Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

#!/usr/local/bin/php-cgi -f <?php /* * pfSsh * * part of pfSense (https://www.pfsense.o..

Decoded Output download

#!/usr/local/bin/php-cgi -f
<?php
/*
 * pfSsh
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2004-2013 BSD Perimeter
 * Copyright (c) 2013-2016 Electric Sheep Fencing
 * Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

require_once("globals.inc");
if ($argc < 2) {
	echo "Starting the {$g['product_label']} developer shell";
}
require_once("functions.inc");
if ($argc < 2) {
	echo ".";
}
require_once("config.inc");
if ($argc < 2) {
	echo ".";
}
require_once("util.inc");
if ($argc < 2) {
	echo ".";
}

$shell_cmds = array("alias", "alloc", "bg", "bind", "bindkey", "break",
	 "breaksw", "builtins", "case", "cd", "chdir", "command", "complete", "continue", "default",
	 "dirs", "do", "done", "echo", "echotc", "elif", "else", "end", "endif", "endsw", "esac", "eval",
	 "exec", "exit", "export", "false", "fc", "fg", "filetest", "fi", "for", "foreach", "getopts",
	 "glob", "goto", "hash", "hashstat", "history", "hup", "if", "jobid", "jobs", "kill", "limit",
	 "local", "log", "login", "logout", "ls-F", "nice", "nohup", "notify", "onintr", "popd",
	 "printenv", "pushd", "pwd", "read", "readonly", "rehash", "repeat", "return", "sched", "set",
	 "setenv", "settc", "setty", "setvar", "shift", "source", "stop", "suspend", "switch",
	 "telltc", "test", "then", "time", "trap", "true", "type", "ulimit", "umask", "unalias",
	 "uncomplete", "unhash", "unlimit", "unset", "unsetenv", "until", "wait", "where", "which",
	 "while");

function pipe_cmd($command, $text_to_pipe) {
	$descriptorspec = array(
		0 => array("pipe", "r"),  // stdin
		1 => array("pipe", "w"),  // stdout
		2 => array("pipe", "w")); // stderr ?? instead of a file

	$fd = proc_open("$command", $descriptorspec, $pipes);
	if (is_resource($fd)) {
		fwrite($pipes[0], "{$text_to_pipe}");
		fclose($pipes[0]);
		while ($s= fgets($pipes[1], 1024)) {
			// read from the pipe
			$buffer .= $s;
		}
		fclose($pipes[1]);
		fclose($pipes[2]);
	}
	return $buffer;
}

if (!function_exists("readline")) {
	function readline() {
		$fp = fopen('php://stdin', 'r');
		$textinput = chop(fgets($fp));
		fclose($fp);
		return $textinput;
	}
}

function more($text, $count=24) {
	$counter=0;
	$lines = explode("
", $text);
	foreach ($lines as $line) {
		if ($counter > $count) {
			echo "Press RETURN to continue ...";
			$fp = fopen('php://stdin', 'r');
			$pressreturn = chop(fgets($fp));
			if ($pressreturn == "q" || $pressreturn == "quit") {
				return;
			}
			fclose($fp);
			$counter = 0;
		}
		echo "{$line}
";
		$counter++;
	}
}

function show_help() {
	global $g;

$show_help_text = <<<EOF

	Enter a series of commands and then execute the set with "exec".

	For example:
	echo "foo"; // php command
	echo "foo2"; // php command
	! echo "heh" # shell command
	exec

	Example commands:

	record <recordingfilename>
	stoprecording
	showrecordings

	config_read_file();  # reloads the config array

	\$temp = print_r(config_get_path(''), true);
	more(\$temp);

	/* to output a configuration array */
	print_r(config_get_path(''));

	/* to output the interfaces configuration portion of config.xml */
	print_r(config_get_path('interfaces'));

	/* to output the dhcp server configuration */
	print_r(config_get_path('dhcpd'));

	/* to exit the {$g['product_label']} developer shell */
	exit

	/* to output supported wireless modes for an interface */
	print_r(get_wireless_modes(\"ath0\"));

	/* to enable SSH */
	config_set_path('system/ssh/enable', "enabled");

	/* change OPTX to the OPT interface name such as BACKHAUL */
	config_set_path('interfaces/optx/wireless/standard', "11a");
	config_set_path('interfaces/optx/wireless/mode', "hostap");
	config_set_path('interfaces/optx/wireless/channel', "6");

	/* to enable dhcp server for an optx interface */
	config_set_path('dhcpd/optx/enable', true);
	config_set_path('dhcpd/optx/range/from', "192.168.31.100");
	config_set_path('dhcpd/optx/range/to', "192.168.31.150");

