110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/intranet/ drwxrwxrwx Free 52.66 GB of 127.8 GB (41.2%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/intranet/ drwxrwxrwx
Free 52.66 GB of 127.8 GB (41.2%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: redir.php (1.72 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

Information:

Path	/var/www/html/intranet/redir.php
Size	1.72 KB
MD5	8ca9d07a3525f6cbe4a3bebf5b4f8ac0
Owner/Group	root/root
Perms	-rw-r--r--
Create time	17/10/2012 15:26:41
Access time	11/07/2024 09:16:02
MODIFY time	17/10/2012 07:08:45

FULL HEXDUMP

00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
000002D0
000002E8
00000300
00000318
00000330
00000348
00000360
00000378
00000390
000003A8
000003C0
000003D8
000003F0
00000408
00000420
00000438
00000450
00000468
00000480
00000498
000004B0
000004C8
000004E0
000004F8
00000510
00000528
00000540
00000558
00000570
00000588
000005A0
000005B8
000005D0
000005E8
00000600
00000618
00000630
00000648
00000660
00000678
00000690
000006A8
000006C0
000006D8

3C 3F 0D 0A 73 65 73 73 69 6F 6E 5F 73 74 61 72 74 28 29 3B 0D 0A 69 6E
63 6C 75 64 65 5F 6F 6E 63 65 28 27 63 6F 6E 66 69 67 2E 70 68 70 27 29
3B 0D 0A 0D 0A 2F 2F 20 20 43 68 65 63 6B 20 46 72 6F 6D 20 4C 6F 67 6F
75 74 20 50 61 67 65 0D 0A 69 66 20 28 24 73 74 61 74 75 73 20 3D 3D 20
22 6C 6F 67 6F 75 74 22 29 20 7B 0D 0A 09 09 68 65 61 64 65 72 28 22 4C
6F 63 61 74 69 6F 6E 3A 20 6C 6F 67 69 6E 2E 70 68 70 22 29 3B 0D 0A 09
09 73 65 73 73 69 6F 6E 5F 64 65 73 74 72 6F 79 28 29 3B 0D 0A 09 09 24
73 74 61 74 75 73 20 3D 20 22 6C 6F 67 6F 75 74 22 3B 0D 0A 7D 0D 0A 65
6C 73 65 20 7B 0D 0A 09 09 09 2F 2F 20 54 72 69 6D 20 69 6E 70 75 74 20
62 6F 78 0D 0A 09 09 09 24 74 78 74 55 73 65 72 20 3D 20 74 72 69 6D 28
24 74 78 74 55 73 65 72 29 3B 0D 0A 09 09 09 24 74 78 74 50 77 64 20 3D
20 74 72 69 6D 28 24 74 78 74 50 77 64 29 3B 0D 0A 0D 0A 09 09 09 63 6F
6E 6E 44 42 28 29 3B 0D 0A 09 09 09 24 73 71 6C 20 3D 20 20 20 20 22 73
65 6C 65 63 74 20 2A 20 66 72 6F 6D 20 77 70 5F 75 73 65 72 73 20 77 68
65 72 65 20 75 73 65 72 5F 69 64 20 3D 20 27 24 74 78 74 55 73 65 72 27
20 22 3B 0D 0A 09 09 09 24 72 73 20 3D 20 6D 79 73 71 6C 5F 71 75 65 72
79 28 24 73 71 6C 29 3B 0D 0A 09 09 09 69 66 20 28 6D 79 73 71 6C 5F 6E
75 6D 5F 72 6F 77 73 28 24 72 73 29 20 3E 20 30 29 20 7B 0D 0A 09 09 09
09 24 72 6F 77 20 3D 20 6D 79 73 71 6C 5F 66 65 74 63 68 5F 61 72 72 61
79 28 24 72 73 29 3B 0D 0A 09 09 09 09 24 70 61 73 73 77 6F 72 64 20 3D
20 24 72 6F 77 5B 75 73 65 72 5F 70 61 73 73 5D 3B 0D 0A 09 09 09 09 24
67 69 64 20 3D 20 24 72 6F 77 5B 67 69 64 5D 3B 0D 0A 09 09 09 09 24 70
77 64 43 72 79 70 74 20 3D 20 63 72 79 70 74 28 24 74 78 74 50 77 64 2C
20 24 70 61 73 73 77 6F 72 64 29 3B 0D 0A 09 09 09 09 6D 79 73 71 6C 5F
66 72 65 65 5F 72 65 73 75 6C 74 28 24 72 73 29 3B 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 09 20 2F 2F 20 66 72 65 65 20 75 73 65 72 20 72
65 73 75 6C 74 0D 0A 09 09 09 09 69 66 20 28 24 70 61 73 73 77 6F 72 64
20 3D 3D 20 24 70 77 64 43 72 79 70 74 29 20 7B 0D 0A 09 09 09 09 2F 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 0D 0A 09 09 09 09 2A 2A 2A 20 20 53 65 73 73 69 6F 6E 20
52 65 67 69 73 74 20 61 6E 64 20 52 65 64 69 72 65 63 74 20 74 6F 20 75
73 65 72 20 70 61 67 65 0D 0A 09 09 09 09 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2F 0D 0A 0D
0A 09 09 09 09 09 09 24 5F 53 45 53 53 49 4F 4E 5B 27 67 69 64 27 5D 20
3D 20 24 67 69 64 3B 0D 0A 09 09 09 09 09 09 24 5F 53 45 53 53 49 4F 4E
5B 27 6C 6F 67 69 6E 27 5D 20 3D 20 22 54 72 75 65 22 3B 0D 0A 0D 0A 09
09 09 09 09 09 70 72 69 6E 74 20 22 52 65 64 69 72 65 63 74 20 74 6F 20
2E 2E 2E 22 3B 0D 0A 09 09 09 09 09 09 73 77 69 74 63 68 20 28 24 67 69
64 29 20 7B 0D 0A 09 09 09 09 09 09 63 61 73 65 20 31 3A 0D 0A 09 09 09
09 09 09 09 68 65 61 64 65 72 28 22 4C 6F 63 61 74 69 6F 6E 3A 20 6D 61
69 6E 2E 70 68 70 3F 75 73 65 72 3D 24 72 6F 77 5B 75 69 64 5D 22 29 3B
0D 0A 09 09 09 09 09 09 09 62 72 65 61 6B 3B 0D 0A 09 09 09 09 09 09 63
61 73 65 20 32 3A 0D 0A 09 09 09 09 09 09 09 68 65 61 64 65 72 28 22 4C
6F 63 61 74 69 6F 6E 3A 20 68 6F 6D 65 2E 70 68 70 3F 75 73 65 72 3D 24
72 6F 77 5B 75 69 64 5D 22 29 3B 0D 0A 09 09 09 09 09 09 09 62 72 65 61
6B 3B 0D 0A 09 09 09 09 09 09 63 61 73 65 20 33 3A 0D 0A 09 09 09 09 09
09 09 68 65 61 64 65 72 28 22 4C 6F 63 61 74 69 6F 6E 3A 20 67 75 65 73
74 2E 70 68 70 22 29 3B 0D 0A 09 09 09 09 09 09 09 62 72 65 61 6B 3B 0D
0A 09 09 09 09 09 09 64 65 66 61 75 6C 74 3A 0D 0A 09 09 09 09 09 09 09
6D 73 67 62 6F 78 5F 6C 6F 63 28 22 E4 C1 E8 BE BA A1 C5 D8 E8 C1 BC D9
E9 E3 AA E9 B9 D5 E9 E3 B9 C3 D0 BA BA 22 2C 22 6C 6F 67 69 6E 2E 70 68
70 22 29 3B 0D 0A 09 09 09 09 09 09 09 73 65 73 73 69 6F 6E 5F 64 65 73
74 72 6F 79 28 29 3B 0D 0A 09 09 09 09 09 09 7D 0D 0A 09 09 09 09 09 7D
0D 0A 09 09 09 09 09 65 6C 73 65 20 7B 0D 0A 09 09 09 09 09 09 6D 73 67
62 6F 78 5F 6C 6F 63 28 22 C3 CB D1 CA BC E8 D2 B9 E4 C1 E8 B6 D9 A1 E0
A2 E9 D2 C3 D0 BA BA E4 B4 E9 22 2C 22 6C 6F 67 69 6E 2E 70 68 70 22 29
3B 0D 0A 09 09 09 09 09 09 73 65 73 73 69 6F 6E 5F 64 65 73 74 72 6F 79
28 29 3B 0D 0A 09 09 09 09 09 09 09 7D 0D 0A 09 09 09 7D 0D 0A 09 09 09
65 6C 73 65 20 7B 0D 0A 09 09 09 09 09 6D 73 67 62 6F 78 5F 6C 6F 63 28
22 E4 C1 E8 CA D2 C1 D2 C3 B6 E0 A2 E9 D2 C3 D0 BA BA E4 B4 E9 22 2C 22
6C 6F 67 69 6E 2E 70 68 70 22 29 3B 0D 0A 09 09 09 09 09 73 65 73 73 69
6F 6E 5F 64 65 73 74 72 6F 79 28 29 3B 0D 0A 09 09 09 09 7D 0D 0A 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A 7D 20
2F 2F 20 65 6E 64 20 69 66 20 63 68 65 63 6B 20 6C 6F 67 6F 75 74 20 70
61 67 65 0D 0A 3F 3E 0D 0A 0D 0A

