This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - amnezic

Pages: [1]
1
Web Oriented Coding / PHP Shell Scanner
« on: June 01, 2014, 12:48:47 PM »





you can't hide all vulnerability and bugs or SHELL show try to pass this


Tnx noVaLue
Index.php
Code: [Select]


include("function.php");


$a = new scanner();


echo "
      <link rel='stylesheet' type='text/css' href='./css/style.css' />
      <body text='white' bgcolor='#111111'>
         
      <center><table class=hov style='border-collapse: separate; background-color: #2E2E2E;border: solid 1px; border-radius: 5px;width:1300px;'>
                  <tr>
                     <td>
                        <form action=?scan method=post>
                           <center><input type=text name='url'  style='border: 1px solid;background-color:transparent;color:#99CCFF;border-radius: 5px' size=100  value='".dirname(__FILE__)."'></center>
                        </form>   
                     </td>
                  </tr>           
                  <tr>
                     <td style='border:solid 1px; border-radius: 5px;'>
                        <table class=hov style='border-collapse: separate; background-color: #2E2E2E;border-radius: 5px;width:100%;height:80%;align:center' id= ''>


                        ".$a->scanProcess()."
                        </table>   
                     </td>
                     <td></td>
                  </tr>   
            </table></center><br><br><br>                 
      </body>";
      echo (isset($_GET['viewfile']) ? $a->viewSource($_GET['viewfile']) : '');




function.php
Code: [Select]
class scanner{
   function __construct() {}


   function scanProcess(){
      if(isset($_POST['url'])){
         $ret = array();
         $this->directoryscan($ret, $_POST['url']);
         $contents ="
                  <tr bgcolor='#413B3B'>
                     <td align=center><font color=#3cbddd>PathFile</font></td>
                     <td align=center><font color=#3cbddd>Function</font></td>
                  </tr>";
         
         foreach ($ret as $key => $value){
            $contents .= "<tr bgcolor='#191919'><td width=30%><a href='?viewfile=".$key."' target=_blank><font color=#3cbddd>".$key."</font></a></td><td><font color=#3cbddd>".$this->string_fromArray($value,",")."</font></td></tr>";
         }
         return    $contents;               
      }
     


   }
    function string_fromArray($list,$diff){
      $stack = $list;
      $separator = $diff;
      $string = "";
      for($i=0;$i<sizeof($stack); $i++) {
         if(strlen($string)==0) {
            $string .= $stack[$i];
         }else {
            $string .= $separator." ".$stack[$i];
         }
      }
      return $string;
   }
    function path_strip($path) {
      $raw = array();
   
      $path = $this->setSeparator($path);


      if($this->str_startsWith(".".$this->getSeparator(), $path)) {
         $ppath = explode($this->getSeparator(), dirname(__FILE__));
         $raw = $this->path_strip_pdp($ppath, $raw);
      }
     
      $tpath = explode($this->getSeparator(), $path);
      $raw = $this->path_strip_pdp($tpath, $raw);
     
      if(sizeof($raw) == 0)
         $raw[] = "";
           
      return $raw;
   }
   function str_startsWith($needle, $string) {
      $length = strlen($needle);
      return (substr($string, 0, $length) === $needle);
   }


   function str_endsWith($needle, $string) {
      $pos  = strlen($string) - strlen($needle);
      return (substr($string, $pos) === $needle);
   }
   function path_strip_pdp($path, $stack) {
      for($i=($this->getOs()== 1? 0:1); $i<sizeof($path); $i++) {
         if($path[$i] != "" && $path[$i] != ".") {
            if($path[$i] == "..") {
               if(sizeof($stack) > ($this->getOs()== 1? 1:0))
                  array_pop($stack);
            }else
               $stack[] = $path[$i];
         }
      }
     
      return $stack;
   }
   function setSeparator($path) {
      if($this->getOs() == 1)
          return str_replace("/", "\\", $path);
      else
           return str_replace("\\", "/", $path);
   }
   function getSeparator() {
      if($this->getOs() == 1)
         return "\\";
      else
         return "/";
   }
   function getOs() {
      if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
         return 1;
      else
         return 0;
   }
    function str_fromArray($stack, $delimiter="", $type="") {
      $string = "";
      for($i=0; $i<sizeof($stack); $i++)
         switch($type) {
            case "path":
               if ($this->getOs() == 1) {
                  if($i<sizeof($stack)-1)
                     $string .= $stack[$i].$delimiter;
                  else
                     $string .= $stack[$i];
               }else {
                  $string .= $delimiter.$stack[$i];
               }
               break;
            default:
               if(strlen($string) == 0)
                  $string .= $stack[$i];
               else
                  $string .= $delimiter.$stack[$i];
         }
         
      return $string;
   }


   function array_add(&$array, $input) {
      if(is_array($array)) {
         if(!in_array($input, $array))
            array_push($array, $input);
      }
   }
   
   function directoryscan(&$foundMatch, $url){
      $thDir = $url;
      $contents = "";


