!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/etc/sysconfig/   drwxr-xr-x
Free 53.74 GB of 127.8 GB (42.05%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     hsqldb (5.69 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
# $Id: hsqldb-1.8.0.9-standard.cfg,v 1.1 2008/01/24 20:25:10 dbhole Exp $

# Sample configuration file for HSQLDB database server.
# See the "UNIX Quick Start" chapter of the Hsqldb User Guide.

# N.b.!!!!  You must place this in the right location for your type of UNIX.
# See the init script "hsqldb" to see where this must be placed and
# what it should be renamed to.

# This file is "sourced" by a Bourne shell, so use Bourne shell syntax.

# This file WILL NOT WORK until you set (at least) the non-commented
# variables to the appropriate values for your system.
# Life will be easier if you avoid all filepaths with spaces or any other
# funny characters.  Don't ask for support if you ignore this advice.

# Thanks to Meikel Bisping for his contributions.  -- Blaine

# JPackage hsqldb home is /var/lib/hsqldb

HSQLDB_HOME=/var/lib/hsqldb

# JPackage source Java config

. /etc/java/java.conf

JAVA_HOME=${JAVA_HOME:-/usr/lib/jvm/jre}
JAVA_EXECUTABLE=${JAVA_HOME}/bin/java

# Unless you copied a hsqldb.jar file from another system, this typically
# resides at $HSQLDB_HOME/lib/hsqldb.jar, where $HSQLDB_HOME is your HSQLDB
# software base directory.
HSQLDB_JAR_PATH=${HSQLDB_HOME}/lib/hsqldb.jar

# Where the file "server.properties" (or "webserver.properties") resides.
SERVER_HOME=${HSQLDB_HOME}

# What UNIX user the Server/WebServer process will run as.
# (The shutdown client is always run as root or the invoker of the init script).
# Runs as root by default, but you should take the time to set database file
# ownerships to another user and set that user name here.
# You do need to run as root if your Server/WebServer will run on a privileged
# (< 1024) port.
# If you really do want to run as root, comment out the HSQLDB_OWNER setting
# completely.  I.e., do not set it to root.  This will run Server/Webserver
# without any "su" at all.
HSQLDB_OWNER=hsqldb

# We require all Server/WebServer instances to be accessible within 
# $MAX_START_SECS from when the Server/WebServer is started.
# Defaults to 60.
# Raise this is you are running lots of DB instances or have a slow server.
#MAX_START_SECS=200
# Ditto for this one
#SU_ECHO_SECS=1

# Time to allow for JVM to die after all HSQLDB instances stopped.
# Defaults to 1.
#MAX_TERMINATE_SECS=0

# These are "urlid" values from a SqlTool authentication file
# ** IN ADDITION TO THOSE IN YOUR server.properties OR webserver.properties **
# file.  All server.urlid.X values from your properties file will automatically
# be started/stopped/tested.  $SHUTDOWN_URLIDS is for additional urlids which
# will stopped.  (Therefore, most users will not set this at all).
# Separate multiple values with white space.  NO OTHER SPECIAL CHARACTERS!
# Make sure to quote the entire value if it contains white space separator(s).
# Defaults to none (i.e., only urlids set in properties file will be stopped).
#SHUTDOWN_URLIDS='sa mygms'

# SqlTool authentication file used only for shutdown.
# The default value will be sqltool.rc in root's home directory, since it is 
# root who runs the init script.
# (See the SqlTool chapter of the HSQLDB User Guide if you don't understand 
# this).
AUTH_FILE=${HSQLDB_HOME}/sqltool.rc

# Set to 'WebServer' to start a HSQLDB WebServer instead of a Server.
# Defaults to 'Server'.
#TARGET_CLASS=WebServer

# Server-side classpath IN ADDITION TO the HSQLDB_JAR_PATH set above.
# The classpath here is *earlier* than HSQLDB_JAR_PATH, to allow you 
# override classes in the HSQLDB_JAR_PATH jar file.
# In particular, you will want to add classpath elements to give access of
# all of your store procedures (store procedures are documented in the 
# HSQLDB User Guide in the SQL Syntax chapter.
#
# N.B.!
# If you're adding files to the classpath in order to be able to call them
# from SQL queries, you will be unable to access them unless you adjust the
# value of the system property hsqldb.method_class_names. Please see the
# comments on SERVER_JVMARGS, at the end of this file.
# SERVER_ADDL_CLASSPATH=/home/blaine/storedprocs.jar:/usr/dev/dbutil/classes

# For TLS encryption for your Server, set these two variables.
# N.b.:  If you set these, then make this file unreadable to non-root users!!!!
# See the TLS chapter of the HSQLDB User Guide, paying attention to the 
# security warning(s).
# If you are running with a private server cert, then you will also need to 
# set "truststore" in the your SqlTool config file (location is set by the
# AUTH_FILE variable in this file, or it must be at the default location for 
# HSQLDB_OWNER).
#TLS_KEYSTORE=/path/to/jks/server.store
#TLS_PASSWORD=password

# Any JVM args for the invocation of the JDBC client used to verify DB
# instances and to shut them down (SqlToolSprayer).
# For multiple args, put quotes around entire value.
#CLIENT_JVMARGS=-Djavax.net.debug=ssl

# Any JVM args for the server.
# For multiple args, put quotes around entire value.
#
# N.B.!
# The default value of SERVER_JVMARGS sets the system property 
# hsqldb.method_class_names to be empty. This is in order to lessen the
# security risk posed by HSQLDB allowing Java method calls in SQL statements.
# The implications of changing this value (as explained by the authors of
# HSQLDB) are as follows:
#     If [it] is not set, then static methods of all available Java classes
#     can be accessed as functions in HSQLDB. If the property is set, then
#     only the list of semicolon seperated method names becomes accessible.
#     An empty property value means no class is accessible.
# Regardless of the value of hsqldb.method_class_names, methods in
# org.hsqldb.Library will be accessible.
# Before making changes to the value below, please be advised of the possible
# dangers involved in allowing SQL queries to contain Java method calls.
SERVER_JVMARGS=-Dhsqldb.method_class_names=\"\"

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0059 ]--