	/* to disable the firewall filter */
	config_set_path('system/disablefilter', true);

	/* to enable an interface and configure it as a DHCP client */
	config_set_path('interfaces/optx/disabled', false);
	config_set_path('interfaces/optx/ipaddr', "dhcp");

	/* to enable an interface and set a static IPv4 address */
	config_set_path('interfaces/wan/enable', true);
	config_set_path('interfaces/wan/ipaddr', "192.168.100.1");
	config_set_path('interfaces/wan/subnet', "24");

	/* to save out the new configuration (config.xml) */
	write_config();

	/* to reboot the system after saving */
	system_reboot_sync();

EOF;

	more($show_help_text);

}

$fp = fopen('php://stdin', 'r');

if ($argc < 2) {
	echo ".

";
}

$pkg_interface='console';

$shell_active = true;
$tccommands = array();

function completion($string, $index) {
	global $tccommands;
	return $tccommands;
}

readline_completion_function("completion");

function get_playback_files() {
	$playback_files = array();
	$files = scandir("/etc/phpshellsessions/");
	foreach ($files as $file) {
		if ($file <> "." && $file <> "..") {
			$playback_files[] = $file;
		}
	}
	return $playback_files;
}

if ($argc < 2) {
	echo "Welcome to the {$g['product_label']} developer shell
";
	echo "
Type \"help\" to show common usage scenarios.
";
	echo "
Available playback commands:
     ";
	$tccommands[] = "playback";
	$playback_files = get_playback_files();
	foreach ($playback_files as $pbf) {
		echo "{$pbf} ";
		if (function_exists("readline_add_history")) {
			readline_add_history("playback $pbf");
			$tccommands[] = "$pbf";
		}
	}
	echo "

";
}

$recording = false;
$playback_file_split = array();
$playbackbuffer = "";

if ($argv[1]=="playback" or $argv[1]=="run") {
	if (empty($argv[2]) || !file_exists("/etc/phpshellsessions/" . basename($argv[2]))) {
		echo "Error: Invalid playback file specified.

";
		show_recordings();
		exit(-1);
	}
	playback_file(basename($argv[2]));
	exit;
}

// Define more commands
$tccommands[] = "exit";
$tccommands[] = "quit";
$tccommands[] = "?";
$tccommands[] = "exec";
$tccommands[] = "stoprecording";
$tccommands[] = "showrecordings";
$tccommands[] = "record";
$tccommands[] = "reset";
$tccommands[] = "master";
$tccommands[] = "RELENG_1_2";

while ($shell_active == true) {
	$command = readline("{$g['product_label']} shell: ");
	readline_add_history($command);
	$command_split = explode(" ", $command);
	$first_command = $command_split[0];
	if ($first_command == "playback" || $first_command == "run") {
		$playback_file = $command_split[1];
		if (!$playback_file || !file_exists("/etc/phpshellsessions/{$playback_file}")) {
			$command = "";
			echo "Could not locate playback file.
";
		} else {
			$command = "";
			echo "
Playback of file {$command_split[1]} started.

";
			playback_file("{$playback_file}");
			continue;
		}
	}
	if ($first_command == "exit" or $first_command == "quit") {
		die;
	}
	if ($first_command == "help" or $first_command == "?") {
		show_help();
		$playbackbuffer = "";
		continue;
	}
	if ($first_command == "exec" or $first_command == "exec;") {
		playback_text($playbackbuffer);
		$playbackbuffer = "";
		continue;
	}
	if ($first_command == "stoprecording" || $first_command == "stoprecord" || $first_command == "stop") {
		if ($recording) {
			fwrite($recording_fd, $playbackbuffer);
			fclose($recording_fd);
			$command = "";
			echo "Recording stopped.
";
			$recording = false;
		} else {
			echo "No recording session in progress.
";
			$command = "";
		}
	}
	if ($first_command == "showrecordings") {
		show_recordings();
		$command = "";
	}
	if ($first_command == "reset") {
		$playbackbuffer = "";
		echo "
Buffer reset.

";
		continue;
	}
	if ($first_command == "record") {
		if (!$command_split[1]) {
			echo "usage: record playbackname
";
			echo "	playbackname will be created in /etc/phpshellsessions.
";
			$command = "";
		} else {
			/* time to record */
			safe_mkdir("/etc/phpshellsessions");
			$recording_fn = basename($command_split[1]);
			$recording_fd = fopen("/etc/phpshellsessions/{$recording_fn}","w");
			if (!$recording_fd) {
				echo "Could not start recording session.
";
				$command = "";
			} else {
				$recording = true;
				echo "Recording of {$recording_fn} started.
";
				$command = "";
			}
		}
	}
	$playbackbuffer .= $command . "
";
}

function show_recordings() {
	echo "==> Sessions available for playback are:
";
	$playback_files = get_playback_files();
	foreach (get_playback_files() as $pbf) {
		echo "{$pbf} ";
	}
	echo "

";
	echo "==> end of list.
";
}

function returnlastchar($command) {
	$commandlen = strlen($command);
	$endofstring = substr($command, ($commandlen-1));
	return $endofstring;
}

function returnfirstchar($command) {
	$commandlen = strlen($command);
	$endofstring = substr($command, 0, 1);
	return $endofstring;
}

function str_replace_all($search,$replace,$subject) {
	while (strpos($subject,$search)!==false) {
		$subject = str_replace($search,$replace,$subject);
	}
	return $subject;
}

function playback_text($playback_file_contents) {
	$playback_file_split = explode("
", $playback_file_contents);
	$playback_text  = "require_once('functions.inc');
";
	$playback_text .= "require_once('globals.inc');
";
	$playback_text .= "require_once('config.inc');
";
	$toquote = '"';
	$toquotereplace = '\"';
	foreach ($playback_file_split as $pfs) {
		$firstchar = returnfirstchar($pfs);
		$currentline = $pfs;
		if ($firstchar == "!") {
			/* XXX: encode " in $pfs */
			$pfsa = str_replace($toquote, $toquotereplace, $currentline);
			$playback_text .= str_replace("!", "system(\"", $pfsa) . "\");
";
		} else if ($firstchar == "=") {
			/* XXX: encode " in $pfs */
			$pfsa = str_replace($toquote, $toquotereplace, $currentline);
			$currentline   .= str_replace("!", "system(\"", $pfsa) . "\");
";
		} else {
			$playback_text .= $pfs . "
";
		}
	}
	eval($playback_text);
}

function playback_file($playback_file) {
	$playback_file_contents = file_get_contents("/etc/phpshellsessions/{$playback_file}");
	playback_text($playback_file_contents);
}

?>

Did this file decode correctly?

Original Code

#!/usr/local/bin/php-cgi -f
<?php
/*
 * pfSsh
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2004-2013 BSD Perimeter
 * Copyright (c) 2013-2016 Electric Sheep Fencing
 * Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

require_once("globals.inc");
if ($argc < 2) {
	echo "Starting the {$g['product_label']} developer shell";
}
require_once("functions.inc");
if ($argc < 2) {
	echo ".";
}
require_once("config.inc");
if ($argc < 2) {
	echo ".";
}
require_once("util.inc");
if ($argc < 2) {
	echo ".";
}

$shell_cmds = array("alias", "alloc", "bg", "bind", "bindkey", "break",
	 "breaksw", "builtins", "case", "cd", "chdir", "command", "complete", "continue", "default",
	 "dirs", "do", "done", "echo", "echotc", "elif", "else", "end", "endif", "endsw", "esac", "eval",
	 "exec", "exit", "export", "false", "fc", "fg", "filetest", "fi", "for", "foreach", "getopts",
	 "glob", "goto", "hash", "hashstat", "history", "hup", "if", "jobid", "jobs", "kill", "limit",
	 "local", "log", "login", "logout", "ls-F", "nice", "nohup", "notify", "onintr", "popd",
	 "printenv", "pushd", "pwd", "read", "readonly", "rehash", "repeat", "return", "sched", "set",
	 "setenv", "settc", "setty", "setvar", "shift", "source", "stop", "suspend", "switch",
	 "telltc", "test", "then", "time", "trap", "true", "type", "ulimit", "umask", "unalias",
	 "uncomplete", "unhash", "unlimit", "unset", "unsetenv", "until", "wait", "where", "which",
	 "while");

function pipe_cmd($command, $text_to_pipe) {
	$descriptorspec = array(
		0 => array("pipe", "r"),  // stdin
		1 => array("pipe", "w"),  // stdout
		2 => array("pipe", "w")); // stderr ?? instead of a file

	$fd = proc_open("$command", $descriptorspec, $pipes);
	if (is_resource($fd)) {
		fwrite($pipes[0], "{$text_to_pipe}");
		fclose($pipes[0]);
		while ($s= fgets($pipes[1], 1024)) {
			// read from the pipe
			$buffer .= $s;
		}
		fclose($pipes[1]);
		fclose($pipes[2]);
	}
	return $buffer;
}

if (!function_exists("readline")) {
	function readline() {
		$fp = fopen('php://stdin', 'r');
		$textinput = chop(fgets($fp));
		fclose($fp);
		return $textinput;
	}
}

function more($text, $count=24) {
	$counter=0;
	$lines = explode("\n", $text);
	foreach ($lines as $line) {
		if ($counter > $count) {
			echo "Press RETURN to continue ...";
			$fp = fopen('php://stdin', 'r');
			$pressreturn = chop(fgets($fp));
			if ($pressreturn == "q" || $pressreturn == "quit") {
				return;
			}
			fclose($fp);
			$counter = 0;
		}
		echo "{$line}\n";
		$counter++;
	}
}

function show_help() {
	global $g;

$show_help_text = <<<EOF

	Enter a series of commands and then execute the set with "exec".

	For example:
	echo "foo"; // php command
	echo "foo2"; // php command
	! echo "heh" # shell command
	exec

	Example commands:

	record <recordingfilename>
	stoprecording
	showrecordings

	config_read_file();  # reloads the config array

	\$temp = print_r(config_get_path(''), true);
	more(\$temp);

	/* to output a configuration array */
	print_r(config_get_path(''));

	/* to output the interfaces configuration portion of config.xml */
	print_r(config_get_path('interfaces'));

	/* to output the dhcp server configuration */
	print_r(config_get_path('dhcpd'));

	/* to exit the {$g['product_label']} developer shell */
	exit

	/* to output supported wireless modes for an interface */
	print_r(get_wireless_modes(\"ath0\"));

	/* to enable SSH */
	config_set_path('system/ssh/enable', "enabled");

	/* change OPTX to the OPT interface name such as BACKHAUL */
	config_set_path('interfaces/optx/wireless/standard', "11a");
	config_set_path('interfaces/optx/wireless/mode', "hostap");
	config_set_path('interfaces/optx/wireless/channel', "6");

	/* to enable dhcp server for an optx interface */
	config_set_path('dhcpd/optx/enable', true);
	config_set_path('dhcpd/optx/range/from', "192.168.31.100");
	config_set_path('dhcpd/optx/range/to', "192.168.31.150");

	/* to disable the firewall filter */
	config_set_path('system/disablefilter', true);

	/* to enable an interface and configure it as a DHCP client */
	config_set_path('interfaces/optx/disabled', false);
	config_set_path('interfaces/optx/ipaddr', "dhcp");

	/* to enable an interface and set a static IPv4 address */
	config_set_path('interfaces/wan/enable', true);
	config_set_path('interfaces/wan/ipaddr', "192.168.100.1");
	config_set_path('interfaces/wan/subnet', "24");

	/* to save out the new configuration (config.xml) */
	write_config();

	/* to reboot the system after saving */
	system_reboot_sync();

EOF;

	more($show_help_text);

}

$fp = fopen('php://stdin', 'r');

if ($argc < 2) {
	echo ".\n\n";
}

$pkg_interface='console';

$shell_active = true;
$tccommands = array();

function completion($string, $index) {
	global $tccommands;
	return $tccommands;
}

readline_completion_function("completion");

function get_playback_files() {
	$playback_files = array();
	$files = scandir("/etc/phpshellsessions/");
	foreach ($files as $file) {
		if ($file <> "." && $file <> "..") {
			$playback_files[] = $file;
		}
	}
	return $playback_files;
}

if ($argc < 2) {
	echo "Welcome to the {$g['product_label']} developer shell\n";
	echo "\nType \"help\" to show common usage scenarios.\n";
	echo "\nAvailable playback commands:\n     ";
	$tccommands[] = "playback";
	$playback_files = get_playback_files();
	foreach ($playback_files as $pbf) {
		echo "{$pbf} ";
		if (function_exists("readline_add_history")) {
			readline_add_history("playback $pbf");
			$tccommands[] = "$pbf";
		}
	}
	echo "\n\n";
}

$recording = false;
$playback_file_split = array();
$playbackbuffer = "";

if ($argv[1]=="playback" or $argv[1]=="run") {
	if (empty($argv[2]) || !file_exists("/etc/phpshellsessions/" . basename($argv[2]))) {
		echo "Error: Invalid playback file specified.\n\n";
		show_recordings();
		exit(-1);
	}
	playback_file(basename($argv[2]));
	exit;
}