      $thDir = $this->str_fromArray($this->path_strip($thDir),$this->getSeparator(), "path");


      if(is_dir($thDir)) {


         $handle = opendir($thDir);
         $list = array();
         $dir = array();
         $file = array();
         while(false !== ($entry = readdir($handle))){
            if(is_dir($entry))
               array_push($dir, $entry);
            else
               array_push($file, $entry);
         }   
         sort($dir);
         sort($file);


         $list = array_merge($dir, $file);


         closedir($handle);
         foreach ($list as $filsscan){


            if($thDir.$this->getSeparator().$filsscan == __FILE__) {
               continue;
            }


            if(is_dir($thDir.$this->getSeparator().$filsscan)) {


               if($filsscan != "." && $filsscan != "..") {
                  $this->directoryscan($foundMatch, $thDir.$this->getSeparator().$filsscan);
                 
               }
            }else  {


               $ext_this = pathinfo($thDir.$this->getSeparator().$filsscan, PATHINFO_EXTENSION);
               if($ext_this == "php" || $ext_this == "pl" || $ext_this == "py" || $ext_this == "nzri" || $ext_this == "izo" ||
                     $ext_this == "cgi" || $ext_this == "htaccess") {
               
                  $file = fopen ($thDir.$this->getSeparator().$filsscan,"r");
                  $funcfound = array();
                 
                  while(!feof($file)){   
                      $contents = fgets($file);
                     
                     if(preg_match("/(|[\;\(\{\s\.\,])copy\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "copy");
                       
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])move\_uploaded\_file\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "move_uploaded_file");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])passthru\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "passthru");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])shell\_exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "shell\_exec");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "exec");
                     }
                      if(preg_match("/(|[\;\(\{\s\.\,])base64\_decode\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "base64_decode");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])eval\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "eval");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])proc\_open\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "proc_open");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])system\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "system");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])curl\_exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "curl_exec");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])popen\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound,  "popen");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])curl\_multi\_exec\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "curl_multi_exec");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])rename\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "rename");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])parse\_ini\_file\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "parse_ini_file");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])\$\_FILES\s*?[\[].*?[\]]\s*?[\.\,\;\}\_]/i",$contents)){
                        $this->array_add($funcfound, "\$_FILES");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])show\_source\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "show_source");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])fopen\s*?[\(].*?[\)]\s*?[\.\,\;\{\}\_]/i",$contents)){
                        $this->array_add($funcfound, "fopen");
                     }
                     if(preg_match("/(|[\;\(\{\s\.\,])\$\_COOKIE\s*?[\[].*?[\]]\s*?[\.\,\;\}\_]/i",$contents)){
                        $this->array_add($funcfound, "\$_COOKIE");
                     }
                     if(preg_match("/.*\s*AddType\s+application\/x\-httpd\-php.*/i",$contents)) {
                        $this->array_add($funcfound, "AddType application/x-httpd-php");
                     }
                     if(preg_match("/.*\s*AddType\s+application\/x\-httpd\-cgi.*/i",$contents)) {
                        $this->array_add($funcfound, "AddType application/x-httpd-cgi");
                     }
                     if(preg_match("/.*\s*AddType\s+application\/x\-httpd\-perl.*/i",$contents)) {
                        $this->array_add($funcfound,"AddType application/x-httpd-perl");
                     }
                     if(preg_match("/.*\s*AddHandler\s+cgi\-script.*/i",$contents)) {
                        $this->array_add($funcfound, "AddHandler cgi-scrinpt");
                     }
                     
                  }
                 
                  if(sizeof($funcfound) > 0) {
                     sort($funcfound);
                     $foundMatch[$thDir.$this->getSeparator().$filsscan] = $funcfound;   
                  }   
                  fclose($file);   
               }


            }
         }
      }
      return $foundMatch;
   }
   function viewSource($path){
      $content = file_get_contents($path);
      return "<pre>".str_replace("<", "&lt;", $content)."</pre>";
   }   
}




Original  : http://thieves-team.com/forum/index.php?topic=5853.0

2
Reverse Engineering / Re: Sublime 3 Crack(last version Build 3059.3061,3062 X32 and X64)
« on: May 29, 2014, 06:38:21 PM »
Quote from: Architect on May 29, 2014, 03:37:21 AM
What about the 64bit version on Linux?


