TrickLife - We'll show you how!
Username:
Password:
Welcome to the tricklife.com forum. Here you can meet other members and chat about whatever you want - anything goes. There are always active discussions with many members posting, so check it out!

Go Back   TrickLife Forums > Tips and Tricks
Reload this Page How To Bypass 403 Error.

Reply
 
Thread Tools Display Modes
Old 03-11-2008, 06:49 PM   #1
Senior Member
 
Join Date: Sep 2007
Posts: 516
Default How To Bypass 403 Error.
OK, this tutorial is for ppl like me who use an alternative way of searching for things on internet, EXMPL: instead of typing: www.ubuntu.com/iso, I would go this way: " index of /ISO/Ubuntu " So this way i get into the website from the backdoor and have unrestricted search + i can download things that normally i would have to authenticate to get them.
But, sometimes the Website is restricted to only members and everytime u clic on something , gives you this error: ACCESS DENIED, ERROR 403.
Wel now i will show you how to bypass that error:

You come to a site, you find a directory, you see the contents of the directory. The only problem? The contents of that directory take you to a 403 authentication-based error.

Your scenario at a visual perspective :

www.Site.com/* * * * * * * * * * * * * * >> Accessible
www.Site.com/Directory* * * * * * * * >> Accessible
www.Site.com/Directory/file.exe* * *>> Restricted Access

I guess some of you know that you can bypass this through SSI includes, but that's only if there's a form somewhere in the site that will allow you to input data. If that was the case, you could just use a simple include such as

Code:
<!--#exec cmd="ls"-->

if the server is running linux, or
Code:

<!--#exec cmd="dir"-->

if the server is running windows.
(Of course, you'd need to tunnel through the directory to get the file, such as by using
Code:

<!--#exec cmd="ls /Directory/Files.exe"-->

)

BUT
What if there's no vulnerable form? What if there's nowhere to input SSI strings?

Basic URL tunneling is your friend here. Many of you are aware that the string "/../" means to move back a directory (and if you didn't, now you do).
Well, the "/./" string is simply translated as staying within the current directory. It's almost useless; why would you want to use a string to stay in the current directory... if you're already there?


Because, silly, most Authentication-based 403 errors are restricted to block access to the specific URL. It's not anticipating a request such as "/./", because that's just redundant - no one would use it.
Except for you, that is.

To bypass the 403 error in the most simplest of cases, the following format should be used :

www.Site.com/Directory/./File.exe

It's an unexpected request, but one which means the exact same thing. You're basically tricking the file manager, because the directory "/./" shouldn't be blocked. Therefore, the file that comes after that shouldn't be blocked, as well. Unless the file is actually given permissions through FTP, cPanel, etc.

I won't go into too much detail. Just know that, unless permissions are chmod-based, this method should be fine.

HAPPY HACKING
ghostdog is offline   Reply With Quote
Old 03-11-2008, 07:04 PM   #2
Senior Member
 
Join Date: Feb 2008
Posts: 1,706
Default
nice very nice. It really makes sense, you'd actually have to know what your doing to think of something like that so most likely its overlooked
__________________

If I could re-arrange the alphabet, I would spell out hateful messages and laugh at those offended.

I AM Sæbjörn Bearcrusher RAWR!!
youtookmyname is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:22 PM.

Contact Us - TrickLife - Archive - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.