190.27.245.106 - c99shell

!C99Shell v. 1.0 pre-release build #13!
Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\Windows\Temp\ drwxrwxrwx Free 4.13 GB of 39.52 GB (10.45%) Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ] Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!C99Shell v. 1.0 pre-release build #13!

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586

SYSTEM

Safe-mode: OFF (not secure)

C:\Windows\Temp\ drwxrwxrwx
Free 4.13 GB of 39.52 GB (10.45%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: reqproc_193556867.log (10.77 KB) -rw-rw-rw-
Select action/file-type:
(+) | (+) |

(+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = srvmGetEnvVar 
pRequest->sprvm_rexec_req_msg_num_args = 1 
pRequest->sprvm_rexec_req_msg_arg = PATH 
pRequest->sprvm_rexec_req_msg_arg[0] = PATH 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:21:14 
 Received a request from client srvmGetEnvVar
args[0] = PATH 	

writing <
 C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\; 
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=18528
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = sprvmGetInfo 
pRequest->sprvm_rexec_req_msg_num_args = 0 
pRequest->sprvm_rexec_req_msg_arg =  
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:29:26 
 Received a request from client sprvmGetInfo

writing <
  
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=18768, cbWritten=18768
Failure in WriteFile [234]
More data is available.


ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe 
pRequest->sprvm_rexec_req_msg_num_args = 2 
pRequest->sprvm_rexec_req_msg_arg = -getspaceavail 
pRequest->sprvm_rexec_req_msg_arg[0] = -getspaceavail 
pRequest->sprvm_rexec_req_msg_arg[1] = C:\Users\ADMINI~1\AppData\Local\Temp\1\ 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:29:26 
 Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe
args[0] = -getspaceavail 	
args[1] = C:\Users\ADMINI~1\AppData\Local\Temp\1\ 	
---Started new thread---
09/16/10 16:29:26 
Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe

Exe: exectask.exe, Path: C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\ 

args[0] = -getspaceavail 	
args[1] = C:\Users\ADMINI~1\AppData\Local\Temp\1\ 	
About to call spawn with cmd [C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe]

writing <
 <CV_VAL>22977986560</CV_VAL><CV_VRES>0</CV_VRES><CV_LOG>Exectask:getspaceavail success</CV_LOG><CV_ERES>0</CV_ERES>
 
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Windows\system32\acfsutil.exe 
pRequest->sprvm_rexec_req_msg_num_args = 1 
pRequest->sprvm_rexec_req_msg_arg = version 
pRequest->sprvm_rexec_req_msg_arg[0] = version 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:30:18 
 Received a request from client C:\Windows\system32\acfsutil.exe
args[0] = version 	
---Started new thread---
09/16/10 16:30:18 
Received a request from client C:\Windows\system32\acfsutil.exe

Exe: acfsutil.exe, Path: C:\Windows\system32\ 

args[0] = version 	
About to call spawn with cmd [C:\Windows\system32\acfsutil.exe]
Could not spawn process cmd [C:\Windows\system32\acfsutil.exe] sprvmps error [9]

writing <
  
 >

 ExeStat 1, Category 235 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Windows\system32\acfsutil.exe 
pRequest->sprvm_rexec_req_msg_num_args = 1 
pRequest->sprvm_rexec_req_msg_arg = version 
pRequest->sprvm_rexec_req_msg_arg[0] = version 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:31:20 
 Received a request from client C:\Windows\system32\acfsutil.exe
args[0] = version 	
---Started new thread---
09/16/10 16:31:20 
Received a request from client C:\Windows\system32\acfsutil.exe

