This is a basic methode we can use to deface websites.
Here we upload a file to victim website and that file will help us to deface it
These files called Shells..Basicly Shell is a PHP file.When we run that php file on a sever it will give us some permissions like delete files or upload files..Shells can do lot of things
The problem is how we going to upload it to victims sever??
here we can do some basic things to upload it..
As we are just going to learn or understand this we select a website that let us to upload files to the sever.Some websites use scripts to upload files..So users or Admin can upload files easily.And we can use the same method.
Now we search for those upload scripts using google..Use this dork to search
inurl:upload.php
So google will search for upload.php files.here we go..We got some sites .. select one
Most sites will let you upload images..
Actualy we can't upload our shell as shell.php..Coz most of upload scripts will not let you to upload php,,But you can upload it as some othe file..Like image file
Rename your shell.php file to shell.php.gif
or you can just use any image format
After uploading search the uploaded file..Most sites will show you the uploaded image.So you wil see a blank image as you just uploaded a php script , not a image..
How ever find the path to the uploaded file.If the site shows the uploaded image then right click on it and "copy image url"..then paset in your browser and pess enter,,,this will load your image..
In this case it will load your shell...
In some severs this will not work..But try some diferent web sites..shell will load up in some severs..
The importent things to remember is that you should rename your shell as shell.php.gif
And you should find the right image path..I mean the direct path.. like http://www.site.com/images/upload/shell.php.gif
if you can't see the uploaded file find it by browsing folders.
First try the image folder http://www.site.com/images
Like that type some folder names and try to find out..Or just use your brain
Here are some shells.. these are the most common shells in use..
link-http://www.mediafire.com/?yl1inzliudz
---------------------------------------------------------------------------------------------------------------------------
Aliter method
first download my shell collection frm here http://goo.gl/mFy8......
In Admin Panel you will search categories or anything where you can upload a file or picture.
When you found, you will download shell from the website i told...now try to upload your shell like: r57.php when you upload it you will see the link of the upload and open it like this...... http://sql-vuln-site.com/uploa
If can't upload r57.php change it to r57.jpg.php or r57.txt and try!
You need to make a deface page in html and put in the website so you open the shell looks like this image:
regards
~shubham h4ck3r
Saturday, September 18, 2010
Uploading Shell and Add Deface
0
0 comments:
Post a Comment