!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/squid/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.85%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     save_authparam.cgi (5.02 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# save_authparam.cgi
# Save authentication program options

require './squid-lib.pl';
$access{'authparam'} || &error($text{'authparam_ecannot'});
&ReadParse();
&lock_file($config{'squid_conf'});
$conf = &get_config();
&error_setup($text{'authparam_err'});

if ($squid_version >= 2.5) {
    local @auth = &find_config("auth_param", $conf);

    # Save basic authentication options
    if ($in{'b_auth_mode'} == 0) {
        &save_auth(\@auth, "basic", "program");
        }
    elsif ($in{'b_auth_mode'} == 2) {
        &system_logged("cp $module_root_directory/squid-auth.pl $module_config_directory");
        &save_auth(\@auth, "basic", "program", "$auth_program $auth_database");
        &system_logged("chmod a+rx $auth_program $auth_database");
        }
    else {
        &check_error(\&check_prog, $in{'b_auth'});
        &save_auth(\@auth, "basic", "program", $in{'b_auth'});
        }
    if ($in{'b_children_def'}) {
        &save_auth(\@auth, "basic", "children");
        }
    else {
        $in{'b_children'} =~ /^\d+$/ ||
            &error(&text('sprog_emsg5', $in{'b_children'}));
        &save_auth(\@auth, "basic", "children", $in{'b_children'});
        }
    if ($in{'b_ttl_def'}) {
        &save_auth(\@auth, "basic", "credentialsttl");
        }
    else {
        $in{'b_ttl'} =~ /^\d+$/ ||
            &error(&text('sprog_emsg6', $in{'b_ttl'}));
        &save_auth(\@auth, "basic", "credentialsttl",
                 $in{'b_ttl'}." ".$in{'b_ttl_u'});
        }
    if ($in{'b_realm_def'}) {
        &save_auth(\@auth, "basic", "realm");
        }
    else {
        &save_auth(\@auth, "basic", "realm", $in{'b_realm'});
        }
    if ($in{'b_aittl_def'}) {
            &save_directive($conf, "authenticate_ip_ttl",[ ]);
    }else{
        $in{'b_aittl'} =~ /^\d+$/ ||&error(&text('sprog_emsg6', $in{'b_aittl'}));
        @baittl[0]= $in{'b_aittl'}." ".$in{'b_aittl_u'};
            &save_directive($conf, "authenticate_ip_ttl",
                [ { 'name' => 'authenticate_ip_ttl',
                    'values' => \@baittl }]);
    }
    # Save digest authentication options
    if ($in{'d_auth_mode'} == 0) {
        &save_auth(\@auth, "digest", "program");
        }
    else {
        &check_error(\&check_prog, $in{'d_auth'});
        &save_auth(\@auth, "digest", "program", $in{'d_auth'});
        }
    if ($in{'d_children_def'}) {
        &save_auth(\@auth, "digest", "children");
        }
    else {
        $in{'d_children'} =~ /^\d+$/ ||
            &error(&text('sprog_emsg5', $in{'d_children'}));
        &save_auth(\@auth, "digest", "children", $in{'d_children'});
        }
    if ($in{'d_realm_def'}) {
        &save_auth(\@auth, "digest", "realm");
        }
    else {
        &save_auth(\@auth, "digest", "realm", $in{'d_realm'});
        }

    # Save NTLM authentication options
    if ($in{'n_auth_mode'} == 0) {
        &save_auth(\@auth, "ntlm", "program");
        }
    else {
        &check_error(\&check_prog, $in{'n_auth'});
        &save_auth(\@auth, "ntlm", "program", $in{'n_auth'});
        }
    if ($in{'n_children_def'}) {
        &save_auth(\@auth, "ntlm", "children");
        }
    else {
        $in{'n_children'} =~ /^\d+$/ ||
            &error(&text('sprog_emsg5', $in{'n_children'}));
        &save_auth(\@auth, "ntlm", "children", $in{'n_children'});
        }
    if ($in{'n_reuses_def'}) {
        &save_auth(\@auth, "ntlm", "max_challenge_reuses");
        }
    else {
        $in{'n_reuses'} =~ /^\d+$/ ||
            &error(&text('authparam_ereuses', $in{'n_reuses'}));
        &save_auth(\@auth, "ntlm", "max_challenge_reuses",
               $in{'n_reuses'});
        }
    if ($in{'n_ttl_def'}) {
        &save_auth(\@auth, "ntlm", "max_challenge_lifetime");
        }
    else {
        $in{'n_ttl'} =~ /^\d+$/ ||
            &error(&text('authparam_elifetime', $in{'n_ttl'}));
        &save_auth(\@auth, "ntlm", "max_challenge_lifetime",
                 $in{'n_ttl'}." ".$in{'n_ttl_u'});
        }

    &save_directive($conf, "auth_param", \@auth);
    }
elsif ($squid_version >= 2) {
    if ($in{'auth_mode'} == 0) {
        &save_directive($conf, "authenticate_program", [ ]);
        }
    elsif ($in{'auth_mode'} == 2) {
        &system_logged("cp $module_root_directory/squid-auth.pl $module_config_directory");
        &save_directive($conf, "authenticate_program",
            [ { 'name' => 'authenticate_program',
                'values' => [ "$auth_program $auth_database" ] } ]);
        &system_logged("chmod a+rx $auth_program $auth_database");
        }
    else {
        &check_error(\&check_prog, $in{'auth'});
        &save_directive($conf, "authenticate_program",
                [ { 'name' => 'authenticate_program',
                    'values' => [ $in{'auth'} ] } ]);
        }
    &save_opt("authenticate_children", \&check_children, $conf);

        &save_opt("proxy_auth_realm", undef, $conf);

    if ($squid_version >= 2.4) {
        &save_opt_time("authenticate_ttl", $conf);
        &save_opt_time("authenticate_ip_ttl", $conf);
        }
    }

&flush_file_lines();
&unlock_file($config{'squid_conf'});
&webmin_log("authparam", undef, undef, \%in);
&redirect("");

sub check_prog
{
$_[0] =~ /^(\/\S+)/ || return &text('sprog_emsg2', $_[0]);
return -x $1 ? undef : &text('sprog_emsg3',$_[0]); 
}

sub check_children
{
return $_[0] =~ /^\d+$/ ? undef : &text('sprog_emsg5',$_[0]);
}

# save_auth(&auth, type, name, [value])
sub save_auth
{
local ($old) = grep { $_->{'values'}->[0] eq $_[1] &&
              $_->{'values'}->[1] eq $_[2] } @{$_[0]};
if ($old && @_ > 3) {
    # Replace value
    $old->{'values'} = [ $_[1], $_[2], $_[3] ];
    }
elsif (@_ > 3) {
    # Adding
    push(@{$_[0]}, { 'name' => 'auth_param',
             'values' => [ $_[1], $_[2], $_[3] ] });
    }
elsif ($old) {
    # Removing
    @{$_[0]} = grep { $_ ne $old } @{$_[0]};
    }
}

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0088 ]--