Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
[HELP] bypass safemode
Posted by: TopSaT13
Date: March 19, 2011 02:43PM

hi member's
i hav shell on secure server
many function was desabled by SEcurity
but i can't bypass it
info: PHP Version 5.2.15
desable fontions :
Code:
symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshel ​ larg,escapeshellcmd,posix_getgid,virtual,posix_getgrgid,dl,set_time_limit,exec,p ​ close,proc_nice,proc_terminate,proc_get_status,pfsockopen,leak,apache_child_term ​ inate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,hypot,pg_h ​ ost,pos,posix_access,posix_getcwd,posix_getservbyname,myshellexec,getpid,posix_g ​ etsid,posix_getuid,posix_isatty,posix_kill,posix_mknod,posix_setgid,posix_setsid ​ ,posix_setuid,posix_times,posix_uname,ps_fill,posix_getpwuid,global,ini_restore, ​ zip_open,zip_read,rar_open,bzopen,bzread,bzwrite,apache_get_modules,apache_get_v ​ ersion,phpversionphpinfo,php_ini_scanned_files,get_current_user,error_log,disk_t ​ otal_space,diskfreespace,leak,imap_list,hypo,filedump,gethostbyname,safe_mode,ob ​ _clean,getmygid,php_uname,apache_getenv,apache_setenv,bzread,bzwrite,posix_acces ​ s,bzopen,phpini,highlight_file,show_source,sscanf,dos_conv,get_current_user,get_ ​ cwd,error_log,cmd,e_name,vdir,get_dir,only_read,copy,getmicrotime,float,shver,c9 ​9sh_surl,timelimit,surl_autofill_include,gzinflate,ln

and suhosin.executor.func.blacklist:
Code:
dl,system,passthru,exec,popen,proc_close,proc_get_status,proc_nice,proc_open,pro ​ c_terminate,shell_exec,escape,shellcmd,pclose,pfsockopen,chgrp,debugger_off,debu ​ gger_on,leak,listen,define_syslog_variables,ftp_exec,posix_uname,posix_getpwuid, ​ get_current_user,getmyuid,getmygid,apache_child_terminate,posix_kill,posix_mkfif ​ o,posix_setpgid,posix_setsid,posix_setuid,pfsockopen,chgrp,debugger_off,debugger ​ _on,leak,listen,define_syslog_variables,ftp_exec,posix_uname,posix_getpwuid,get_ ​ current_user,getmyuid,getmygid,apache_child_terminate,posix_kill,posix_mkfifo,po ​ six_setpgid,posix_setsid,posix_setuid,escapeshellarg,getservbyport,getservbyname ​ ,myshellexec,escapeshellarg,symlink,shell_exec,exec,proc_close,proc_open,popen,s ​ ystem,dl,passthru,escapeshellarg,escapeshellcmd,posix_getgid,posix_getgrgid,dl,e ​ xec,pclose,proc_nice,proc_terminate,proc_get_status,pfsockopen,leak,apache_child ​ _terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,hypot ​ ,pg_host,pos,posix_access,posix_getcwd,posix_getservbyname,myshellexec,getpid,po ​ six_getsid,posix_getuid,posix_isatty,posix_kill,posix_mknod,posix_setgid,posix_s ​ etsid,posix_setuid,posix_times,posix_uname,ps_fill,posix_getpwuid,global,ini_res ​ tore,bzopen,bzread,bzwrite,apache_get_modules,apache_get_version,phpversionphpin ​ fo,php_ini_scanned_files,get_current_user,error_log,disk_total_space,diskfreespa ​ ce,leak,imap_list,hypo,filedump,gethostbyname,safe_mode,getmygid,php_uname,apach ​ e_getenv,apache_setenv,bzread,bzwrite,posix_access,bzopen,phpini,dos_conv,get_cu ​rrent_user,get_cwd,error_log,cmd,e_name,vdir,get_dir,only_read

any one can help me or hav bypasser??
thanks.

Options: ReplyQuote
Re: [HELP] bypass safemode
Posted by: SunTzu
Date: January 07, 2012 06:19PM

did you try bypassing with php.ini ?

Options: ReplyQuote
Re: [HELP] bypass safemode
Posted by: Skyphire
Date: January 13, 2012 07:31PM

If you really need help when you already got a shell...well. Sorry but that's kind of lazy. Think, and if you don't find anything, create something, be creative. Only that way you'll learn. But if you look at the list it says what you cannot do. I see a couple of things that you can do that aren't on those two lists, but it's better to learn how to fish instead of giving you the fish.

Options: ReplyQuote


Sorry, only registered users may post in this forum.