<?  session_start();  in
clude_once('config.php')
;    //  Check From Logo
ut Page  if ($status ==
"logout") {   header("L
ocation: login.php");
session_destroy();   $
status = "logout";  }  e
lse {   // Trim input
box   $txtUser = trim(
$txtUser);   $txtPwd =
trim($txtPwd);     co
nnDB();   $sql =    "s
elect * from wp_users wh
ere user_id = '$txtUser'
";   $rs = mysql_quer
y($sql);   if (mysql_n
um_rows($rs) > 0) {
$row = mysql_fetch_arra
y($rs);   $password =
$row[user_pass];   $
gid = $row[gid];   $p
wdCrypt = crypt($txtPwd,
$password);   mysql_
free_result($rs);
         // free user r
esult   if ($password
== $pwdCrypt) {   /*
************************
************************
************************
************************
*****   ***  Session
Regist and Redirect to u
ser page   **********
************************
************************
************************
********************/
$_SESSION['gid']
= $gid;   $_SESSION
['login'] = "True";
print "Redirect to
...";   switch ($gi
d) {   case 1:
header("Location: ma
in.php?user=$row[uid]");
   break;   c
ase 2:   header("L
ocation: home.php?user=$
row[uid]");   brea
k;   case 3:
header("Location: gues
t.php");   break;
default:
msgbox_loc("дБиѕєЎЕШиБјЩ
йгЄй№Хйг№ГРєє","login.ph
p");   session_des
troy();   }   }
   else {   msg
box_loc("ГЛСКјиТ№дБи¶ЩЎа
ўйТГРєєдґй","login.php")
;   session_destroy
();   }   }
else {   msgbox_loc(
"дБиКТБТГ¶аўйТГРєєдґй","
login.php");   sessi
on_destroy();   }



                      }
// end if check logout p
age  ?>

HEXDUMP: [Full] [Preview]
Base64: [Encode] [+chunk] [+chunk+quotes] [Decode]

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0159 ]--