!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/authconfig/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     authconfig-gtk.py (14.48 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/python
# -*- coding: UTF-8 -*-
#
# Authconfig - client authentication configuration program
# Copyright (c) 1999-2008 Red Hat, Inc.
#
# Authors: Preston Brown <pbrown@redhat.com>
#          Nalin Dahyabhai <nalin@redhat.com>
#          Matt Wilson <msw@redhat.com>
#          Tomas Mraz <tmraz@redhat.com>
#
# This is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
import authinfo, acutil
import gettext, os, signal, sys
_ = gettext.lgettext
import locale
locale.setlocale(locale.LC_ALL, '')

firstbootservices = [
    "crond",
    "dovecot",
    "messagebus",
    "postfix",
    "privoxy",
    "radiusd",
    "rstatd",
    "rusersd",
    "rwalld",
    "rwhod",
    "saslauthd",
    "sendmail",
    "smb",
    "squid",
    "sshd",
    "vncserver",
    "vsftpd",
    "winbind"
]

if "--nox" in sys.argv:
    sys.argv.remove('--nox')
    os.execv('/usr/bin/authconfig', ['authconfig']+sys.argv[1:])
    sys.exit(1)

try:
    import gtk, gtk.glade
except RuntimeError, e:
    if (os.isatty(sys.stdin.fileno()) and
        os.isatty(sys.stdout.fileno()) and
        os.isatty(sys.stderr.fileno())):
        os.execv('/usr/bin/authconfig', ['authconfig']+sys.argv[1:])
        sys.exit(1)
    else:
        raise e

