Linux permissions - how would someone outside the server write to a writeable file?

Posted on 2012-08-16
Last Modified: 2012-08-17
Let's say I've got a Linux-based server running Apache, and I have a file in the webroot of the site called "monkeybutt.txt" with permissions set to 777.

So monkeybutt.txt is world-writeable. But how would someone without SSH/FTP/etc. access to the server actually write to it?
Question by:IanJBlackburn
    LVL 23

    Expert Comment

    You are asking how to hack a website, I do not believe we are able to provide you with this information according to Experts Exchange policy.

    But I can tell you if the file is world readable someone can download it by simply going to the url:

    Author Comment

    I'm asking how someone could hack my website so I can prevent that sort of thing.

    I'll rephrase the question: Without SSH, FTP, or other filesystem-level access to the server, is it possible to write to a world-writable file in a website's root directory? Not asking how, just asking if someone could.
    LVL 58

    Accepted Solution

    Judging by your question history I doubt its for hacking and if you were able to hack a server you would know how to do this.
    If they have ftp then usually you can just right click and select edit.
    In SSH you would
    vi monkeybutt.txt
    nano monkeybutt.txt

    Read your question wrong. You cannot change the file contents remotely.
    If someone wants to hack your server they will normally install 'software' that allows them to change file contents, permissions etc so they can do it remotely.

    Author Comment

    Thanks, right, I do know how to edit a file if I have filesystem access. I was just wanting to know if someone could edit a file without SSH/FTP/etc. access.

    (just saw your edit - thanks, that's exactly what I was trying to figure out!)
    LVL 39

    Expert Comment

    You can try to PUT a file to the webserver. Esp. if it is writeable by the webserver this can work.
    [ default query is GET, and POST is mostly used to upload data, with forms & mime specification ]
    if you need a tool for this look for cURL @ ]

    Author Comment

    Thanks for the info - I'll look into that.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now