Exe: acfsutil.exe, Path: C:\Windows\system32\ 

args[0] = version 	
About to call spawn with cmd [C:\Windows\system32\acfsutil.exe]
Could not spawn process cmd [C:\Windows\system32\acfsutil.exe] sprvmps error [9]

writing <
  
 >

 ExeStat 1, Category 235 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe 
pRequest->sprvm_rexec_req_msg_num_args = 2 
pRequest->sprvm_rexec_req_msg_arg = -getspaceavail 
pRequest->sprvm_rexec_req_msg_arg[0] = -getspaceavail 
pRequest->sprvm_rexec_req_msg_arg[1] = C:\Users\ADMINI~1\AppData\Local\Temp\1 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:31:20 
 Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe
args[0] = -getspaceavail 	
args[1] = C:\Users\ADMINI~1\AppData\Local\Temp\1 	
---Started new thread---
09/16/10 16:31:20 
Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe

Exe: exectask.exe, Path: C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\ 

args[0] = -getspaceavail 	
args[1] = C:\Users\ADMINI~1\AppData\Local\Temp\1 	
About to call spawn with cmd [C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe]

writing <
 <CV_VAL>22977912832</CV_VAL><CV_VRES>0</CV_VRES><CV_LOG>Exectask:getspaceavail success</CV_LOG><CV_ERES>0</CV_ERES>
 
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe 
pRequest->sprvm_rexec_req_msg_num_args = 1 
pRequest->sprvm_rexec_req_msg_arg = -getver 
pRequest->sprvm_rexec_req_msg_arg[0] = -getver 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:31:22 
 Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe
args[0] = -getver 	
---Started new thread---
09/16/10 16:31:22 
Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe

Exe: exectask.exe, Path: C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\ 

args[0] = -getver 	
About to call spawn with cmd [C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe]

writing <
 <CV_VRES>0</CV_VRES><CV_VAL>11.2.0.1.0.03_25_10</CV_VAL><CV_ERES>0</CV_ERES>
 
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe 
pRequest->sprvm_rexec_req_msg_num_args = 1 
pRequest->sprvm_rexec_req_msg_arg = -getmemory 
pRequest->sprvm_rexec_req_msg_arg[0] = -getmemory 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:31:23 
 Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe
args[0] = -getmemory 	
---Started new thread---
09/16/10 16:31:23 
Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe

Exe: exectask.exe, Path: C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\ 

args[0] = -getmemory 	
About to call spawn with cmd [C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe]

writing <
 <CV_VAL>4289658880</CV_VAL><CV_VRES>0</CV_VRES><CV_LOG>Exectask: Memory size retrieval was successful</CV_LOG><CV_ERES>0</CV_ERES>
 
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=67920, cbWritten=67920
ReadFile the pipe for req_info
Total bytes read for req_info=20
req_msg.sprvm_rexec_info.sprvm_info_version=3, SPRVM_VERSION=3
Reading new request format from the pipe
calling ReadFile...
Total bytes read by ReadFile=26724
pRequest->sprvm_rexec_info.sprvm_info_versio = 3 
pRequest->sprvm_rexec_req_msg_cmd = C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe 
pRequest->sprvm_rexec_req_msg_num_args = 1 
pRequest->sprvm_rexec_req_msg_arg = -getarchitecture 
pRequest->sprvm_rexec_req_msg_arg[0] = -getarchitecture 
pRequest->sprvm_rexec_req_msg_num_envs = 0 
09/16/10 16:31:24 
 Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe
args[0] = -getarchitecture 	
---Started new thread---
09/16/10 16:31:24 
Received a request from client C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe

Exe: exectask.exe, Path: C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\ 

args[0] = -getarchitecture 	
About to call spawn with cmd [C:\Users\ADMINI~1\AppData\Local\Temp\1\CVU_11.2.0.1.0_Administrator\exectask.exe]

writing <
 <CV_VRES>0</CV_VRES><CV_VAL>64-bit</CV_VAL><CV_LOG>Exectask: Architecture retrieval was successful</CV_LOG><CV_ERES>0</CV_ERES>
 
 >

 ExeStat 0, Category 0 

After call to WriteFile. totalWritten=67920, cbWritten=67920

:: Command execute ::
Enter:	Select:

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--