!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/alumni/inc/geshi/geshi/   drwxr-xr-x
Free 50.92 GB of 127.8 GB (39.84%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     python.php (10.29 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/*************************************************************************************
 * python.php
 * ----------
 * Author: Roberto Rossi (rsoftware@altervista.org)
 * Copyright: (c) 2004 Roberto Rossi (http://rsoftware.altervista.org), Nigel McNie (http://qbnz.com/highlighter)
 * Release Version: 1.0.7.19
 * Date Started: 2004/08/30
 *
 * Python language file for GeSHi.
 *
 * CHANGES
 * -------
 * 2005/05/26
 *  -  Modifications by Tim (tim@skreak.com): added more keyword categories, tweaked colors
 * 2004/11/27 (1.0.1)
 *  -  Added support for multiple object splitters
 * 2004/08/30 (1.0.0)
 *  -  First Release
 *
 * TODO (updated 2004/11/27)
 * -------------------------
 *
 *************************************************************************************
 *
 *     This file is part of GeSHi.
 *
 *   GeSHi is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *   GeSHi is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with GeSHi; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 ************************************************************************************/

$language_data = array (
    
'LANG_NAME' => 'Python',
    
'COMMENT_SINGLE' => array(=> '#'),
    
'COMMENT_MULTI' => array(),
    
'CASE_KEYWORDS' => GESHI_CAPS_NO_CHANGE,
    
'QUOTEMARKS' => array('"'"'"'"""'),
    
'ESCAPE_CHAR' => '\\',
    
'KEYWORDS' => array(

        
/*
        ** Set 1: reserved words
        ** http://python.org/doc/current/ref/keywords.html
        */
        
=> array(
            
'and''del''for''is''raise''assert''elif''from''lambda''return''break',
            
'else''global''not''try''class''except''if''or''while''continue''exec',
            
'import''pass''yield''def''finally''in''print'
            
),

        
/*
        ** Set 2: builtins
        ** http://python.org/doc/current/lib/built-in-funcs.html
        */
        
=> array(
            
'__import__''abs''basestring''bool''callable''chr''classmethod''cmp'
            
'compile''complex''delattr''dict''dir''divmod''enumerate''eval''execfile'
            
'file''filter''float''frozenset''getattr''globals''hasattr''hash''help',
            
'hex''id''input''int''isinstance''issubclass''iter''len''list''locals',
            
'long''map''max''min''object''oct''open''ord''pow''property''range',
            
'raw_input''reduce''reload''repr''reversed''round''set''setattr''slice',
            
'sorted''staticmethod''str''sum''super''tuple''type''unichr''unicode'
            
'vars''xrange''zip',
            
// Built-in constants: http://python.org/doc/current/lib/node35.html
            
'False''True''None''NotImplemented''Ellipsis',
            
// Built-in Exceptions: http://python.org/doc/current/lib/module-exceptions.html
            
'Exception''StandardError''ArithmeticError''LookupError''EnvironmentError',
            
'AssertionError''AttributeError''EOFError''FloatingPointError''IOError',
            
'ImportError''IndexError''KeyError''KeyboardInterrupt''MemoryError''NameError',
            
'NotImplementedError''OSError''OverflowError''ReferenceError''RuntimeError',
            
'StopIteration''SyntaxError''SystemError''SystemExit''TypeError',
            
'UnboundlocalError''UnicodeError''UnicodeEncodeError''UnicodeDecodeError',
            
'UnicodeTranslateError''ValueError''WindowsError''ZeroDivisionError''Warning',
            
'UserWarning''DeprecationWarning''PendingDeprecationWarning''SyntaxWarning',
            
'RuntimeWarning''FutureWarning',
            
// self: this is a common python convention (but not a reserved word)
            
'self'
            
),

        
/*
        ** Set 3: standard library
        ** http://python.org/doc/current/lib/modindex.html
        */
        
