Symlink is a method to reference other files and folder on Linux, in order to make linux work faster. Symlink Bypassing is a hacking technique used to gain unauthorized access to folders on a server. Using this technique an hackers are able to hack multiple sites on a shared web hosting service.
First of all download the symlink shells needed from here
http://www.ziddu.com/download/21028469/symlink.rar.html
Now there you will get 2 shells named dbman.php (Database Manager n00b!) and
sym.php (the main tool auto symlinker
Now you should have a shelld site of course
Now upload both shells in any writeable directory
Next step is to open both shells (Open in different tabs)
Now goto sym.php and click on user and domains it'll list you all sites on dat server also after opening you'll get to see symlink option now choose any site and symlink
(If you select the domains and script option it'll list you all wp, joomla, vbulletin etc sites on d server)
Find the config file on d site you symlinked and read it you'll see sumthing like this:----
/** MySQL database username */
define('DB_USER', 'csseguid_nauqri');
/** MySQL database password */
define('DB_PASSWORD', 'qwe0345**');
/** MySQL hostname */
define('DB_HOST', 'localhost');
Now after reading config.php file u got the sites database username and pass
next we will login using dat credentials into our database manager shell
after logging in just find the admin table and change d pass to your own md5 hash
nw u have reset d admins pass to your own ;0 go and login into the site admin panel
Database config files locations:
vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php Phpbb -- /config.php
Php Nuke -- /config.php Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php
Post a Comment