!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/doc/pkinit-nss-0.7.6/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.89%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     make-certs.sh (12.67 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/bin/bash -e
#
#  Generate a root CA cert for signing, and then a subject cert.
#  Usage: make-certs.sh hostname [user[@domain]] [more ...]
#  For testing only, probably still has some bugs in it.
#

DOMAIN=example.com
DAYS=365
KEYTYPE=RSA
CRLHOURS=24
CRLDAYS=

# Cleanup temporary files at exit.
touch openssl.cnf
cleanup() {
	test -f openssl.cnf && rm -f openssl.cnf
	test -f host.csr    && rm -f host.csr
	test -f ca.txt      && rm -f ca.txt
}
trap cleanup EXIT

# Choose a user name part for email attributes.
GIVENUSER=$2
test x"$GIVENUSER" = x && GIVENUSER=$USER
echo "$GIVENUSER" | grep -q @ || GIVENUSER="$GIVENUSER"@$DOMAIN
DOMAIN=`echo "$GIVENUSER" | cut -f2- -d@`

# Default to generating a key/cert pair for the current host.
commonname="$1"
if test "x$commonname" = x ; then
	echo Usage: `basename $0` 'commonname' user'[@domain]' '[more [...]]'
	echo More:
	echo -e \\tKey usage: "[sign|signing|encrypt|encryption|all]"
	echo -e \\tAuthority Access Info OCSP responder: "ocsp:URI"
	echo -e \\tCRL distribution point: "crl:URI"
	echo -e \\tSubject Alternative Name:
	echo -e \\t\\tHostname: "*"
	echo -e \\t\\tIP address: w.x.y.z
	echo -e \\t\\tEmail address: "*@*.com/edu/net/org/local"
	echo -e \\t\\tKerberos principal name: "*@*.COM/EDU/NET/ORG/LOCAL"
	echo -e \\tExtended key usage:
	echo -e \\t\\t1....
	echo -e \\t\\t2....
	echo -e \\t\\tid-kp-server-auth \| tls-server
	echo -e \\t\\tid-kp-client-auth \| tls-client
	echo -e \\t\\tid-kp-email-protection \| email
	echo -e \\t\\tid-ms-kp-sc-logon \| id-ms-sc-logon
	echo -e \\t\\tid-pkinit-kp-client-auth \| id-pkinit-client
	echo -e \\t\\tid-pkinit-kp-kdc \| id-pkinit-kdc
	echo -e \\t\\tca \| CA
	exit 1
fi

shift || true
shift || true

# Done already?
done=:

ocsp() {
	request_file=`mktemp -t ocsp.request.XXXXXX`
	if test -n "$request_file" ; then
		case "$REQUEST_METHOD" in
		GET)
			echo "$@" > "$request_file"
			;;
		POST)
			dd bs=1 of="$request_file" status=noxfer
			;;
		esac
	fi
}

keygen() {
	case "$KEYTYPE" in
	DSA)
		openssl dsaparam -out "$1".param 1024
		openssl gendsa "$1".param
		;;
	RSA|*)
		openssl genrsa 2048 -nodes
		;;
	esac
}

# Generate a CA key.
if ! test -s ca.key ; then
	umask=`umask -p`
	umask 077
	keygen ca > ca.key 2> /dev/null
	$umask
else
	echo "You already have a ca.key file; not replacing."
	done=echo
fi

# Create a new CA serial number.
if ! test -s ca.srl ; then
	(dd if=/dev/urandom bs=8 count=1 2> /dev/null) | od -t x1c | head -n 1 | awk '{$1="00";OFS="";print}' > ca.srl
else
	echo "You already have a ca.srl file; not replacing."
fi

# Create a new CA "database".
if ! test -s ca.db ; then
	touch ca.db
else
	echo "You already have a ca.db file; not replacing."
fi

