Best Symlink Method
Bypass Symlink 100%
Private Method
Hello my friends today i will
explain how to bypass any server
even the security is 100000000%
so this method is private but i
decided to make it public
So no need ".htaccess" or "ini.php"
or "php.ini" to bypass
First let me explain some tricks °_°
We know that php use html code ,
It's a language that can be
executed in the command line
So in linux System the users
privilege can execute many
command in php and we can
bypass the configuration .
As we know in the cpanel server
we have an option called "cron
job" in the control panel to
execute manycommands.
For example let's make a file
called file.php
CODE:
<?php
phpinfo();
?>
Secondly Go to the cpanel in the
server and select "cron job" and
add this command :
/usr/local/bin/php -d
open_basedir= /home/user/
public_html/file.php
As you can see : "/usr/local/bin/
php" It's the command line in php
for the user
Note: in some servers it's installed
in : "/usr/bin/php"
-d <<<< put the config you want to
execute in that file
open_basedir= <<<< here you put
open_basedir empty to Bypass
config in "file.php"
/home/user/public_html/file.php
<<< here is the path of php file
that you want to execute
Other Bypass example: /usr/local/
bin/php -d disable_functions= /
home/user/public_html/file.php
Advanced method :
Create a file example
"mauritania.php"
CODE:
#!/usr/local/bin/php -d
open_basedir=
<?php
phpinfo();
?>
Then just execute the file
Command: php mauritania.php
Another method to bypass is to
execute a perl file and you can
read the file easily !
CODE:
#!/usr/bin/perl
symlink ("/home/user/public_html/
config.php","/home/user/
public_html/test.txt");
So that mean that the admin
didn't run php as :
*CGI module
*SUPHP module .
*apache module.
*enable open_basedir and
safe_mode .
*"Chmod 000 /bin/ln"
=========>>> the perl file still
have the ability to create the links
hahaha
but even if the admin runs that
shit you still can bypass the
system perl is powerful
and if the admin try to disable "/
usr/bin/perl" and chmod it to
"0700" or less it will broke the
cpanel
As it requires to be at "0755" for
proper operations, since it is used
by customers as well when it
suexecinto the user when they log
into cPanel.
So we cannot change it to that
setting "700" , since it breaks the
entire system
*So as you learned today
"open_basedir" is the responsible
of the mobility between the
websites in the shell
So there is an option Called "Sec
info sometimes "Sec" depends of
the shell you are using
Example : C99 shell
We have this that mean that the
open base dir is disabled :
"Open base dir: /home/user:/usr/
lib/php:/usr/local/lib/php:/tmp"
Okey in some servers you can
bypass the security with jumping
method , some hackers use
php scanner to scan the whole
paths in the server °_° that is
wasting of time by putting
url before Linux : serverurl/~user/
folder/shell.php °_° very old :s
So i hope you understand now i
uploaded for you a simple tool to
bypass "Open Base_dir"
Bypass Symlink 100%
Private Method
Hello my friends today i will
explain how to bypass any server
even the security is 100000000%
so this method is private but i
decided to make it public
So no need ".htaccess" or "ini.php"
or "php.ini" to bypass
First let me explain some tricks °_°
We know that php use html code ,
It's a language that can be
executed in the command line
So in linux System the users
privilege can execute many
command in php and we can
bypass the configuration .
As we know in the cpanel server
we have an option called "cron
job" in the control panel to
execute manycommands.
For example let's make a file
called file.php
CODE:
<?php
phpinfo();
?>
Secondly Go to the cpanel in the
server and select "cron job" and
add this command :
/usr/local/bin/php -d
open_basedir= /home/user/
public_html/file.php
As you can see : "/usr/local/bin/
php" It's the command line in php
for the user
Note: in some servers it's installed
in : "/usr/bin/php"
-d <<<< put the config you want to
execute in that file
open_basedir= <<<< here you put
open_basedir empty to Bypass
config in "file.php"
/home/user/public_html/file.php
<<< here is the path of php file
that you want to execute
Other Bypass example: /usr/local/
bin/php -d disable_functions= /
home/user/public_html/file.php
Advanced method :
Create a file example
"mauritania.php"
CODE:
#!/usr/local/bin/php -d
open_basedir=
<?php
phpinfo();
?>
Then just execute the file
Command: php mauritania.php
Another method to bypass is to
execute a perl file and you can
read the file easily !
CODE:
#!/usr/bin/perl
symlink ("/home/user/public_html/
config.php","/home/user/
public_html/test.txt");
So that mean that the admin
didn't run php as :
*CGI module
*SUPHP module .
*apache module.
*enable open_basedir and
safe_mode .
*"Chmod 000 /bin/ln"
=========>>> the perl file still
have the ability to create the links
hahaha
but even if the admin runs that
shit you still can bypass the
system perl is powerful
and if the admin try to disable "/
usr/bin/perl" and chmod it to
"0700" or less it will broke the
cpanel
As it requires to be at "0755" for
proper operations, since it is used
by customers as well when it
suexecinto the user when they log
into cPanel.
So we cannot change it to that
setting "700" , since it breaks the
entire system
*So as you learned today
"open_basedir" is the responsible
of the mobility between the
websites in the shell
So there is an option Called "Sec
info sometimes "Sec" depends of
the shell you are using
Example : C99 shell
We have this that mean that the
open base dir is disabled :
"Open base dir: /home/user:/usr/
lib/php:/usr/local/lib/php:/tmp"
Okey in some servers you can
bypass the security with jumping
method , some hackers use
php scanner to scan the whole
paths in the server °_° that is
wasting of time by putting
url before Linux : serverurl/~user/
folder/shell.php °_° very old :s
So i hope you understand now i
uploaded for you a simple tool to
bypass "Open Base_dir"
No comments:
Post a Comment