no more shell hacking via lava uploader!!!!!!!!!!

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
    #31
    ive gotten into peoples servers by renaming a shell scripts extension to some **** like file.nth/.sisx/.rb/.pl/.asp etc etc as long as the webservers mime-types recognizes these extensions as executables it will process the file as a php script no matter what
    best protection is having a secure apache.conf/httpd.conf file before implementing any htaccess **** and what not

    one way to do that is use mod_security and block the arrays scripts like c99shell and r57 shell use and next method is a simple program called bastille which secures the server be-it in a beginners way

    my site is exploitable but if anyone gets access via a shell script they cant do **** all as i have my hard drives on my server read only so no downloading, my dirs where my scripts are set to root user access only so the nobody/www-data users cant access my files and i use 15 digit alphanumeric passwords so brute force safe

    over the years running lavalair i have learnt so many lessons and this is the reason why my latest script hasn't been released by anyone

    anyhow in a nutshell server protection should be sorted from the basics, i.e apache/mysql config files and not solely relying on php workarounds

    Comment

      #32
      lol you can easily block all script shells being uploaded to your host like what i did in my site uploaders.all files with php as its file name will be detected and an autopm will be send to any online staffs to inform them that someone is trying to upload a file with php on its file name. The script ive used is manageable and you can add more file name to be block such as html, asp and so on depend on what you may want to

      Comment

        #33
        @author thanks for this

        Comment

          #34
          no probs im leaving lava script coding having a break network cracking is more fun on the backtrack4 os









          Dont Ask Me Dumb Questions.Or you'l get a Dumb Answer..
          Want A Profesional Logo or Theme For Your wap site Pm Me.If I Have The Time Ill Make It For Free

          Comment

            #35
            Dont Know Why Do People Are So Restless to hack Lavalair lolzz !!!

            Wel People Who want to Use a Secure Uploader Can Try The One Given .Its kinda Secure .Good Work ozzie .

            Also People Who Really Want tO Secure There Uploaders "DONT VALIDATE FORMS BY JUST LOOKING FILE EXTENSION" instead Validate "BYTE CODES" .Recompile Your PHP with mime_magic extension .This extension will scan the files to let know what really is the extension. Also Use Mod_security Rules To Null route uploading of certain php Shell through HTML FORMS.....Install a Good Anti malware Scanner to scan your uploads directory...Also Place the htaccess gievn in this uploader thats fine.


            ;-)

            Comment

              #36
              Originally posted by m4ster_v4 View Post
              Just use func auto rename.. Or one extension allow only.. And make sure link to download file secure.. So.. The public folder can't be define.. Simple ways..

              Put on uploader..
              $ext = getext($file_name);
              $name = explode(".",$file_name);
              $name_a = "".$name[0]."_ejatd29_com.".$ext."";

              so, something like this will happen.. Upload haha.php.shtml.html.jpg -> haha.jpg

              just take last extension as main extension.. So, no more double or more extension in one name.. Hehe..
              nice 1 n_n

              Comment

                #37
                i don't get it why you people still bother to replace file tags and so on ..

                upload your file via php to a secret folder and serve it via php file stream with headers like so


                PHP Code:
                <?php 
                ## request.php?id=1234

                if (empty($_GET['id'])){die();}
                ## only digit ids
                if (ctype_digit($_GET['id'])){$id=$_GET['id'];}

                function                 fetch_htype($ext){
                if(                $ext=="mp3"){$header='Content-Type:  audio/mpeg';}
                else if(                $ext=="mp4"){$header='Content-Type:  audio/mp4';}
                else if(                $ext=="php"){$header='Content-Type:  text/plain';}
                else if(                $ext=="wav"){$header='Content-Type:  audio/x-wav';}
                else if(                $ext=="aac"){$header='Content-Type:  audio/aac';}
                else if(                $ext=="amr"){$header='Content-Type:  audio/amr';}
                else if(                $ext=="3gp"){$header='Content-Type:  video/3gp';}
                else if(                $ext=="zip"){$header='Content-Type:  application/zip';}
                else if(                $ext=="rar"){$header='Content-Type:  application/rar';}
                else if(                $ext=="gif"){$header='Content-Type:  image/gif';}
                else if(                $ext=="png"){$header='Content-Type:  image/png';}
                else if(                $ext=="bmp"){$header='Content-Type:  image/bmp';}
                else if(                $ext=="jpg"||$ext=="jpeg"){$header='Content-Type:  image/jpeg';}
                else if(                $ext=="mid"||$ext=="midi"){$header='Content-Type:  audio/midi';}
                else if(                $ext=="jad"){$header='Content-Type:  text/vnd.sun.j2me.app-descriptor';}
                else if(                $ext=="jar"){$header='Content-Type:  application/java-archive';}
                ## return header for unknown extension 
                else { $header='Content-Type: application/octet-stream';}
                return                 $header;}

                #selecting file path by id // sql query
                $open=mysql_fetch_array(mysql_query('SELECT * FROM files WHERE id='.$id.''));

                if (empty(                $open['path'])){die();}

                $file './'.$open['path'].''

                $path_parts pathinfo($file); 

                $ext=strtolower($path_parts['extension']);

                if (                file_exists($file)) {
                ## some browser don't get the file name with space tags so we add this ...
                $filename=str_replace(array('?','!','(',')',' ','%20'),'_',basename($file));

                header('Content-Disposition: attachment; filename='.$filename.'-'.mt_rand(100,98989).'.'.$ext);
                header('Content-Description: File Transfer');
                header('Content-Transfer-Encoding: binary');
                header('Cache-Control: must-revalidate');
                header('Content-Length: ' filesize($file));
                header(fetch_htype($ext));
                header('Expires: 0');
                readfile($file);
                exit;

                }

                ?>
                #some hint
                you may upload the file to your server and move it to the folder with other extension like .upload and match+store the real extension in sql database .
                than use php to stream it like in the upper example ..
                Last edited by just_m3.; 08.03.13, 03:34.
                This is ten percent luck, twenty percent skill
                Fifteen percent concentrated power of will
                Five percent pleasure, fifty percent pain
                And a hundred percent reason to remember the name!

                Comment

                  #38
                  Uploading to secret folder does not helps or guarantees that ur safe from Shell attack . Instead find a method that will not allow to upload a shell .As i already said validate the bytes of the file

                  Comment

                    #39
                    Add htaccess file to upload folder with:

                    Code:
                    RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
                    <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                    Comment

                      #40
                      Originally posted by arnage View Post
                      Add htaccess file to upload folder with:

                      Code:
                      RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off

                      Dude No need of all Three Lines

                      The first Line will do nothing on Cpanel 11.34 versions.
                      The Second Line alone is safe it will make sure .php , .phtml .php3 extensions are treated as a text file
                      The Third line is enough it will turn off php parsing in the directory.

                      On my sites even if i give u uploader with all extensions allowed U will not be able to upload any type of malware/shell codes . I use mod_security to deal with such hack
                      Last edited by giant_hacker; 08.03.13, 11:10.

                      Comment

                        #41
                        Depending of server configuration without going in per case settings all three lines are necessary.
                        <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                        Comment

                        Previous 1 2 3 template Next
                        Working...
                        X