I recently found this PHP script in my upload facility. It appears to be a version of the shell script c99.php,
but unfortunately for the would-be hacker, it doesn't appear to have had much effect on my site.
Of course, I could be wrong. It's entirely possible that they managed to get root access, put in a backdoor or two, and left the c99 script behind - to make me think they hadn't managed anything untoward at all.
And this sneaky sneaky person is now just biding their time..
Or maybe not.
Check out the source here: C999.php
If you don't know what the c99 shell script is, it's a script that allows access to pretty much everything on the hacked server. The user may add, delete, rename, change file permissions - and do many other exciting things - to their heart's content. Featuring a relatively lovely looking interface, it's actually a pretty useful tool for web developers (or at least those who care nothing about security). Needless to say, I don't have a working copy anywhere on my site. I'm not *that* lazy.
You may notice that the script appears to be an early version. If you really want to try this thing out (on your own, preferably private server,) I suggest you get the latest version from somewhere. Google for it. Or try [
this link]. And my version doesn't seem to be quite finished either, it probably took too long to upload and cut the last few lines off, cos my site was so slow.
Update - July 2010
Since writing the above, I have received a couple more hack scripts, and look forward to many more. This is one rather nice c99 script. It was encrypted, but I have decrypted it for your hacking pleasure. There's a bit of a funny story behind this one, but unfortunately I cannot disclose it just yet
due to security issues.
Here's an interesting DDoS script… While it's admittedly very clever, the language was just atrocious, so I censored the naughty words. Now you can, like, show it to your kids and stuff.
And who names a function 'f*** you', anyway? Honestly.
Update - April 2011
I have received a whole lot more scripts via my upload facility… enjoy!
Some encrypted script, probably just c99.
Fx29Shell. I hadn't come across this shell script before receiving one uploaded to my site.
Remote Tiga-Lima Shell access. This script accesses the tiga-lima shell at another URL and processes it at the current location. Pretty simple but quite clever.
The Tiga-Lima Shell itself. For use if the remote version doesn't work. Coded by chandra35.
Another encrypted script, possibly also c99.
g00nshell v1.3 presented by [g00n]FiSh.
One more encrypted shell script, this one by Mr.HiTman.
Another entirely new shell (at least to me anyway). I haven't managed to find any info on this one, but it is quite fascinatingly different to most of the other scripts I already have. This one is nicely spaced, well commented and has the openingncurly brackets at the end of the same line as each conditional. I like it!
Tryagshell v1.3. By 1dt.w0lf.
Another encoded n3tshell, by ibllezboy
A C102 shell, encoded and decoded. By EGY-MaF!4
Another new shell, malware free apparently! This one was uploaded with a silly deface page.