is not yet cracked by these guys, i think is the next project for Thieves-Team

3
Reverse Engineering / Sublime 3 Crack(last version Build 3059.3061,3062 X32 and X64)
« on: May 28, 2014, 11:39:19 PM »

Code: [Select]
NEW UPDATE 3062 X64 : Find : 15 E2 16 3E 00 48 8D 4D E7 E8 09 B6 03 00 85 C0 0F 94 C0
 Replace : 15 E2 16 3E 00 48 8D 4D E7 E8 09 B6 03 00 90 90 90 90 90


NOTE: Not released build 3061 x32 Version
Find : 74 03 33 FF 47 85 FF 0F
Replace : 75 03 33 FF 90 85 FF 0F
================ NOTE: Build 3059, x32 Version
Find : 74 03 33 FF 47 85 FF 0F 85 9A 06 00 00 BE
Replace : 75 03 33 FF 90 85 FF 0F 85 9A 06 00 00 BE
================ Type this on : License
—--BEGIN LICENSE—--
noVaLue #thieves-team.com Unlimited User
License EA7E-18848
...00000000..........00000000...
......00................00......
......00................00......
......00....0000000.....00......
......00................00......
......00................00......
......00................00......
......00................00.....
 —--END LICENSE—--


All fucking version are here


Code: [Select]
Build 3062
----------
Release Date: 5 May 2014


    * Added sidebar icons
    * Added sidebar loading indicators
    * Sidebar remembers which folders are expanded
    * Fixed a crash in plugin_host


Build 3061
----------
Release Date: 21 December 2013


    * API: Updated to Python 3.3.3
    * Tweaked window closing behavior when pressing ctrl+w / cmd+w
    * Fixed a lockup when transitioning from a blinking to a solid caret


Build 3058
----------
Release Date: 12 December 2013


    * Added index_exclude_patterns setting to control which files get indexed
    * Fixed a crash regression in 3057


Build 3057
----------
Release Date: 10 December 2013


    * Added settings caret_extra_top, caret_extra_bottom and caret_extra_width to control the caret size
    * Added settings show_encoding and show_line_endings to control what gets shown on the status bar


Build 3056
----------
Release Date: 20 November 2013


    * Transparent images are drawn with a checkerboard background
    * Fixed Find in Files not selecting the correct line for already opened files
    * Windows: Fixed extraneous .tmp files when saving
    * Vintage: Improved behavior of visual line mode with word wrapped lines


Build 3055
----------
Release Date: 19 November 2013


    * Added image preview when opening images
    * Encoding and line endings are displayed in the status bar
    * Linux: Fixed a menu hiding issue
    * Find in Files will no longer block when FIFOs are encountered


Build 3054
----------
Release Date: 16 October 2013


    * Fixed incorrect title bar in new sessions
    * Auto complete now works as expected in macros
    * Vintage: A block caret is now used
    * Linux: Fixed menu hiding not restoring correctly at startup
    * Linux: Fixed incorrect underscore display in some menus


Build 3053
----------
Release Date: 30 August 2013


    * Ctrl+Tab ordering is stored in the session
    * Fixed an atomic save file permission regression for newly created files
    * When the last file is closed, a new transient file is created automatically
    * Linux: Added menu hiding
    * API: Window.open_file now accepts an optional group parameter


Build 3052
----------
Release Date: 23 July 2013


    * API: Calling Settings.add_on_change() from within a settings change callback won't cause the added callback to be run
    * Fixed a crash in 3050


Build 3050
----------
Release Date: 22 July 2013


    * Fixed a crash regression in 3049
    * Minor improvements to Python syntax highlighting


Build 3049
----------
Release Date: 19 July 2013


    * Tab scrolling now works with mouse wheels
    * Changed tab close behavior: the neighboring tab is now always selected
    * Linux: Fixed incorrect handling of double clicks in the Find panel
    * Windows: Fixed hidden attribute regression in 3048 when atomic_save is disabled
    * Fixed a crash related to tab scrolling
    * API: Plugins may now call Settings.clear_on_change() within a callback from Settings.add_on_change()


Build 3048
----------
Release Date: 10 July 2013


    * Added tab scrolling, controlled by the enable_tab_scrolling setting
    * Automatically closing windows when the last tab is dragged out
    * Added minimap_scroll_to_clicked_text setting
    * Improved error messages when unable to save files
    * font_options is now case insensitive
    * Posix: Fixes new files being created with unexpected permissions
    * Windows: SSE support is no longer required for 32 bit builds


Build 3046
----------
Release Date: 26 June 2013


    * API: Supporting a distinction between Python modules and packages, to ensure relative imports work as expected


Build 3045
----------
Release Date: 25 June 2013


    * Windows: Fixed plugin overriding


Build 3044
----------
Release Date: 24 June 2013


    * Improved handling of Python sub-package importing, fixing the delete from side bar regression


