Here we upload a file to victim website and that file will help us to deface it
These files called Shells..Basicly Shell is a PHP file.When we run that php file on a sever it will give us some permissions like delete files or upload files..Shells can do lot of things
The problem is how we going to upload it to victims sever??
here we can do some basic things to upload it..
As we are just going to learn or understand this we select a website that let us to upload files to the sever.Some websites use scripts to upload files..So users or Admin can upload files easily.And we can use the same method.
Now we search for those upload scripts using google..Use this dork to search
inurl:upload.php
So google will search for upload.php files.here we go..We got some sites .. select one
Most sites will let you upload images..
Actualy we can’t upload our shell as shell.php..Coz most of upload scripts will not let you to upload php,,But you can upload it as some othe file..Like image file
Rename your shell.php file to shell.php.gif
or you can just use any image format
After uploading search the uploaded file..Most sites will show you the uploaded image.So you wil see a blank image as you just uploaded a php script , not a image..
How ever find the path to the uploaded file.If the site shows the uploaded image then right click on it and “copy image url”..then paset in your browser and pess enter,,,this will load your image..
In this case it will load your shell…
In some severs this will not work..But try some diferent web sites..shell will load up in some severs..
The importent things to remember is that you should rename your shell as shell.php.gif
And you should find the right image path..I mean the direct path.. likehttp://www.site.com/images/
if you can’t see the uploaded file find it by browsing folders.
First try the image folder http://www.site.com/images
Like that type some folder names and try to find out..Or just use your brain
0 comments:
Post a Comment