class Authconfig:
    def __init__(self):
        self.runPriority = 45
        self.moduleName = "Authentication"
        self.moduleClass = "reconfig"
        # "checkbox/button name": authInfo field, file, generic name,
        # package, names of widgets to disable if checkbox not active
        self.main_map = {
            "enablecache" :
            ("enableCache", authinfo.PATH_NSCD,
             "caching", "nscd", []),
            "enablenis" :
            ("enableNIS", authinfo.PATH_YPBIND,
             "NIS", "ypbind", ["confignis"]),
            "enablehesiod" :
            ("enableHesiod", authinfo.PATH_LIBNSS_HESIOD,
             "Hesiod", "glibc", ["confighesiod"]),
            "enableldap" :
            ("enableLDAP", authinfo.PATH_LIBNSS_LDAP,
             "LDAP", "nss_ldap", ["configldap"]),
            "enableldapauth" :
            ("enableLDAPAuth", authinfo.PATH_PAM_LDAP,
             "LDAP", "nss_ldap", ["configldapauth"]),
            "enablekerberos" :
            ("enableKerberos", authinfo.PATH_PAM_KRB5,
             "Kerberos", "pam_krb5", ["configkerberos"]),
            "enablesmartcard":
            ("enableSmartcard", authinfo.PATH_PAM_PKCS11,
             "Smartcard", "pam_pkcs11", ["configsmartcard"]),
            "enablesmb" :
            ("enableSMB", authinfo.PATH_PAM_SMB,
             "SMB", "pam_smb", ["configsmb"]),
            "enableshadow" :
            ("enableShadow", "", "", "", []),
            "enablewinbind" :
            ("enableWinbind", authinfo.PATH_LIBNSS_WINBIND,
             "winbind", "samba-client", ["configwinbind"]),
            "enablewinbindauth" :
            ("enableWinbindAuth", authinfo.PATH_PAM_WINBIND,
             "winbind", "samba-client", ["configwinbindauth"]),
            "enablelocauthorize" :
            ("enableLocAuthorize", "", "", "", []),
            "enablepamaccess" :
            ("enablePAMAccess", "", "", "", []),
            "enablesysnetauth" :
            ("enableSysNetAuth", "", "", "", []),
            "passwordalgo" :
            ("passwordAlgorithm", "", "", "",
             ["DESCRYPT", "BIGCRYPT", "MD5", "SHA256", "SHA512"]),
            "enablemkhomedir" :
            ("enableMkHomeDir", "", "", "", []),
        }
        # entry or label / button / checkbox / option menu :
        # entry (or label): authInfo field
        # button: function
        # checkbox: authInfo field
        # option menu: authInfo field, list of choices, list of tuples
        #              of value/sensitive widgets
        self.empty_map = {
        }
        self.nis_map = {
            "domain" : ("nisDomain", ""),
            "server" : ("nisServer", ""),
        }
        self.kerberos_map = {
            "realm" : ("kerberosRealm", ""),
            "kdc" : ("kerberosKDC", ""),
            "adminserver" : ("kerberosAdminServer", ""),
            "dnsrealm" : ("kerberosRealmviaDNS", ""),
            "dnskdc" : ("kerberosKDCviaDNS", ""),
        }
        self.ldap_map = {
            "tls" : ("enableLDAPS", "", "", "", "downloadcacert"),
            "downloadcacert" : ("ldap_cacert_download", ""),
            "basedn" : ("ldapBaseDN", ""),
            "server" : ("ldapServer", ""),
        }
        self.ldapcacert_map = {
            "cacerturl" : ("ldapCacertURL", ""),
        }
        self.smartcard_map = {
            "module" : ("smartcardModule", authinfo.getSmartcardModules(),()),
            "action" : ("smartcardAction", authinfo.getSmartcardActions(),()),
            "forcesmartcard" : ("forceSmartcard", ""),
        }
        self.hesiod_map = {
            "lhs" : ("hesiodLHS", ""),
            "rhs" : ("hesiodRHS", ""),
        }
        self.smb_map = {
            "workgroup" : ("smbWorkgroup", ""),
            "domaincontrollers" : ("smbServers", ""),
        }
        self.winbindjoin_map = {
            "domain" : ("smbWorkgroup", ""),
            "joinuser" : ("joinUser", ""),
            "joinpassword" : ("joinPassword", ""),
        }
        self.winbind_map = {
            "domain" : ("smbWorkgroup", ""),
            "security" : ("smbSecurity", ("ads", "domain", "server", "user"), (("realm", ("ads",)), ("shell", ("domain", "ads")), ("join", ("domain", "ads")))),
            "realm" : ("smbRealm", ""),
            "servers" : ("smbServers", ""),
            "shell" : ("winbindTemplateShell", ["/bin/false"] + acutil.getusershells(), ()),
            "offline" : ("winbindOffline", ""),
            "join" : ("winbindjoin_maybe_launch", "")
        }
        self.launch_map = {
            "confignis": ("nissettings", "nis_map"),
            "configldap": ("ldapsettings", "ldap_map"),
            "configldapauth": ("ldapsettings", "ldap_map"),
            "confighesiod": ("hesiodsettings", "hesiod_map"),
            "configsmb": ("smbsettings", "smb_map"),
            "configkerberos": ("kerberossettings", "kerberos_map"),
            "configsmartcard": ("smartcardsettings", "smartcard_map"),
            "configwinbind": ("winbindsettings", "winbind_map"),
            "configwinbindauth": ("winbindsettings", "winbind_map"),
        }
        self.info = authinfo.read(self.message_callback)
        self.pristineinfo = self.info.copy()
        return

    def destroy_widget(self, button, widget):
        widget.destroy()
        return

    def winbindjoin_maybe_launch(self, button, map, xml, parent):
        backup = self.info.copy()
        pristine = authinfo.read(self.message_callback)
        self.info_apply(map, xml)
        if self.info.differs(pristine):
            response = self.run_on_button(self, "joinsave",
                              "empty_map", parent,
                              (0, 1))
            if (response == gtk.RESPONSE_CANCEL):
                return
            # Don't save.
            if (response == 0):
                self.info = backup
            # Save.
            if (response == 1):
                self.apply()
                backup = self.info
        self.winbindjoin_launch(button, map, xml, parent)
        self.info = backup

    def winbindjoin_launch(self, button, map, xml, parent):
        if not self.info.joinUser:
            self.info.joinUser = "Administrator"
        response = self.run_on_button(self, "winbindjoin",
                          "winbindjoin_map", parent)
        if (response == gtk.RESPONSE_OK):
            self.info.joinDomain(True)
        self.info.joinUser = None
        self.info.joinPassword = None

    def info_apply(self, map, xml):
        for entry in map.keys():
            widget = xml.get_widget(entry)
            if type(widget) == type(gtk.ComboBox()):
                setattr(self.info, map[entry][0],
                    widget.get_data("option_list")[widget.get_active()])
            if type(widget) == type(gtk.Entry()):
                setattr(self.info, map[entry][0],
                    widget.get_text())
            if type(widget) == type(gtk.CheckButton()):
                setattr(self.info, map[entry][0],
                    widget.get_active())
        self.info.update()

