Symlink bypass is one of the method where instead of hacking directly a WordPress or Joomla website, the attacker hacks some other website on the same server and somehow uploads the shell. The attacker then extracts the target host’s database details and through some simple MySQL interface, successfully connects to that website.
Actually, the home directory on the server can only be accessed by a root level user. However, with symlink bypass we can touch files inside home directory. So this gives access to those file which we aren’t even permitted to see.
For some reasons, I could not provide with the regular demo snaps. Though, I have a nice video demo here, showing how exactly its done. Credits to Cat-DevilCode and Atom Mota!.
You can download the needed files from [HERE].
Disclaimer: This is for educational purpose and to make you aware of the scenarios of various different security breaches. The administrator or the authors of memberdotmy will not be responsible for any misuse of this post.
credit to : thecybersaviours
Comments
0 comments to "Symlink Bypass Tutorial"
Post a Comment