border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Sunday, May 29, 2011

How To Upload Shell And Deface – Tutorial

What we need:
1-A Shell (Will be provided)
2-A website vulnerable to SQLi
3-Image or File upload area on that Vulnerable website
So firstly download the shell here.
What is Shell ?
A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.
This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )
I am not going to explain SQLi just how to deface.
Sql Tut-
So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.
Now login to the admin page with the admin details you got.
Go through the admin page until you find a place where you can upload a picture (Usually a picture).
Now you have to upload the shell. Right if you don’t get an error it is all good.
Now to find the shell
Go through the site until you find any image and if you are using firefox Right
- Click on it and “Copy Image Location
Make a new tab and paste it there.
It will probably look something like this:
So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)
Now a page will come up looking like this:
igz03k How To Upload Shell and Deface   Tutorial
Does probably not look like that but will look similar.
Now you have access to all the files on the site
What you want to do is now,
Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.
Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.
Keep in mind:
• Change Admin Username and Password
•The people have FTP access so you need to change that Password too .
•Always use a Proxy or VPN

No comments:

Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More