Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Sunday, July 05, 2015
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 22
TeamSpeak Online : 5 Members Online: 0

Registered Members: 89028
Newest Member: Letsrock
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Author

Chmod Understandings

shadowls
You Like this!



Posts: 841
Location:
Joined: 07.12.06
Rank:
God
Posted on 31-08-14 18:37
Hello HBH'er's I am a little dumbfounded on the way chmod works on a particular server. Lets say that i have a server running on someone's else server. My first question is am i considered the owner or am i a user?


And now my second question is. Lets say I want to chmod this folder to that when a user is accessing the page, he gets access denied while the page can still be access as a 3rd party page. Is that even possible?


for example.

www.google.com/images
I want to chmod that folder but make the files inside that folder only accessible through 3rd party via iframe.


If you think my post are useful to you, please vote for them. Thank You


knowledge is powerful itself - SHADOWLS


i41.tinypic.com/mjwz7t.jpg

Made by:agentmax69, but remastered by: KvK


Coffee
None None
Author

RE: Chmod Understandings

Mordak
Evil Sorcerer



Posts: 605
Location: England
Joined: 01.01.70
Rank:
God
Posted on 31-08-14 19:29
shadowls wrote:
Lets say that i have a server running on someone's else server. My first question is am i considered the owner or am i a user?


Is your server running as a VM ? If so you should have ROOT and that would mean you are the owner. If you don't have ROOT then i would say you are a user on that box.

shadowls wrote:
And now my second question is. Lets say I want to chmod this folder to that when a user is accessing the page, he gets access denied while the page can still be access as a 3rd party page. Is that even possible?


I would just use a htaccess file to limit the rights on the folder. You might run into Cross Origin Resource Sharing (CORS) by using an IFrame.

Edited by Mordak on 31-08-14 19:32
http://developers.hellboundhackers.org
Author

RE: Chmod Understandings

MrCyph3r
Member



Posts: 769
Location:
Joined: 09.08.14
Rank:
God
Posted on 01-09-14 23:11
For the first question it entirely depends on how the server you are connected to is configured... you may be the root of a virtual machine, you may be jailed in a particular chroot environment or you may be a regular user with permissions on your home or web root directory.

The answer to the second question is yes, it is possible... and there are different possible implementations.
In my opinion the best way to keep private, per-user or sensitive files inaccessible by a direct HTTP request is to put them in a separate folder out of web root directory, this way the web server cannot serve those files to the user for obvious reasons.
Unfortunately in some cases (depending on permissions, as on your first question) you can't do that, and so your best chance is to specify file/folder access directives to the web server, via configuration files (main config files or .htaccess).
If you use .htaccess file, as suggested by Mordak, you can prevent HTTP requests on files (by regex or filename), basically blocking communications.

Order deny,allow
Deny for all

Using this method you will still be able to read your files via code.

References (assuming that you are using apache):
Apache config for Directory (for main config only): http://httpd.apac. . .#directory
Apache config for Files: http://httpd.apac. . .html#files

Edited by MrCyph3r on 01-09-14 23:24
Author

RE: Chmod Understandings

elmiguel
Member



Posts: 165
Location: Your Computer
Joined: 12.12.07
Rank:
God
Posted on 02-09-14 21:13
I would suggest to use the Apache config file over htaccess when all possible and have it load on run and not have it "module" loaded. This will avoid path directive clashing and is a little more secure than having it served via a file.

ROOT is always owner, but sudo is as well, if you are apart of sudoers or wheel you can do sudo chmod [options] [file[s]]


In your config if you do
Code

Order Deny,Allow
Deny from All
All from xxx.xxx.xxx.xxx





where the xxx.xxx.xxx.xxx is the third party ip adress, such as a vender you can limit to whom has access


The philosophy of one century is the common sense of the next. -Fortune Cookie

I would like to thank a few friends that I have made here that helped me and deserve to be mentioned:
System_Meltdown, Futility, nvrlivenvrdie, Mastergamer, TrueHacker, S1L3NTKn1GhT, Reelix, ynori7, Demons Halo, kryptor

oh and

Mordak, my long lost brother from across the pond!

elmiguel.site90.com/Avatar.png
<script>alert('XSS');</script>