Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
How to bypass system and socket_create restriction in php for tty Shell spawn
Posted by: xc0r3
Date: May 16, 2011 02:56AM

Hello!

I am facing this problem ! While pentesting I was able to upload a webshell onto the server. The problem is that the webshell isnt able to BIND a shell or even connect back to my box running netcat. Even if I want to telnet to my box it doesnt connect.

What my analysis is that system() and socket_create() is blocked by the server.

My question! How can I bypass it to get a tty shell !! ??

Please Help !!!

Options: ReplyQuote
Re: How to bypass system and socket_create restriction in php for tty Shell spawn
Posted by: lightos
Date: May 16, 2011 04:36PM

http://pentestmonkey.net/tools/php-findsock-shell/

Options: ReplyQuote
Re: How to bypass system and socket_create restriction in php for tty Shell spawn
Posted by: VMw4r3
Date: May 16, 2011 09:53PM

For backconnect I'd normally use:

ZoRBaCK Connect Back Shell:
[packetstormsecurity.org]

Or uplaod

<?php include("$_GET[d]"); ?>

And connect using fimap.

Options: ReplyQuote
Re: How to bypass system and socket_create restriction in php for tty Shell spawn
Posted by: xc0r3
Date: May 17, 2011 07:21AM

Thanx for the help guys ! But the thing is that fsockopen is also not allowed on the remote machine !! I have been running my own shell using almost the same method but it gives an fsockopen not allowed ! :(

Options: ReplyQuote
Re: How to bypass system and socket_create restriction in php for tty Shell spawn
Posted by: morlaffo
Date: May 17, 2011 01:15PM

I suggest you to use weevely , you can found it at http://code.google.com/p/weevely/ . Here the developer website http://disse.cting.org/ . It probes up to 9 system()-like function, and simulates complete tty console with command history.



Edited 1 time(s). Last edit at 05/17/2011 01:16PM by morlaffo.

Options: ReplyQuote
Re: How to bypass system and socket_create restriction in php for tty Shell spawn
Posted by: xc0r3
Date: June 20, 2011 04:18AM

Thank you so much for all the help !! I really appreciate it !

Options: ReplyQuote


Sorry, only registered users may post in this forum.