PHP Shell or Shell PHP is a program or script written in PHP (Php Hypertext Preprocessor) which provides Linux Terminal (Shell is a much broader concept) in Browser. PHP Shell lets you to execute most of the shell commands in browser, but not all due to its limitations.
Update: Recently, I’ve found a very promising tool called ‘Wetty (Web + tty)’, which provides a complete Linux terminal access over a HTTP or HTTPS protocol and enables you to execute all Linux commands and programs as if you were sitting in front of a real or virtual terminal.
For more information regarding installation and usage of Wetty visit: How to Install Wetty to Access Linux Terminal Over Web Browser
PHP Shell is very much useful in executing Shell commands on remote web-server, similar to Telnet and SSH. It can be useful in moving, unzipping and handling larger files or bulk files on Web-Server. Administrating and Maintaining a webserver using PHP Shell is very much easier, provided the user has working knowledge of Shell Programs.
When there was Telnet and SSH already, what is the need of phpshell, is a question which may come to the mind of yours. The answer is – in many cases, the firewall is so restrictive that nothing, apart from HTTP(S), gets through, in that case phpshell lets you gain the shell access on a remote server.
However you can not execute a GUI program or an interactive script/program using PHP Shell, It could be it’s limitation but this limitation is a boon, as GUI disabling means higher security.
Download PHP Shell
The latest version can be downloaded from here:
How to Install PHP Shell
As stated above PHP Shell is written in PHP so you don’t need to install it, just move the archived file to your working apache/httpd directory, and of course you must have Apache and PHP installed.
Install Apache and PHP
Install on Debian based systems using apt-get command.
# apt-get install apache2 # apt-get install php5 libapache2-mod-auth-mysql php5-mysql # service apache2 start
Install on Red Hat based systems using yum command.
# yum install httpd # yum install php php-mysql # service httpd start
By default working directory of apache/http is:
on Debian based distro /var/www
on Red Hat based distro /var/www/html
Note: It can be changed to any other folder, and it is recommended as a security measure.
Move the downloaded PHP Shell archive file to Apache working directory. Here I am using Debian system, so my Apache working directory is.
# mv phpshell-2.4.tar.gz /var/www/
Unzip php shell
# tar -zxvf phpshell-2.4.tar.gz
Remove the compressed file.
# rm -rf phpshell-2.4.tar.gz
Rename the php shell folder to anything hard to guess, as a security measure. For example, I move to the phpshell (now tecmint-nix) folder and rename phpshell.php to index.php so that you are redirected directly to the index page and not the contents of the folder.
# mv phpshell-2.4 tecmint-nix # cd tecmint-nix/ # mv phpshell.php index.php
Fine, Its time to open your Web browser and navigate to “http://127.0.0.1/tecmint-nix“.
By default no username or password will work, hence you need to add username and password manually.
To create a user name and password call the pwhash.php script already in phpshell folder like “http://127.0.0.1/tecmint-nix/pwhash.php“.
Enter Username and password on the above php page and click ‘Update‘.
As stated in the Result section you need to add the sha line as it as by copying and pasting into config.php in the [user] section.
Open config.php file using your favorite editor.
# nano config.php
Add the line.
tecmint = "sha1:673a19a5:7e4b922b64a6321716370dad1fed192cdb661170"
As it is in the [user section], obviously your sha1 will be unique based upon your username and password.
Save the config.php file with the current changes and exit it.
Now it’s time to login. Visit http://127.0.0.1/tecmint-nix. Login using your ‘User Name‘ and ‘Password‘.
Yeah you have successfully logged into your phpshell. Now you can execute most the the shell program as smooth as if you are running those commands and scripts on your own system.
Certain bottlenecks of PHP Shell
- No additional input supported, i.e., once a program is launched no interactive script can be used.
- All the webserver is configured to timeout at a certain time frame, say 30 sec. This limitation is of webserver/ Apache and not phpshell.
- Each command in phpshell must be strictly one liner. Phpshell don’t understand command in continuation or a multi lines command as in loops.
Remember that it’s very important to have PHP Shell password protected, or else everybody will be able so snoop into your files and perhaps also be able to delete them! Please take the time to protect your installation of PHP Shell.
This article is aimed to make you aware of the broader Aspect and implementation of shell in a much lucid way.
That’s all for now, from me. I will soon be here again with another interesting topic you people will love to read. Till then stay tuned and connected to tecmint. Enjoy!