Build 3043
----------
Release Date: 21 June 2013


    * Deleted files are marked as dirty again
    * Fixed a regression when overriding the color scheme in syntax specific settings
    * Linux and OSX: atomic_save is adaptively disabled when it's not possible to preserve file permissions
    * API: Fixed settings objects getting invalidated too early with cloned views
    * API: Plugins in zip files are able to be overridden via files on disk


Build 3041
----------
Release Date: 14 June 2013


    * Fixed file change detection regression in 3040
    * Windows: Fixed a crash introduced in 3034


Build 3040
----------
Release Date: 13 June 2013


    * Fixed a crash on exit that could occur when hot_exit is disabled
    * Fixed a crash introduced in 3036
    * Windows: DirectWrite support uses the old path when drawing from a the text buffer
    * Windows: Auto updater supports updating from unicode paths
    * API: Added support for the termios module on Linux and OS X.


Build 3038
----------
Release Date: 9 June 2013


    * Fixed further regressions in 3036


Build 3037
----------
Release Date: 4 June 2013


    * Fixed a regressions in 3036


Build 3036
----------
Release Date: 4 June 2013


    * Fixed regressions in file change detection
    * Linux: Added support for High DPI, controlled by the GTK Text Scaling Factor
    * Windows: DirectWrite is enabled automatically in high DPI mode
    * OSX: Fixed context menus not working when the application is in the background


Build 3035
----------
Release Date: 17 May 2013


    * Restored Windows XP compatibility
    * Fixed an OSX crash
    * Fixed double closing of script tags


Build 3034
----------
Release Date: 16 May 2013


    * Improved file change detection
    * Windows: Added high DPI support
    * Graphics rendering ported to Skia from Cairo
    * HTML tag auto completion is better behaved in script tags
    * API: Fixed Selection.contains


Build 3032
----------
Release Date: 6 May 2013


    * Added setting always_prompt_for_file_reload
    * Pressing right in the Goto Anything overlay will open the selected file without closing the overlay
    * Improved handling of deleted files when restoring sessions
    * Linux: Fixed popup menu positioning
    * Windows: Fixed erroneous entries in system menu


Build 3031
----------
Release Date: 1 May 2013


    * Find panel has a drop down arrow to select previous items
    * Minor Auto Complete visual tweaks
    * API: Added view.show_popup_menu()
    * API: Added is_valid() method to view and window, to determine if the handle has been invalidated


Build 3030
----------
Release Date: 23 April 2013


    * Fixed crash introduced in 3029


Build 3029
----------
Release Date: 22 April 2013


    * Fix for rare crash
    * Telemetry is enabled by default for dev builds
    * Improved Minimap hover logic
    * Faster startup time


Build 3028
----------
Release Date: 16 April 2013


    * Fixed a regression in 3027


Build 3027
----------
Release Date: 15 April 2013


    * Fixed several rare crashes
    * Improved HTML completions when typing outside of tags
    * Fixed Close Tag not respecting self closing tags
    * Windows: Fixed auto updates not installing when the application is installed to a drive other than C


Build 3026
----------
Release Date: 10 April 2013


    * auto_find_in_selection defaults to false as intended
    * Fixed a sidebar regression in 3024
    * Windows: Fixed an 'Open in Sublime Text' regression introduced in 3024
    * Improved handling of packages with non-utf8 encoded .py files


Build 3025
----------
Release Date: 9 April 2013


    * Fixed some regressions in 3024
    * Added Paste from History
    * API: on_text_command and on_window command are now called when the menu is used
    * API: Added on_post_text_command and on_post_window_command


Build 3024
----------
Release Date: 8 April 2013


    * Semi-transient sheets are no longer shown in the OPEN FILES section of the side bar
    * Added setting 'auto_find_in_selection', for S2 style Find in Selection logic
    * Using Google Breakpad to automatically report crashes
    * Symlinks are followed by default in folders added to the side bar
    * PHP: Improved auto indenting for the alternative control syntax
    * "Remove all Folders from Project" now prompts to confirm
    * Deleting a file via the side bar will first close the corresponding view, if any
    * Update window will display properly even if the theme doesn't have rules for it
    * Windows: New style Open Folder dialogs are used on Vista and later
    * API: Added view.close()
    * API: Added sublime.get_macro()


Build 3023
----------
Release Date: 3 April 2013


    * New auto update system for Windows and OS X
    * Added telemetry. Telemetry is currently disabled by default, but will be enabled by default in future dev builds. It can be explicitly controlled with the enable_telemetry setting
    * API: Fixed a memory leak in plugin_host




Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.