 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
access to all site in Server ? |
 |
 Posted: Fri Feb 22, 2008 10:52 pm |
 |
|
| kr0k0 |
| Advanced user |
 |
|
| Joined: Jan 26, 2008 |
| Posts: 128 |
|
|
|
 |
|
 |
|
Hello , i need a methode to access in all site in Server , if i have uploaded a shell in one of those ,
| Code: | Software: Apache. PHP/4.4.7
uname -a: Linux imu65 2.6.18.5_IMU-133 #1 SMP Tue Dec 12 18:58:01 CET 2006 i686
Safe-mode: OFF (not secure)
/home/www/d5d355ff902b56d601054049782647dd/web/ drwxrwsr-x
Free 12.73 GB of 59.43 GB (21.42%) |
 |
|
|
|
|
| Posted: Sat Feb 23, 2008 9:56 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Try to find apache httpd.conf.Inside you find full path's to other sites.When you find other path's just write in your shell
ls -al /home/user/site.com/public_html/ |
|
|
|
|
| Posted: Sun Mar 23, 2008 4:26 am |
|
|
| kieuanh |
| Regular user |
|
|
| Joined: Mar 22, 2008 |
| Posts: 23 |
|
|
|
|
|
|
|
find user in /etc/passwd,and find your victim you want,view their config file by some method like cat /home/user/www/config.php,if server is safe_mode,view via init_restore,curl,imapd,mbstring,sql read file,php include file,php readfile and etc....Get your database and do everything u can.If u can ,get root this server
 |
|
|
|
|
|
locate |
|
| Posted: Sat May 03, 2008 12:56 pm |
|
|
| maryam |
| Regular user |
 |
|
| Joined: May 03, 2008 |
| Posts: 7 |
|
|
|
|
|
|
|
try to decrypt /etc/passwd , if you can get root pass,
you can login with cpanel and root user, in there you can see list of all available sites in server and manage them  |
|
|
|
|
|
Re: locate |
|
| Posted: Sat May 03, 2008 1:17 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| maryam wrote: | try to decrypt /etc/passwd , if you can get root pass,
you can login with cpanel and root user, in there you can see list of all available sites in server and manage them |
Password's for ftp,.... etc is not in /etc/passwd don't write bullshitt here. |
|
|
|
|
|
Re: locate |
|
| Posted: Sun May 04, 2008 3:23 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| maryam wrote: | try to decrypt /etc/passwd , if you can get root pass,
you can login with cpanel and root user, in there you can see list of all available sites in server and manage them |
Also, /etc/passwd is not encrypted... |
|
|
|
|
| Posted: Sat Jun 07, 2008 6:43 pm |
|
|
| a3x |
| Beginner |
|
|
| Joined: Jun 07, 2008 |
| Posts: 4 |
|
|
|
|
|
|
|
| Yes, /etc/passwd or other method: read cpanel's logs (if there is one) |
|
|
|
|
www.waraxe.us Forum Index -> All other security holes
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 70
Members: 0
Total: 70
