shell bypass 403
UnknownSec Shell
:
/
usr
/
lib
/
systemd
/
portable
/
profile
/
default
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
service.conf
# The "default" security profile for services, i.e. a number of useful restrictions [Service] MountAPIVFS=yes TemporaryFileSystem=/run BindReadOnlyPaths=/run/systemd/notify BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/etc/resolv.conf BindReadOnlyPaths=/run/dbus/system_bus_socket DynamicUser=yes RemoveIPC=yes CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER \ CAP_FSETID CAP_IPC_LOCK CAP_IPC_OWNER CAP_KILL CAP_MKNOD CAP_NET_ADMIN \ CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_SETGID CAP_SETPCAP \ CAP_SETUID CAP_SYS_ADMIN CAP_SYS_CHROOT CAP_SYS_NICE CAP_SYS_RESOURCE PrivateTmp=yes PrivateDevices=yes PrivateUsers=yes ProtectSystem=strict ProtectHome=yes ProtectKernelTunables=yes ProtectKernelModules=yes ProtectControlGroups=yes RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 LockPersonality=yes MemoryDenyWriteExecute=yes RestrictRealtime=yes RestrictNamespaces=yes SystemCallFilter=@system-service SystemCallErrorNumber=EPERM SystemCallArchitectures=native
© 2024 UnknownSec