# Parse the arguments which indicate what sort of information we want.
CA=FALSE
while test $# -gt 0 ; do
	type=
	value="$1"
	case "$value" in
	RSA|rsa)
		KEYTYPE=RSA
		;;
	DSA|dsa)
		KEYTYPE=DSA
		;;
	OCSP:*|ocsp:*)
		aiaval=`echo "$value" | cut -f2- -d:`
		aia="OCSP;URI:$aiaval"
		;;
	CRL:*|crl:*)
		crlval=`echo "$value" | cut -f2- -d:`
		crl="URI:$crlval"
		;;
	signing|sign)
		keyusage="${keyusage:+${keyusage},}nonRepudiation,digitalSignature"
		;;
	encryption|encrypt)
		keyusage="${keyusage:+${keyusage},}keyEncipherment,dataEncipherment"
		;;
	all)
		keyusage="digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly"
		;;
	ca|CA)
		CA=TRUE
		keyusage="${keyusage:+${keyusage},}nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign"
		;;
	1.*|2.*|id-*|tls-*|email|mail)
		ekuval=`echo "$value" | tr '[A-Z]' '[a-z]' | sed 's,\-,,g'`
		case "$ekuval" in
		idkpserverauth|tlsserver) ekuval=1.3.6.1.5.5.7.3.1;;
		idkpclientauth|tlsclient) ekuval=1.3.6.1.5.5.7.3.2;;
		idkpemailprotection|email|mail) ekuval=1.3.6.1.5.5.7.3.4;;
		idmskpsclogon|idmssclogon) ekuval=1.3.6.1.4.1.311.20.2.2;;
		idpkinitkpclientauth|idpkinitclient) ekuval=1.3.6.1.5.2.3.4;;
		idpkinitkpkdc|idpkinitkdc) ekuval=1.3.6.1.5.2.3.5;;
		esac
		if test -z "$eku" ; then
			eku="$ekuval"
		else
			eku="$eku,$ekuval"
		fi
		;;
	*@*.COM|*@*.EDU|*@*.NET|*@*.ORG|*@*.LOCAL)
		luser=`echo "$value" | tr '[A-Z]' '[a-z]'`
		if test "$luser" = "$value" ; then
			luser=
		fi
		type="otherName:1.3.6.1.5.2.2;SEQUENCE:$value,${luser:+otherName:1.3.6.1.4.1.311.20.2.3;UTF8:${luser},}otherName:1.3.6.1.4.1.311.20.2.3;UTF8"
		unset luser
		principals="$principals $value"
		;;
	*@*.com|*@*.edu|*@*.net|*@*.org|*@*.local)            type=email;;
	[0-9]*.[0-9]*.[0-9]*.[0-9]*)                          type=IP;;
	*)                                                    type=DNS;;
	esac
	if test -n "$type" ; then
		newvalue="${type}:$value"
		if test -z "$altnames" ; then
			altnames="${newvalue}"
		else
			altnames="${altnames},${newvalue}"
		fi
	fi
	shift
done

# Generate the CA cert.  Set the X.509v3 basic constraints to mark it as a CA
# certificate.
if ! test -s ca.crt ; then
	cat > openssl.cnf <<- EOF
	[req]
	x509_extensions = v3_ca
	distinguished_name = req_ca_name
	oid_section = new_oids
	prompt = no

	[req_ca_name]
	EOF
	echo $DOMAIN | awk 'BEGIN {FS="."}{for(i=NF;i>0;i--){print NF-i ".domainComponent="$i;}}' >> openssl.cnf
	cat >> openssl.cnf <<- EOF
	commonName = Test Certifying CA

	[new_oids]
	domainComponent = 0.9.2342.19200300.100.1.25

	[v3_ca]
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid:always,issuer:always
	keyUsage=nonRepudiation,digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
	basicConstraints=critical,CA:TRUE
	nsComment="Testing CA Certificate"
	EOF
	if test -n "$aia" ; then
		echo "authorityInfoAccess = ${aia}" >> openssl.cnf
	fi
	if test -n "$crl" ; then
		echo "crlDistributionPoints = ${crl}" >> openssl.cnf
	fi
	echo "" >> openssl.cnf
	openssl req -config `pwd`/openssl.cnf -new -key ca.key > ca.csr 2> /dev/null
	openssl x509 -extfile `pwd`/openssl.cnf -days $DAYS -req -CAserial ca.srl -signkey ca.key -extensions v3_ca -in ca.csr -out ca.crt
	openssl x509 -noout -text -in ca.crt > ca.txt
	cat ca.crt >> ca.txt
	cat ca.txt > ca.crt
	rm ca.txt
	cat ca.crt > ca.chain.crt
else
	echo "You already have a ca.crt file; not replacing."
	done=echo
fi

# Generate an OCSP key.
if ! test -s ocsp.key ; then
	umask=`umask -p`
	umask 077
	keygen ocsp > ocsp.key 2> /dev/null
	$umask
else
	echo "You already have an ocsp.key file; not replacing."
	done=echo
fi

