectly, but it looks cool too.

Andrew Connor
NetwealthCreator
Website »

All Feedbacks
:: Featured Project ::
Click HERE for more

PHPsh: Simple web based shell access to your server

It can be very annoying when you are restricted to FTP access--how can you find out the full path to a directory, or perform a command line SQL dump when you're trapped in the limited, chrooted environment provided by an FTP server? PHPsh (PHP shell) allows you to have shell commands run on your behalf by any webserver which serves PHP pages. It solves these issues and more, allowing you to tap into the power of any Unix (Linux, BSD, etc.) server!

PHPsh was designed to allow developers, webmasters and sysadmins a quick and easy remedy to those situations in which it would be so easy to solve a problem or answer a question with shell access but a pointy-haired hosting company thinks shell access is only useful for crackers... while simultaneously allowing anyone with FTP access the right to run arbitrary commands through CGI or PHP (doh!).

Contents

What PHPsh is and is not
How to install and use PHPsh
Important security considerations
License and conditions (read before using)
Downloads
Tips & tricks

What is PHPsh?

PHPsh is:

  • A simplified version of sh or the bash shell, that allows you to execute arbitrary commands, remotely, through PHP
  • A handy way to run simple commands and maintain a history of executed commands
  • A helpful environment that allows you to browse the filesystem and fetch or upload files
  • PHPsh is freely available for personal or professional use.

What PHPsh is not:

  • PHPsh is not an interactive shell. It accepts commands, executes them and returns the output. It can not maintain interactive sessions, so you can't run vi or any program that expects command line input.
  • PHPsh does little to enforce security. It provides an I.P. based access control, and leaves privacy protection up to you (i.e. you'd better run it through an SSL encrypted link). Read the security notes and use it wisely.
  • PHPsh is not GPLed. The source is available and you can play with it as much as you like, but there are a few conditions that apply if you want to use it. Read the license.

Using PHPsh

Using PHPsh is straightforward. Download a local copy and untar it (it is tarred and bz2 compressed -- even winzip should know how to deal with these), and enter the phpsh-X.Y.Z directory.

Upload the phpsh.php file to your webserver, using FTP or whatever means is provided, and access the corresponding URL, e.g https://www.example.com/phpsh.php.

If you haven't correctly set your IP address within the file's configuration, you will get a message to that effect along with your current I.P. address. Edit your local copy of phpsh.php and change:

	$MyIPAddress = '127.0.0.1'; 

to reflect your actual I.P. address, e.g.

	$MyIPAddress = '192.168.89.230';
and upload the newly configured version of the script.

When you access the web interface, you interact with one of (up to) six zones. These are:

  1. The output of the last executed command appears here.
  2. Enter your shell commands in this text field.
  3. Your command history appears here. Hit the "TAB" button to move the focus to this field, and use the up and down arrows to navigate your history. Selecting a line and hitting <Enter> will run that command.
  4. This area displays the contents of the current directory. The program begins in the install directory, but using the "cd" command to change directory will move you to the new location for the duration of the session (or until you enter another "cd").
    Files and directories which are accessible by the webserver user will have links. Clicking on a directory has the same effect and "cd"ing (moving) into the directory, while clicking on a file will load that file in another window.
  5. If the user has write access to the directory (i.e. the webserver can create files in the current directory), then this upload field will allow you to put files onto the server.
  6. By default, command output is HTML-escaped (HTML characters, like <, are encoded so they don't interfere with your browser output). You can turn this off to view the output of commands or the contents of files raw -- though this may break the display in certain instances.

Security Considerations

This program can be very usefull on hosts that do not allow regular (SSH) shell access. However, it does provide potentially easy access to sensitive information -- there are a few things to keep in mind when using it.

  • It is web-based and potentially provides anyone with access with a great deal of information and access to the system internals. In order to keep your servers safe, you MUST correctly set and maintain the 'allowedIPs' configuration directive. You should consider uploading the program (e.g. through FTP) to your server before each use, and removing it when you are done, each time in order to prevent a stale configuration from giving an unauthorized user access.
  • If you can, install and access the script through an SSL encrypted channel (https://www.example.com/phpsh.php)
  • Commands are run by the webserver and execute with its priveleges This means you won't have all your regular rights (e.g. you can't write files to certain directories, etc.) but you will have read permissions to all files the webserver can serve up. Use this access responsibly and protect it carefully.
  • A number of configuration settings are available within the $PHPshConfig associative array, in the source code. Read the comments.

License and Conditions of use

This program is freely available but may only be used if you accept the following terms and conditions.

 You may use and modify this Program for personal or 
 professional activities under the following four (4) 
 conditions:
 
  1) You do not modify the licensing terms or copyright notices,
 including those visible on the program's output (page footer, 
 etc.).

  2) You do not redistribute this Program but instead refer 
 any other users to the PHPsh homepage 
 (http://www.psychogenic.com/en/products/PHPsh.php).

  3) You only use this software to access data and perform 
 activities for which you have legal rights (be nice).

  4) You read and accept the following "NO WARRANTY" clause:
  BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER 
 EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  
 THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 
 IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST 
 OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
 
  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY, BE LIABLE
 TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR 
 CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
 PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
 INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF
 THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER 
 OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES

 Any attempt otherwise to use, modify or distribute the Program is void, 
 and will automatically terminate your rights under this License.

Downloads

If you've actually read and agreed to the license terms above, then enjoy using this copy of PHPsh.

Tips & Tricks

There are a few ways you can make using PHPsh more enjoyable.

  • Directory shortcuts. As with many shells, issuing a "cd ~" (cd and tilde, or "squiggle") will return you to your home directory (the PHP script's install dir). Entering "cd -" (cd and dash) will return you to your previous working directory.
  • Command shortcuts. If you use certain strings of commands repeatedly, for instance you might enter
    	ls -F -lth | head
    
    to view details concerning the most recently modified files in a directory, then you can create an alias for this command within the $PHPshConfig array in the phpsh.php source code.
    Choose a short name for the command and add it to the $PHPshConfig['aliases'] associative array, e.g.:
    	'lh'	=> 'ls -F -lth | head ',
    
    From this point on, you will be able to substitute the shortcut for the wordy command. In our example, you could enter:
    	lh -30
    
    to list the 30 most recent files (as it's equivalent to running "ls -F -lth | head -30").
  • Page styles. Some command outputs are automatically highlighted. This is controlled by the $PHPshConfig enableformatting and formatcommandoutput entries. You can change the styles associated with these through the in-page CSS stylesheet (near the bottom of the source code, between the <style> tags).

« Go back

 :: About :: 

The frontal lobes
The frontal lobes are considered our emotional control center and home to our personality. [They] are involved in motor function, problem solving, spontaneity, memory, language, initiation, judgement, impulse control, and social and sexual behavior. [+]

Pssst...
Do not hesitate to contact us if you wish to get a quote on an installation or customization of any of our products :-D
Site under construction...
Version franĉaise English Version
Copyright © 2000-2003 Psychogenic inc. All Rights Reserved.