|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 110
Members: 0
Total: 110
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Tips & tricks |
|
Posted: Fri Nov 12, 2004 4:31 pm |
|
|
ReFleX |
Active user |
|
|
Joined: Nov 05, 2004 |
Posts: 39 |
Location: ARGENTINA! |
|
|
|
|
|
|
Ok, I thing to open a topic about Tip & tricks about REmote file Inclusion. Just to put some Things you can do.
Ok, I start....
I were working around with Remote FIle Inclusion, I thing that on the most important thing is to get the code of webpages to find some bugs. Yo can open the pages (fopen) and then just echo, but whe can use de funcion system(<command>); to execute command in the server with the right of the webserver.
So if you make a php script like this
If in the webserver you find some path that have permissions to create files you can simple use tar to compile all the files in one and then download it from http
Code: |
tar -cf <to> <from>
eg:
tar -cf /home/user/public_htm/cgi-bin/bakcup.tar /etc/
// that will make one file .tar with all the files of the directory /etc
|
the you just put http://victim.com/cgi-bin/backup.tar
When you finsish its good to erase all the files you create so you can execute
Code: |
rm /home/user/public_htm/cgi-bin/bakcup.tar
|
Ok!, I hope this could help someone, and all the people that have some ideas just post it so we all learn new things |
|
|
|
|
|
|
|
|
Posted: Wed Mar 30, 2005 2:24 am |
|
|
Mo7oRoL |
Beginner |
|
|
Joined: Mar 11, 2005 |
Posts: 2 |
Location: isreal |
|
|
|
|
|
|
|
|
|
|
Posted: Fri Apr 01, 2005 12:19 pm |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Its been a while since I seen something with dragon ball in the title....... That was that kids program right? |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Fri Apr 01, 2005 1:42 pm |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
very good shell men, only add bypass safemode and is pefect good |
|
|
|
|
Posted: Fri Apr 01, 2005 2:28 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Fri Apr 01, 2005 5:11 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
OMG! What a good shell!!!!!
The shell I'm making sucks so much compared with this one!
I leave my project.... ..... |
|
|
|
|
Posted: Sat Apr 02, 2005 12:48 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
LINUX wrote: |
very good shell men, only add bypass safemode and is pefect good |
yes, ithink so..
so mony options .. great |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Tue Apr 12, 2005 5:32 pm |
|
|
JrasA |
Beginner |
|
|
Joined: Apr 12, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
There's one thing i could understand...
in that dragonball site,
the permission u have buy exploiting the phpnuke system of this site,
is www/wwwrun, which means u have low access rights.
so i got to understand.
how did u upload that PHP shell file.
i couldn't upload anything, not even something that i might use to gain root priviliges...
so... HOW? |
|
|
|
|
Posted: Wed Apr 13, 2005 3:53 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
It could be his site? Or its been patched since? |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Wed Apr 13, 2005 12:23 pm |
|
|
hebe |
Advanced user |
|
|
Joined: Sep 04, 2004 |
Posts: 59 |
|
|
|
|
|
|
|
where we could download this shell i couldn't f,nd a link of dragon shell |
|
|
|
|
Posted: Wed Apr 13, 2005 1:01 pm |
|
|
murdock |
Advanced user |
|
|
Joined: Mar 16, 2005 |
Posts: 54 |
|
|
|
|
|
|
|
Just download it using the shell file manager! |
|
|
|
|
www.waraxe.us Forum Index -> Remote file inclusion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|