Bypass Linux Server Security

Method 1; open_basedir bypass

Shell above "open_basedir" values are used to confine the directory in which the server owner php users. Allows us the chance to bypass the mistakes made in these settings.

Open_basedir: / home / username :/ usr / lib / php :/ usr/php4/lib/php :/ usr / local / lib / php :/ usr/local/php4/lib/php :/ tmp

Open_basedir values as shown in the example php4 support. Shell is extension "shell.php4" When upload by changing the php server on server 4 version can be captured and Safe Mode, OFF will be located.


Method 2; Cgishell to run the command with

Safe mode off if written in the language of perl cgi-telnet Shell setting chmod 755 after upload to your server and run it. Unblocked cgi script to invoke a server is not even in a situation like that.

Method 3, Index Of / On Server directory Jump to

As is known, the current servers, safe mode, disable functions even take elements such as files, usually forbidden Assam error. In such cases, by means of tool that I Index of / open directory server with the user you want to bypass the config file.


Rar file after the upload server on the command line, type tar root root.tar.gz open the compressed file server. Then delete the name of the shell above the current urlden / c1/1/home/k.adı/public_html / making the switch to writing.

Method 4, Ln-b with the File Pull

Ln-s command given permission restrictions on some server Ln-b command, the command is not forgotten, and in such cases;

ln - help command, then ln-b / home / user / public_html / config.php file oku.txt can take any form.

Method 5; Symlink the file to read

#! / Usr / bin / perl-w

use File :: Copy;

copy ("/ home / victim / public_html / includes / config.php", "/ home / youruser / public_html / oku.txt");

If you have a small perl script This can take the target file.


#By Mauritania Attacker

https://www.facebook.com/mauritanie.forever