How To Upload Shell and Deface Website – Tutorial
What we need:
1-A Shell (Will be provided)
2-A website vulnerable to SQLi
3-Image or File upload area on that
Vulnerable website
Vulnerable website
So firstly download the shell here.
http://www.mediafire.com/?u440ustsz6a4vc3
http://www.mediafire.com/?u440ustsz6a4vc3
What is Shell ?
A shell script is a script written for
the shell, or command line
interpreter, of an operating system.
It is often considered a simple
domain-specific programming
language. Typical operations
performed by shell scripts include
file manipulation, program
execution, and printing text.
This is a plain c99 shell, BUT it is
Undetected so you should not get a
warning from a anti virus if you
download it. (update: not
Undetected anymore )
I am not going to explain SQLi just
the shell, or command line
interpreter, of an operating system.
It is often considered a simple
domain-specific programming
language. Typical operations
performed by shell scripts include
file manipulation, program
execution, and printing text.
This is a plain c99 shell, BUT it is
Undetected so you should not get a
warning from a anti virus if you
download it. (update: not
Undetected anymore )
I am not going to explain SQLi just
how to deface.
Sql Tut- http://cyberattacker147.blogspot.com/2014/04/manual-sql-injection.html?m=1
Sql Tut- http://cyberattacker147.blogspot.com/2014/04/manual-sql-injection.html?m=1
So now go get yourself a vulnerable
site, hack it and get the Admin
Login details and get the Admin
Page address.
Now login to the admin page with
the admin details you got.
Go through the admin page until
you find a place where you can
upload a picture (Usually a picture).
site, hack it and get the Admin
Login details and get the Admin
Page address.
Now login to the admin page with
the admin details you got.
Go through the admin page until
you find a place where you can
upload a picture (Usually a picture).
Now you have to upload the shell.
Right if you don’t get an error it is
all good.
Right if you don’t get an error it is
all good.
Now to find the shell
Go through the site until you find
any image and if you are using
firefox Right
- Click on it and “Copy Image
Location”
Make a new tab and paste it there.
It will probably look something like
this:
http://www.example.com/images/photonamehere.jpg
Go through the site until you find
any image and if you are using
firefox Right
- Click on it and “Copy Image
Location”
Make a new tab and paste it there.
It will probably look something like
this:
http://www.example.com/images/photonamehere.jpg
So now that we know that change
“/photonamehere.jpg” to “/
c99ud.php.jpg” (Without Qoutes)
Yaha ki pic sab se niche he ok
Does probably not look like that but
will look similar.
Now you have access to all the files
on the site
“/photonamehere.jpg” to “/
c99ud.php.jpg” (Without Qoutes)
Yaha ki pic sab se niche he ok
Does probably not look like that but
will look similar.
Now you have access to all the files
on the site
What you want to do is now,
Find index.php or whatever the
main page is, and replace it with
your HTML code for your Deface
Page.
Then you can either delete all the
other files OR (and I recommend
this) Let it redirect to the main
page.
Find index.php or whatever the
main page is, and replace it with
your HTML code for your Deface
Page.
Then you can either delete all the
other files OR (and I recommend
this) Let it redirect to the main
page.
Keep in mind:
• Change Admin Username and
Password
•The people have FTP access so
you need to change that Password
too .
• Change Admin Username and
Password
•The people have FTP access so
you need to change that Password
too .
•Always use a Proxy or VPN
Enjoy
~~~jaii hoo~~~
Now a page will come up looking
like this:
like this:
