Archive for August, 2008

I was browsing the net today and a keyword popped up in my head, "Golden Axe". Golden Axe was an old game I remember playing when I was a kid. Google brought me to Abandonia, the lair of old (and abandoned) games.

When downloaded, I tried to run it using wine but presented with the following error;

shakir@anduril ~/gold $ wine GOLD.EXE
winevdm: unable to exec 'D:\shakir\gold\GOLD.EXE': DOS memory range unavailable

Someone suggested the following solution

shakir@anduril ~/gold $ sudo sysctl -w vm.mmap_min_addr=0
vm.mmap_min_addr = 0

But I still get the following error, because I’m using 64 bit Linux;

shakir@anduril ~/gold $ wine GOLD.EXE
wine: Cannot start DOS application "D:\\shakir\\gold\\GOLD.EXE"
      because vm86 mode is not supported on this platform.

In the end I decided to install dosbox, and things then run perfectly.

shakir@anduril ~/gold $ sudo apt-get install dosbox
shakir@anduril ~/gold $ dosbox GOLD.EXE

I recently published an the article Bypass CPanel's jailshell using PHP at TechRecipes. Feel free to read and comment at that site.

The article is about using simple HTML and PHP to execute Linux commands at the web hosting server. In shared webhosting environment, this can be very dangerous as it can be used to do malicious acts such as stealing other user's web application configuration file, probably containing passwords and other informations.

I was doing some work with many terminals open, and in one terminal I typed the following to access my MySQL databases;

$ mysql -u root

and I’ve been granted access, as I don’t set any password for my local MySQL account. I was somehow surprised however when I run the following command

mysql> show databases;

as I’ve been presented with many databases, maybe hundreds of them, and with that I realize something is not right somewhere. Upon checking, I found out that I was accessing the wrong server, and to my surprise again, it’s in my shared webhosting’s server.

When thinking creating rogue PHP scripts will let you do what your jailshell won’t let you do, this incident make me want to have a co-located server even more. I guess it’s a bad idea now to have all my shells to look the same when working with multiple terminals.