Hello friends!!!
I have not written this article despite i am sharing this because i think it will be helpful to those who upload their shells on target but it does not execute.
NOTE: I am not responsible for what you do with this information.
How to Upload a Shell
First of all, when uploading a shell, you MUST be able to problem solve. Some of the techniques I have compiled in this guide aren't exactly easy for most of you.
I am separating this guide into steps, and sometimes, this won't always work. In fact, most of the time (If the coder was that bright at all), these techniques will NOT work. So don't go posting away about it not working for you on one site..
First though, you need some form of upload script. I don't care if it's a public upload script, or one off an admin page.
Step 1
First off, try the shell with the regular php extension. I've seen this work for admin panels a lot of the time, because the coder doesn't think anyone but the site admin will be messing with it.. He doesn't stop to think about security.
Step 2
If step 1 doesn't work, you're going to have to try different extensions that also execute php on most servers. These would include .php2, .php3, .php4, .php5, .phtml, .htm (rare cases), .html (rare cases), and no extension at all (rare cases). Also, you can attempt using a null to make it work.
Examples:
Code:
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg%:
shell.php.jpg;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Step 3
Now on to step 3, it seems that step 2 didn't work for you. Sometimes, (now this is occasional), the file extensions it will accept are in the source of the page itself.. this is most common for java uploaders and similar. So to check for this, obviously view the source of the page and check it over for anything that looks like file extensions. If you do find any, you are going to want to use a tool like Firebug (Addon for Firefox), to edit the source to include the extension "php".
Step 4
Next, maybe the script is just blocking the .php, .php2, .php3, ect. scripts from being uploaded. The best way to counter-act this is to upload a .htaccess file. Go into notepad or w/e and paste this in:
Code:
AddType application/x-httpd-php .shell .other .jpg .gif .png .mov .pdf
Then upload the shell with one of those extensions. It should execute as php even with the wierd extension.
Step 5
Last but not least, is the header modification trick. This one is a little complicated (Will add pics in a min..) To do this, you need something like the Tamper Data addon for Firefox. In this example, I'll use that addon. What you want to do is after you attempt to send the post data, tamper the data before it sends. Then you will want to scroll through the raw data until you find the header data.. let's say our header is Application/Data... you would want to change that to something appropriate to the scripts intended purpose, like Image/Jpeg for an image upload script.
That concludes a guide for how to upload a shell for now, will add more to it later, enjoy!
happy hacking :))
I have not written this article despite i am sharing this because i think it will be helpful to those who upload their shells on target but it does not execute.
NOTE: I am not responsible for what you do with this information.
How to Upload a Shell
First of all, when uploading a shell, you MUST be able to problem solve. Some of the techniques I have compiled in this guide aren't exactly easy for most of you.
I am separating this guide into steps, and sometimes, this won't always work. In fact, most of the time (If the coder was that bright at all), these techniques will NOT work. So don't go posting away about it not working for you on one site..
First though, you need some form of upload script. I don't care if it's a public upload script, or one off an admin page.
Step 1
First off, try the shell with the regular php extension. I've seen this work for admin panels a lot of the time, because the coder doesn't think anyone but the site admin will be messing with it.. He doesn't stop to think about security.
Step 2
If step 1 doesn't work, you're going to have to try different extensions that also execute php on most servers. These would include .php2, .php3, .php4, .php5, .phtml, .htm (rare cases), .html (rare cases), and no extension at all (rare cases). Also, you can attempt using a null to make it work.
Examples:
Code:
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg%:
shell.php.jpg;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Step 3
Now on to step 3, it seems that step 2 didn't work for you. Sometimes, (now this is occasional), the file extensions it will accept are in the source of the page itself.. this is most common for java uploaders and similar. So to check for this, obviously view the source of the page and check it over for anything that looks like file extensions. If you do find any, you are going to want to use a tool like Firebug (Addon for Firefox), to edit the source to include the extension "php".
Step 4
Next, maybe the script is just blocking the .php, .php2, .php3, ect. scripts from being uploaded. The best way to counter-act this is to upload a .htaccess file. Go into notepad or w/e and paste this in:
Code:
AddType application/x-httpd-php .shell .other .jpg .gif .png .mov .pdf
Then upload the shell with one of those extensions. It should execute as php even with the wierd extension.
Step 5
Last but not least, is the header modification trick. This one is a little complicated (Will add pics in a min..) To do this, you need something like the Tamper Data addon for Firefox. In this example, I'll use that addon. What you want to do is after you attempt to send the post data, tamper the data before it sends. Then you will want to scroll through the raw data until you find the header data.. let's say our header is Application/Data... you would want to change that to something appropriate to the scripts intended purpose, like Image/Jpeg for an image upload script.
That concludes a guide for how to upload a shell for now, will add more to it later, enjoy!
happy hacking :))
Great Artical (Y)
ReplyDelete"Nice and good article.. it is very useful for me to learn and understand easily.. thanks for sharing your valuable information and time.. please keep updating.php jobs in hyderabad.
ReplyDelete"