    # Toggle a boolean.
    def toggleboolean(self, checkbox, name, aliases, dependents):
        setattr(self.info, name, checkbox.get_active())
        for widget in aliases:
            widget.set_active(checkbox.get_active())
        for widget in dependents:
            widget.set_sensitive(checkbox.get_active())
        return

    def changeoption(self, combo, entry, xml):
            options = combo.get_data("option_list")
        option = options[combo.get_active()]
        for candidate in entry[2]:
            dependent = xml.get_widget(candidate[0])
            if option in candidate[1]:
                dependent.set_sensitive(True)
            else:
                dependent.set_sensitive(False)

    def combochanged(self, combo, entry):
        option = entry[4][combo.get_active()]
        setattr(self.info, entry[0], option)

    # Create a vbox or dialog using the file, and return it. */
    def run_on_button(self, button, top, mapname, parent=None, responses=()):
        xml = gtk.glade.XML("/usr/share/authconfig/authconfig.glade",
                    top, "authconfig")
        map = getattr(self, mapname)
        dialog = xml.get_widget(top)
        self.info.update()
        if mapname == "smartcard_map":
            widget = xml.get_widget("action")
            if not os.access("/usr/bin/gnome-screensaver", os.X_OK):
                widget.set_sensitive(False)
        for entry in map.keys():
            widget = xml.get_widget(entry)            
            if type(widget) == type(gtk.ComboBox()):
                widget.remove_text(0) # remove the bogus text necessary for glade
                options = []
                offset = 0
                for option in tuple(map[entry][1]):
                    if option == '':
                        continue
                    widget.append_text(option)
                    options.append(option)
                    if option == getattr(self.info, map[entry][0]):
                        widget.set_active(offset)
                    offset = offset + 1
                option = getattr(self.info, map[entry][0])
                if option not in options:
                    if option:
                        widget.prepend_text(option)
                        widget.set_active(0)
                        options.insert(0, option)
                widget.set_data("option_list", options)
                widget.connect("changed", self.changeoption,
                           map[entry], xml)
                self.changeoption(widget, map[entry], xml)
            if type(widget) == type(gtk.Button()):
                widget.connect("clicked",
                           getattr(self, map[entry][0]),
                           map,
                           xml,
                           dialog)
            if type(widget) == type(gtk.Entry()):
                if getattr(self.info, map[entry][0]):
                    widget.set_text(getattr(self.info,
                                map[entry][0]))

            if type(widget) == type(gtk.CheckButton()):
                widget.set_active(bool(getattr(self.info,
                              map[entry][0])))
                if len(map[entry]) > 4:
                    button = xml.get_widget(map[entry][4])
                    widget.connect("toggled", self.toggleboolean,
                        entry, [], [button])
                    self.toggleboolean(widget,
                        entry, [], [button])
            if type(widget) == type(gtk.Label()):
                if getattr(self.info, map[entry][0]):
                    widget.set_text(getattr(self.info,
                                map[entry][0]))
        if parent:
            dialog.set_transient_for(parent)
            parent.set_sensitive(False)
        dialog.set_resizable(False)
        response = None
        while ((response != gtk.RESPONSE_OK) and
               (response != gtk.RESPONSE_CANCEL) and
               (response not in responses)):
            response = dialog.run()
        if (response == gtk.RESPONSE_OK):
            self.info_apply(map, xml)
            if (mapname == "ldap_map"):
                self.ldap_cacerts_test(parent)
        dialog.destroy()
        if parent:
            parent.set_sensitive(True)
        return response