=> array(
            
'__builtin__''__future__''__main__''_winreg''aifc''AL''al''anydbm',
            
'array''asynchat''asyncore''atexit''audioop''base64''BaseHTTPServer',
            
'Bastion''binascii''binhex''bisect''bsddb''bz2''calendar''cd''cgi',
            
'CGIHTTPServer''cgitb''chunk''cmath''cmd''code''codecs''codeop',
            
'collections''colorsys''commands''compileall''compiler''compiler',
            
'ConfigParser''Cookie''cookielib''copy''copy_reg''cPickle''crypt',
            
'cStringIO''csv''curses''datetime''dbhash''dbm''decimal''DEVICE',
            
'difflib''dircache''dis''distutils''dl''doctest''DocXMLRPCServer''dumbdbm',
            
'dummy_thread''dummy_threading''email''encodings''errno''exceptions''fcntl',
            
'filecmp''fileinput''FL''fl''flp''fm''fnmatch''formatter''fpectl',
            
'fpformat''ftplib''gc''gdbm''getopt''getpass''gettext''GL''gl''glob',
            
'gopherlib''grp''gzip''heapq''hmac''hotshot''htmlentitydefs''htmllib',
            
'HTMLParser''httplib''imageop''imaplib''imgfile''imghdr''imp''inspect',
            
'itertools''jpeg''keyword''linecache''locale''logging''mailbox''mailcap',
            
'marshal''math''md5''mhlib''mimetools''mimetypes''MimeWriter''mimify',
            
'mmap''msvcrt''multifile''mutex''netrc''new''nis''nntplib''operator',
            
'optparse''os''ossaudiodev''parser''pdb''pickle''pickletools''pipes',
            
'pkgutil''platform''popen2''poplib''posix''posixfile''pprint''profile',
            
'pstats''pty''pwd''py_compile''pyclbr''pydoc''Queue''quopri''random',
            
're''readline''repr''resource''rexec''rfc822''rgbimg''rlcompleter',
            
'robotparser''sched''ScrolledText''select''sets''sgmllib''sha''shelve',
            
'shlex''shutil''signal''SimpleHTTPServer''SimpleXMLRPCServer''site''smtpd',
            
'smtplib''sndhdr''socket''SocketServer''stat''statcache''statvfs''string',
            
'StringIO''stringprep''struct''subprocess''sunau''SUNAUDIODEV''sunaudiodev',
            
'symbol''sys''syslog''tabnanny''tarfile''telnetlib''tempfile''termios',
            
'test''textwrap''thread''threading''time''timeit''Tix''Tkinter''token',
            
'tokenize''traceback''tty''turtle''types''unicodedata''unittest''urllib2',
            
'urllib''urlparse''user''UserDict''UserList''UserString''uu''warnings',
            
'wave''weakref''webbrowser''whichdb''whrandom''winsound''xdrlib''xml',
            
'xmllib''xmlrpclib''zipfile''zipimport''zlib'
            
),

        
/*
        ** Set 4: special methods
        ** http://python.org/doc/current/ref/specialnames.html
        */
        
=> array(
            
/*
            // Iterator types: http://python.org/doc/current/lib/typeiter.html
            '__iter__', 'next',
            // String types: http://python.org/doc/current/lib/string-methods.html
            'capitalize', 'center', 'count', 'decode', 'encode', 'endswith', 'expandtabs',
            'find', 'index', 'isalnum', 'isalpha', 'isdigit', 'islower', 'isspace', 'istitle',
            'isupper', 'join', 'ljust', 'lower', 'lstrip', 'replace', 'rfind', 'rindex', 'rjust',
            'rsplit', 'rstrip', 'split', 'splitlines', 'startswith', 'strip', 'swapcase', 'title',
            'translate', 'upper', 'zfill',
            */
            // Basic customization: http://python.org/doc/current/ref/customization.html
            
'__new__''__init__''__del__''__repr__''__str__'
            
'__lt__''__le__''__eq__''__ne__''__gt__''__ge__''__cmp__''__rcmp__',
            
'__hash__''__nonzero__''__unicode__''__dict__',
            
// Attribute access: http://python.org/doc/current/ref/attribute-access.html
            
'__setattr__''__delattr__''__getattr__''__getattribute__''__get__''__set__',
            
'__delete__''__slots__',
            
// Class creation, callable objects
            
'__metaclass__''__call__'
            
// Container types: http://python.org/doc/current/ref/sequence-types.html
            
'__len__''__getitem__''__setitem__''__delitem__''__iter__''__contains__',
            
'__getslice__''__setslice__''__delslice__',
            
// Numeric types: http://python.org/doc/current/ref/numeric-types.html
            
'__abs__','__add__','__and__','__coerce__','__div__','__divmod__','__float__',
            
'__hex__','__iadd__','__isub__','__imod__','__idiv__','__ipow__','__iand__',
            
'__ior__','__ixor__''__ilshift__','__irshift__','__invert__','__int__',
            
'__long__','__lshift__',
            
'__mod__','__mul__','__neg__','__oct__','__or__','__pos__','__pow__',
            
'__radd__','__rdiv__','__rdivmod__','__rmod__','__rpow__','__rlshift__','__rrshift__',
            
'__rshift__','__rsub__','__rmul__','__repr__','__rand__','__rxor__','__ror__',
            
'__sub__','__xor__'
            
)

        ),
    
'SYMBOLS' => array(
            
'('')''['']''{''}''*''&''%''!'';''<''>''?''`'
        
),
    
'CASE_SENSITIVE' => array(
        
GESHI_COMMENTS => true,
        
=> true,
        
=> true,
        
=> true,
        
=> true
        
),
    
'STYLES' => array(
        
'KEYWORDS' => array(
            
=> 'color: #ff7700;font-weight:bold;',    // Reserved
            
=> 'color: #008000;',                        // Built-ins + self
            
=> 'color: #dc143c;',                        // Standard lib
            
=> 'color: #0000cd;'                        // Special methods
            
),
        
'COMMENTS' => array(
            
=> 'color: #808080; font-style: italic;',
            
'MULTI' => 'color: #808080; font-style: italic;'
            
),
        
'ESCAPE_CHAR' => array(
            
=> 'color: #000099; font-weight: bold;'
            
),
        
'BRACKETS' => array(
            
=> 'color: black;'
            
),
        
'STRINGS' => array(
            
=> 'color: #483d8b;'
            
),
        
'NUMBERS' => array(
            
=> 'color: #ff4500;'
            
),
        
'METHODS' => array(
            
=> 'color: black;'
            
),
        
'SYMBOLS' => array(
            
=> 'color: #66cc66;'
            
),
        
'REGEXPS' => array(
            ),
        
'SCRIPT' => array(
            )
        ),
    
'URLS' => array(
        ),
    
'OOLANG' => true,
    
'OBJECT_SPLITTERS' => array(
        
=> '.'
        
),
    
'REGEXPS' => array(
        ),
    
'STRICT_MODE_APPLIES' => GESHI_NEVER,
    
'SCRIPT_DELIMITERS' => array(
        ),
    
'HIGHLIGHT_STRICT_BLOCK' => array(
        )
);

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0181 ]--