Bypass safe mode

**xpleet** · 04-30-2009, 01:03 PM

Hey,
Is there a way to bypass safe mode on a linux server PHP/5.2.6 and the disable functions are :

copy,error_log,tempnam, copy, symlink, curl_init,posix_setuid escapeshellarg, hell-exec, fpassthru, exec, crack_checkcrack_closedict, crack_getlastmessage, crack_opendict, psockopen,php_ini_scanned_files, php_uname, phpinfo, dl, exec, shell_exec,system, passthru, popen, pclose, proc_open,proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,escapeshellcmd, escapeshellarg,Ini_Restore, phpinfo,SQL,id,CURL,copy,ini_restore,imap ,plugin ,posix_getpwuid

Any clue?
Thanks in advance.

**KMDave** · 04-30-2009, 01:56 PM

No clue what you are talking off, maybe you should explain what you have in mind a little bit better.

**xpleet** · 04-30-2009, 03:46 PM

I'm talking about safe mode in PHP

Code:

mediawiki.org/wiki/Safe_mode

and I'm looking for a function in PHP to read some files in the server.
Something like this way with copy()

Code:

securityreason.com/achievement_securityalert/37

Enjoy.. xpleet

**Barry** · 04-30-2009, 04:38 PM

Originally Posted by xpleet

I'm talking about safe mode in PHP

Code:

mediawiki.org/wiki/Safe_mode

and I'm looking for a function in PHP to read some files in the server.
Something like this way with copy()

Code:

securityreason.com/achievement_securityalert/37

Enjoy.. xpleet

WTF does this have to do with BackTrack?

**streaker69** · 04-30-2009, 04:41 PM

Did you consider contacting this guy:

Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com

He seems to know a lot about it.

**compaq** · 05-01-2009, 08:59 AM

$fp = fopen("dump.txt","r");
$dump=fread($fp.....maybe, 100);
flcose($fp);
echo "$dump"

Is this what you mean, as it doesn't use popen

**xpleet** · 05-01-2009, 06:39 PM

To Barry : I'm doing a penetration test and I'm asking a question in Pentesting section in the forum, if you don't know the answer DON'T REPLY or just say I don't know..
I think it's impossible to bypasse safe_mode in this conditions, because it restricts environment variables and there's too much functions disabled!

Enjoy.. xpleet

**Archangel-Amael** · 05-01-2009, 08:16 PM

Originally Posted by xpleet

To Barry : I'm doing a penetration test and I'm asking a question in Pentesting section in the forum, if you don't know the answer DON'T REPLY or just say I don't know..
I think it's impossible to bypasse safe_mode in this conditions, because it restricts environment variables and there's too much functions disabled!

Enjoy.. xpleet

It would have been a little bit better had you posted a bit more information at the beginning to help us figure out what it is you are trying to do.

**Barry** · 05-01-2009, 08:35 PM

Originally Posted by xpleet

To Barry : I'm doing a penetration test and I'm asking a question in Pentesting section in the forum, if you don't know the answer DON'T REPLY or just say I don't know..
I think it's impossible to bypasse safe_mode in this conditions, because it restricts environment variables and there's too much functions disabled!

Enjoy.. xpleet

I never said I didn't know the answer, I was just wondering why a middle school student was trying to hack a server.

BackTrack Linux - Penetration Testing Distribution

Thread: Bypass safe mode

Thread Tools

Search Thread

Display

Bypass safe mode

Posting Permissions