// Define more commands
$tccommands[] = "exit";
$tccommands[] = "quit";
$tccommands[] = "?";
$tccommands[] = "exec";
$tccommands[] = "stoprecording";
$tccommands[] = "showrecordings";
$tccommands[] = "record";
$tccommands[] = "reset";
$tccommands[] = "master";
$tccommands[] = "RELENG_1_2";

while ($shell_active == true) {
	$command = readline("{$g['product_label']} shell: ");
	readline_add_history($command);
	$command_split = explode(" ", $command);
	$first_command = $command_split[0];
	if ($first_command == "playback" || $first_command == "run") {
		$playback_file = $command_split[1];
		if (!$playback_file || !file_exists("/etc/phpshellsessions/{$playback_file}")) {
			$command = "";
			echo "Could not locate playback file.\n";
		} else {
			$command = "";
			echo "\nPlayback of file {$command_split[1]} started.\n\n";
			playback_file("{$playback_file}");
			continue;
		}
	}
	if ($first_command == "exit" or $first_command == "quit") {
		die;
	}
	if ($first_command == "help" or $first_command == "?") {
		show_help();
		$playbackbuffer = "";
		continue;
	}
	if ($first_command == "exec" or $first_command == "exec;") {
		playback_text($playbackbuffer);
		$playbackbuffer = "";
		continue;
	}
	if ($first_command == "stoprecording" || $first_command == "stoprecord" || $first_command == "stop") {
		if ($recording) {
			fwrite($recording_fd, $playbackbuffer);
			fclose($recording_fd);
			$command = "";
			echo "Recording stopped.\n";
			$recording = false;
		} else {
			echo "No recording session in progress.\n";
			$command = "";
		}
	}
	if ($first_command == "showrecordings") {
		show_recordings();
		$command = "";
	}
	if ($first_command == "reset") {
		$playbackbuffer = "";
		echo "\nBuffer reset.\n\n";
		continue;
	}
	if ($first_command == "record") {
		if (!$command_split[1]) {
			echo "usage: record playbackname\n";
			echo "\tplaybackname will be created in /etc/phpshellsessions.\n";
			$command = "";
		} else {
			/* time to record */
			safe_mkdir("/etc/phpshellsessions");
			$recording_fn = basename($command_split[1]);
			$recording_fd = fopen("/etc/phpshellsessions/{$recording_fn}","w");
			if (!$recording_fd) {
				echo "Could not start recording session.\n";
				$command = "";
			} else {
				$recording = true;
				echo "Recording of {$recording_fn} started.\n";
				$command = "";
			}
		}
	}
	$playbackbuffer .= $command . "\n";
}

function show_recordings() {
	echo "==> Sessions available for playback are:\n";
	$playback_files = get_playback_files();
	foreach (get_playback_files() as $pbf) {
		echo "{$pbf} ";
	}
	echo "\n\n";
	echo "==> end of list.\n";
}

function returnlastchar($command) {
	$commandlen = strlen($command);
	$endofstring = substr($command, ($commandlen-1));
	return $endofstring;
}

function returnfirstchar($command) {
	$commandlen = strlen($command);
	$endofstring = substr($command, 0, 1);
	return $endofstring;
}

function str_replace_all($search,$replace,$subject) {
	while (strpos($subject,$search)!==false) {
		$subject = str_replace($search,$replace,$subject);
	}
	return $subject;
}

function playback_text($playback_file_contents) {
	$playback_file_split = explode("\n", $playback_file_contents);
	$playback_text  = "require_once('functions.inc');\n";
	$playback_text .= "require_once('globals.inc');\n";
	$playback_text .= "require_once('config.inc');\n";
	$toquote = '"';
	$toquotereplace = '\\"';
	foreach ($playback_file_split as $pfs) {
		$firstchar = returnfirstchar($pfs);
		$currentline = $pfs;
		if ($firstchar == "!") {
			/* XXX: encode " in $pfs */
			$pfsa = str_replace($toquote, $toquotereplace, $currentline);
			$playback_text .= str_replace("!", "system(\"", $pfsa) . "\");\n";
		} else if ($firstchar == "=") {
			/* XXX: encode " in $pfs */
			$pfsa = str_replace($toquote, $toquotereplace, $currentline);
			$currentline   .= str_replace("!", "system(\"", $pfsa) . "\");\n";
		} else {
			$playback_text .= $pfs . "\n";
		}
	}
	eval($playback_text);
}

function playback_file($playback_file) {
	$playback_file_contents = file_get_contents("/etc/phpshellsessions/{$playback_file}");
	playback_text($playback_file_contents);
}

?>

Function Calls

None

Variables

None

Stats

MD5 246cc5fc4c83492e66443a4bb4f34aaa
Eval Count 0
Decode Time 106 ms