Thứ Sáu, 7 tháng 2, 2014

Bypass Linux Server Security

[#]Method 1:

open_basedir bypass Shell above "open_basedir" values are used to confine the directory in which the server owner php users. Allows us the chance to bypass the mistakes made in these settings.

Open_basedir: / home / username :/ usr / lib / php :/ usr/php4/lib/php :/ usr / local / lib / php :/ usr/local/ php4/lib/php :/ tmp

Open_basedir values as shown in the example php4 support. Shell is extension "shell.php4" When upload by changing the php server on server 4 version can be captured and Safe Mode, OFF will be located.

[#]Method 2:

Cgishell to run the command with Safe mode off if written in the language of perl cgi-telnet Shell setting chmod 0755 after upload to your server and run it. Unblocked cgi script to invoke a server is not even in a situation like that.

[#]Method 3:

Index Of / On Server directory Jump to____As is known, the current servers, safe mode, disable functions even take elements such as files, usually forbidden Assam error. In such cases, by means of tool that I Index of / open directory server with the user you want to bypass the config file.

Rar file after the upload server on the command line, type tar root root.tar.gz open the compressed file server. Then delete the name of the shell above the current url den / c1/1/home/k.adı/public_html / making the switch to writing.

[#]Method 4: Ln-b with the File Pull___

Ln-s command given permission restrictions on some server Ln-b command, the command is not forgotten, and in such cases;

ln - help command, then ln-b /home /user/public_html /config.php file boy.txt can take any form.

[#]Method 5: Symlink the file to read___

#! / Usr / bin / perl-w
use File :: Copy;
copy ("/home /victim /public_html /includes /config.php", "/home/youruser/public_html/boy.txt");

[#]Method 6: DirectoryIndex Bypass Forbidden___
make ".htaccess"

DirectoryIndex new

Then retrieve configs like this : ln -s /home/user/public_html/config.php new
If you have a small perl script This can take the target file.

Không có nhận xét nào:

Đăng nhận xét