Sunday, December 6, 2020

Simple Ways to Bypass PHP Disable Functions

 Maybe you have experienced this before you've uploaded a shell but target PHP = On Disable Function = entre2v2, gzuncompress, symlink, gzinflate, str_rot13, exec, system, passthru, shell_exec, escapeshellarg, escapeshellcmd, proc_close, proc_open, ini_alter, dl, popen, show_source .


It means that if so you can't do symlink, mass deface, etc. In accordance with what function is disabled, wow. 



Look at the picture above. The Disable Function is red " show_source, system, shell_exec, passthru, exec, popen, proc_open  ", well here I will explain how to bypass it so we can do what we want. Okay okay let's get started.
First, look for the folder whose permissions are  777 (rwx rwx rwx) When you've found you create a folder for the php.ini file, continue to edit the php.ini file and fill in the source code in the php.ini file as follows,

safe_mode = OFF
disable_functions = NONE


Then don't forget to save. 
Continue to the next step.
 You created the .htaccess file where you made the php.ini file earlier, in essence it is in one dir.
Then fill in the .htaccess file with the following source code,

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>


Then you save, and try to upload the file or just execute it. 

But if you are lazy to make manual methods like the one above,
here I have prepared the Bypass Disable Function tool. You can copy  here .

How to use it is quite easy.

The first thing you download is the tool, then upload it on your target website, it's up to you to upload it on which dir.

After that, all you have to do is click on the section that says " Please Click Here First  " then wait until the process is complete then try to refresh the page


If successful, the writing in the Desible Function section   will be none. After that it's up to you to disymlink kek or what it depends on you. 

That's all from me, hopefully it's useful.

No comments:

Post a Comment