Results 1 to 7 of 7

Thread: PHP safe-mode bypass? Share/Save - My123World.Com!

  1. #1

    Question PHP safe-mode bypass?

    I am penetration testing on dummy website and i succesfully uploaded Backdoor but later i found that PHP safe-mode is enable so can we bypass PHP safe-mode?

  2. #2
    Certainly yes, see if you can upload the PHP.ini on the same path as the shell file located.

    Upload php.ini with following settings.
    Code:
    safe_mode = Off
    There one more way where you can try - Upload .htaccess file with "php_value safe_mode off" (without quote)

    I hope this helps you.
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3

    Question Safe-mode

    Quote Originally Posted by [s] View Post
    Certainly yes, see if you can upload the PHP.ini on the same path as the shell file located.

    Upload php.ini with following settings.
    Code:
    safe_mode = Off
    There one more way where you can try - Upload .htaccess file with "php_value safe_mode off" (without quote)

    I hope this helps you.

    Thank you for your reply.
    I tried both method but nothing happened.

  4. #4
    I'm assuming that you're not doing anything illegal, so:
    - can you read the (www/nobody=uid) files inside the filesystem?
    for example: php.ini in the main webserver directory?

    - is there any chroot/jail/can-you-check-it?

    - ps aux please (maybe there is an old mysql if you're telling that this is a 'dummy' websrv)

    - back to reading files, grep them for juicy info like passwords/hostaddresses/logins/paths.

    good luck.

  5. #5
    I'm assuming that you're not doing anything illegal, so:
    - can you read the (www/nobody=uid) files inside the filesystem?
    for example: php.ini in the main webserver directory?

    - is there any chroot/jail/can-you-check-it?

    - ps aux please (maybe there is an old mysql if you're telling that this is a 'dummy' websrv)

    - back to reading files, grep them for juicy info like passwords/hostaddresses/logins/paths.

    - let us know more about the backdoor you used. is it yours/publicly available (so we can check the source)?

    good luck.

  6. #6
    Name:  g4h-err.jpg
Views: 488
Size:  64.0 KB

    hi, I see the are few errors on the forum. fyi.

  7. #7
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Hi enlil,

    So what error do you see?

    Thanks
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •