admin panel hacking uploading shell and deface
HELLO I AM ADEEL ABBASI FROM AZAD KASHMIR( VILLEGE )GORHI.
Now a days my friends asking how to crack C panel and how to upload a
shell to site and rooting of server on i am explaining with my pals
first you need to hack cpanel via MySQL injection i have a great tool of MySQL injection is havij
i write detail of havij and how it register
Instructions
1.Run Havij.exe
2. Once it opens you will see register..
3. Click Register
Make sure you are connected to the internet
4. Under Name:
You write: Cracked@By.Exidous
5. Under File:
You select the folder where you are currently running the Havij program from and select Havij Key
6. Done....
Download :
Mediafire
Or
4shared
Or
ziddu
Steps To Register : (Screen Shots)
:
Now click in the "Analyze"
Then
It shows some messages there....Be alert on it and be show patience for
sometime to find it's vulernable and type of injection and if db server
is mysql and it will find database name.Then after get it's database is
name like xxxx_xxxx
In that Just put mark username and password and click "Get data"
now you get the admin panel
now time to upload the shell in the site
first you need to hack cpanel via MySQL injection i have a great tool of MySQL injection is havij
i write detail of havij and how it register
Free Download : Havij 1.15 pro Final
Instructions
1.Run Havij.exe
2. Once it opens you will see register..
3. Click Register
Make sure you are connected to the internet
4. Under Name:
You write: Cracked@By.Exidous
5. Under File:
You select the folder where you are currently running the Havij program from and select Havij Key
6. Done....
Download :
Mediafire
Or
4shared
Or
ziddu
Steps To Register : (Screen Shots)
:
First Find a sqli infected site .Now here i found a vulernable site
Now Let's start
Open havij and copy and paste infected link as shown in figure
Now click in the "Analyze"
Then
It shows some messages there....Be alert on it and be show patience for
sometime to find it's vulernable and type of injection and if db server
is mysql and it will find database name.Then after get it's database is
name like xxxx_xxxx
Then Move to another operation to find tables by clicking "tables" as
figure shown.Now click "Get tables" Then wait some time if needed
After founded the tables ,you can see there will be "users" Put mark
on it and click in the " get columns " tab as shown in figure
In that Just put mark username and password and click "Get data"
Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure...
now you get the admin panelnow time to upload the shell in the site
How to Excute/Acess your .jpg Shell
find any uploading option in website. Sometimes the website will block .php extension
so you have to upload it in .jpg format.
First open your shell with notepad and then Save As and change the extension to one of these
shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
If you did not find any option for uploading files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. Just add this code in
after Getting admin Panel,if you can't upload .php directly upload it with modified extensions as I stated above.
After uploading, find the directoey where your fle uploaded,
example if you uploaded it in images then it will be in http://website/images/shell.php
Sometimes simple extension hiding will not work so you have to use one addon for firefox Live HTTP Headers,
Install it and then hide shell extension, go to the upload section. Open Live HTTP Headersand upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpgextension into the .php. So as we uploaded the shell and opened the Live HTTP Headersyou should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
After that you have to find once again the same line of code which shows that you have uploaded shell.
So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.
It will take you to the shell, and if it does not then you will have to find manually where shell has been uploaded and go to that link.
Note : This doesn't work for every website but working in mostly websites
First open your shell with notepad and then Save As and change the extension to one of these
shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
If you did not find any option for uploading files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. Just add this code in
after Getting admin Panel,if you can't upload .php directly upload it with modified extensions as I stated above.
After uploading, find the directoey where your fle uploaded,
example if you uploaded it in images then it will be in http://website/images/shell.php
Sometimes simple extension hiding will not work so you have to use one addon for firefox Live HTTP Headers,
Install it and then hide shell extension, go to the upload section. Open Live HTTP Headersand upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpgextension into the .php. So as we uploaded the shell and opened the Live HTTP Headersyou should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
After that you have to find once again the same line of code which shows that you have uploaded shell.
So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.
It will take you to the shell, and if it does not then you will have to find manually where shell has been uploaded and go to that link.
Note : This doesn't work for every website but working in mostly websites
No comments:
Post a Comment