# Generate the OCSP signing cert.  Set the X.509v3 basic constraints and EKU.
if ! test -s ocsp.crt ; then
	cat > openssl.cnf <<- EOF
	[req]
	x509_extensions = v3_ocsp
	distinguished_name = req_ocsp_name
	oid_section = new_oids
	prompt = no

	[req_ocsp_name]
	EOF
	echo $DOMAIN | awk 'BEGIN {FS="."}{for(i=NF;i>0;i--){print NF-i ".domainComponent="$i;}}' >> openssl.cnf
	cat >> openssl.cnf <<- EOF
	commonName = OCSP Signer for Test Certifying CA

	[new_oids]
	domainComponent = 0.9.2342.19200300.100.1.25
	ocspNoCheck = 1.3.6.1.5.5.7.48.1.5

	[v3_ocsp]
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid:always,issuer:always
	keyUsage=digitalSignature,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
	basicConstraints=CA:FALSE
	extendedKeyUsage=1.3.6.1.5.5.7.3.9
	nsComment="Testing OCSP Certificate"
	1.3.6.1.5.5.7.48.1.5=ASN1:NULL
	EOF
	if test -n "$aia" ; then
		echo "authorityInfoAccess = ${aia}" >> openssl.cnf
	fi
	if test -n "$crl" ; then
		echo "crlDistributionPoints = ${crl}" >> openssl.cnf
	fi
	echo "" >> openssl.cnf
	openssl req -config `pwd`/openssl.cnf -new -key ocsp.key > ocsp.csr 2> /dev/null
	openssl x509 -extfile `pwd`/openssl.cnf -days $DAYS -req -CAserial ca.srl -signkey ca.key -extensions v3_ocsp -in ocsp.csr -out ocsp.crt
	openssl x509 -noout -text -in ocsp.crt > ocsp.txt
	cat ocsp.crt >> ocsp.txt
	cat ocsp.txt >  ocsp.crt
	rm ocsp.txt
else
	echo "You already have an ocsp.crt file; not replacing."
	done=echo
fi

# We always generate a fresh, empty, CRL.  Might as well do it now.
cat > openssl.cnf <<- EOF
[ca]
default_ca = issuer

[issuer]
private_key = `pwd`/ca.key
certificate = `pwd`/ca.crt
database = `pwd`/ca.db
default_md = sha1
EOF
openssl ca -config `pwd`/openssl.cnf -gencrl ${CRLHOURS:+-crlhours ${CRLHOURS}} ${CRLDAYS:+-crldays ${CRLDAYS}} -out ca.crl.pem
openssl crl -in ca.crl.pem -outform der -out ca.crl

# Create a new serial number if this is a new CA.
if test "x$CA" = xTRUE ; then
	if ! test -d "$commonname" ; then
		mkdir "$commonname"
	fi
	if ! test -s "$commonname/ca.srl" ; then
		(dd if=/dev/urandom bs=8 count=1 2> /dev/null) | od -t x1c | head -n 1 | awk '{$1="00";OFS="";print}' > "$commonname/ca.srl"
	else
		echo "You already have a $commonname/ca.srl file; not replacing."
	fi
	cert="$commonname/ca.crt"
	csr="$commonname/ca.csr"
	key="$commonname/ca.key"
	pem="$commonname/ca.pem"
	pfx="$commonname/ca.p12"
	ln -s ../`basename $0` "$commonname"/
else
	cert="$commonname.crt"
	csr="$commonname.csr"
	key="$commonname.key"
	pem="$commonname.pem"
	pfx="$commonname.p12"
fi

# Generate the subject's certificate.  Set the X.509v3 basic constraints.
if ! test -s "$cert" ; then
	cat > openssl.cnf <<- EOF
	[req]
	distinguished_name = req_issued_name
	prompt = no

	[x509]
	x509_extensions = v3_issued

	[req_issued_name]
	EOF
	echo $DOMAIN | awk 'BEGIN {FS="."}{for(i=NF;i>0;i--){print NF-i ".domainComponent="$i;}}' >> openssl.cnf
	cat >> openssl.cnf <<- EOF
	mail = $GIVENUSER
	commonName = $commonname