    # Create a vbox with the right controls and return the vbox.
    def get_main_widget(self):
        dialog = gtk.Dialog(_("Authentication Configuration"),
                    None,
                    gtk.DIALOG_NO_SEPARATOR,
                    (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL,
                     gtk.STOCK_OK, gtk.RESPONSE_OK))
        dialog.set_resizable(False)
        dialog.set_type_hint(gtk.gdk.WINDOW_TYPE_HINT_NORMAL)
        # Construct the XML object.
        xml = gtk.glade.XML("/usr/share/authconfig/authconfig.glade",
                    'vbox', "authconfig")
        box = xml.get_widget('vbox')
        dialog.vbox.pack_start(box)

        # Set up the pushbuttons to launch new dialogs.
        for entry in self.launch_map.keys():
            button = xml.get_widget(entry)
            button.connect("clicked", self.run_on_button,
                       self.launch_map[entry][0],
                       self.launch_map[entry][1],
                       dialog)

        # Hook up checkboxes and entry fields.
        for entry in self.main_map.keys():
            widget = xml.get_widget(entry)
            try:
                if self.main_map[entry][1]:
                    os.stat(self.main_map[entry][1])
            except:
                widget.set_sensitive(False)
            else:
                widget.set_active(bool(getattr(self.info,
                          self.main_map[entry][0])))
            if type(widget) == type(gtk.CheckButton()):
                aliases = []
                dependents = []
                for candidate in self.main_map.keys():
                    if entry != candidate:
                        if self.main_map[entry][0] == self.main_map[candidate][0]:
                            aliases = aliases + [xml.get_widget(candidate)]
                for candidate in self.main_map[entry][4]:
                    dependents = dependents + [xml.get_widget(candidate)]
                widget.connect("toggled", self.toggleboolean,
                           self.main_map[entry][0], aliases,
                           dependents)
                self.toggleboolean(widget,
                           self.main_map[entry][0],
                           aliases,
                           dependents)
            if type(widget) == type(gtk.ComboBox()):
                widget.remove_text(0) # remove the bogus text necessary for glade
                options = self.main_map[entry][4]
                offset = 0
                current = getattr(self.info, self.main_map[entry][0]).upper()
                for option in options:
                    widget.append_text(option)
                    if option == current:
                        widget.set_active(offset)
                    offset = offset + 1
                if current and current not in options:
                    widget.prepend_text(option)
                    widget.set_active(0)
                    options.insert(0, option)
                widget.connect("changed", self.combochanged,
                           self.main_map[entry])
            # if not tokens are installed, don't enable smartcard
            # login
            if entry == "enablesmartcard" and len(authinfo.getSmartcardModules()) == 0:
                widget.set_sensitive(False)
        return dialog

    # Save changes.
    def apply(self, button = None):
        self.info.testLDAPCACerts()
        self.info.rehashLDAPCACerts()
        if "--updateall" in sys.argv:
            self.info.write()
        else:
            self.info.writeChanged(self.pristineinfo)
        self.info.post(False)
        if "--firstboot" in sys.argv:
            for service in firstbootservices:
                if os.access("/etc/init.d/" + service, os.X_OK):
                    os.system("/etc/init.d/" + service + " condrestart")
            if os.access("/etc/init.d/autofs", os.X_OK):
                    if self.info.enableNIS:
                    cond = ""
                else:
                        cond = "cond"
                os.system("/etc/init.d/autofs " + cond + "restart")

    def ldap_cacerts_test(self, parent):
        if self.info.enableLDAPS and self.info.testLDAPCACerts():
            self.ldap_cacert_download(None, None, None, parent)

    def ldap_cacert_download(self, button, map, xml, parent):
        response = self.run_on_button(self, "ldapcacertdownload",
                          "ldapcacert_map", parent)
        if (response == gtk.RESPONSE_OK):
            self.info.downloadLDAPCACert()

    def message_callback(self, text):
        msg = gtk.MessageDialog(None, 0, gtk.MESSAGE_WARNING, gtk.BUTTONS_OK, text)
        msg.set_title(_("Authentication Configuration"))
        msg.run()
        msg.destroy()

# Fake the firstboot setup.
if __name__ == '__main__':
    signal.signal(signal.SIGINT, signal.SIG_DFL)
    gettext.textdomain("authconfig")
    gtk.glade.bindtextdomain("authconfig", "/usr/share/locale")
    module = Authconfig()
    dialog = module.get_main_widget()
    if dialog.run() == gtk.RESPONSE_OK:
        module.apply()
    sys.exit(0)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0076 ]--