	[v3_issued]
	certificatePolicies=2.5.29.32.0${eku:+,${eku}}
	subjectKeyIdentifier=hash
	authorityKeyIdentifier=keyid,issuer
	EOF
	if test -n "$aia" ; then
		echo "authorityInfoAccess = ${aia}" >> openssl.cnf
	fi
	if test -n "$crl" ; then
		echo "crlDistributionPoints = ${crl}" >> openssl.cnf
	fi
	if test -n "$keyusage" ; then
		echo "keyUsage = critical,${keyusage}" >> openssl.cnf
	fi
	if test -n "$altnames" ; then
		echo "subjectAltName = ${altnames}" >> openssl.cnf
	fi
	if test -n "$eku" ; then
		echo "extendedKeyUsage = ${eku}" >> openssl.cnf
	fi
	echo "basicConstraints=critical,CA:$CA" >> openssl.cnf
	if test "x$CA" = xTRUE ; then
		echo 'nsComment="Testing CA Certificate for '"$commonname"'"' >> openssl.cnf
	else
		echo 'nsComment="Testing Certificate for '"$commonname"'"' >> openssl.cnf
	fi
	for value in $principals; do
		user=`echo "$value" | cut -f1 -d@`
		realm=`echo "$value" | cut -f2- -d@`
		echo "" >> openssl.cnf
		echo "[$value]" >> openssl.cnf
		echo "realm=EXPLICIT:0,GeneralString:$realm" >> openssl.cnf
		echo "kerberosname=EXPLICIT:1,SEQUENCE:krb5$user" >> openssl.cnf

		echo "" >> openssl.cnf
		echo "[krb5$user]" >> openssl.cnf
		echo "nametype=EXPLICIT:0,INTEGER:1" >> openssl.cnf
		echo "namelist=EXPLICIT:1,SEQUENCE:krb5basic$user" >> openssl.cnf

		echo "[krb5basic$user]" >> openssl.cnf
		count=0
		for part in `echo "$user" | sed 's,/, ,g'` ; do
			echo "$count.part=GeneralString:$part" >> openssl.cnf
			count=`expr "$count" + 1`
		done
	done

	# Generate another key, unless we have a key or CSR.
	if ! test -s "$key" && ! test -s "$csr" ; then
		umask=`umask -p`
		umask 077
		keygen "$commonname" > "$key" 2> /dev/null
		$umask
	else
		echo "You already have a $key or $csr file; not replacing."
		done=echo
	fi

	if ! test -s "$csr" ; then
		openssl req -config `pwd`/openssl.cnf -new -key "$key" > "$csr" 2> /dev/null
	fi
	openssl x509 -req -extfile `pwd`/openssl.cnf -extensions v3_issued -CA ca.crt -CAkey ca.key -CAserial ca.srl -in "$csr" -days $DAYS > "$cert" 2> /dev/null
	openssl x509 -noout -text -in "$cert" > "$cert.txt"
	cat "$cert" >> "$cert.txt"
	cat "$cert.txt" > "$cert"
	rm -f "$cert.txt"
else
	echo "You already have a $cert file; not replacing."
	done=echo
fi

if test -s ca.chain.crt ; then
	chain=ca.chain.crt
else
	chain=ca.crt
fi
if test "x$CA" = xTRUE ; then
	cat "$chain" "$cert" > "$commonname/ca.chain.crt"
fi

# Create ca.pem and the subject's name.pem for the benefit of applications
# which expect both the private key and the certificate in one file.
umask=`umask -p`
umask 077
if ! test -s ca.pem ; then
	cat ca.key ca.crt > ca.pem
else
	echo "You already have a ca.pem file; not replacing."
	done=echo
fi
if ! test -s "$pem" ; then
	cat "$key" "$cert" > "$pem"
else
	echo "You already have a $pem file; not replacing."
	done=echo
fi
if ! test -s "$pfx" ; then
	openssl pkcs12 -export -inkey "$key" -in "$cert" -name "$commonname" -out "$pfx" -nodes -passout pass:
else
	echo "You already have a $pfx file; not replacing."
	done=echo
fi
$umask
$done

echo CA certificate:
openssl x509 -noout -issuer  -in ca.crt | sed s,=\ ,\ ,g
openssl x509 -noout -subject -in ca.crt | sed s,=\ ,\ ,g
echo
echo End entity certificate:
openssl x509 -noout -issuer  -in "$cert" | sed s,=\ ,\ ,g
openssl x509 -noout -subject -in "$cert" | sed s,=\ ,\ ,g
openssl x509 -noout -serial  -in "$cert" | sed s,=,\ ,g
echo
echo PKCS12 bag:
openssl pkcs12 -in "$pfx" -nodes -nokeys -nocerts -info -passin pass:
echo
echo Verifying:
echo + openssl verify -CAfile "$chain" "$cert"
openssl verify -CAfile "$chain" "$cert"

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0095 ]--