What is a symlink?
Well symlink stands for symbolic link or can also be called soft-link, and to best describe it for everyone out there it is like a shortcut in windows now to explain in a bit more detail imagine your on your desktop and you create a shortcut to "C:/" this is essentially like creating a symlink from "/home/userx/www/" to "/"
please note that a shortcut is not the same as a symlink. as windows does also support symlinking I only use them as a reference as they are similar and help explain it for those who may not understand otherwise.
i am making this tutorial for those who have shelled websites and they cant root server as not all linux boxes can be rooted , also we dont have exploits for all linux kernels.
so here i am gonna show you how to hack websites on a server using symlink ,
but first u will need a shelled website on that server ,thatn only u can do symlink without shell u cant do symlink.
1.) here is my shelled website
2.)now
here i am not gonna tell you to create two folders and then do symlink
here i will use automated symlink script which you can download from
here and upload on the shelled website.
Download Files from here
and this is how it will look
and now click on symlink bypass
if
it is able to read etc/passwd then u can do symlink on the server but
it is not always 100% sure that if it can read /etc pwd then server can
be symlinked.
now a days hostgator ,hostmonster,blue host ..etc servers are patched to symlink but others are still vulnerable.
3.) now our next step is to find the availbale wordpress and joomla websites on the same server so now we will click on this 
4.) for this tut i will be hacking a joomla site so it will look like this
these all domains which are under domain column are joomla websites on the server.
now as u can see i have my target website of joomla now i will click on config and
then i will be redirected to the symlink shotrcut link of the directories of the target website :D. config file contains the username and password of databse of that website.
5.)now copy these username an password from the config page
6.) now in this step you have to upload a database file on ur shelled website
download database file from the download link and upload on the webiste and then acess it will look like this now enter that username and passwrd which u just copied from above config page
and now login
7.)after login you will see this page now u are in databse of your target website bingo :P
8.)click on tables and then in tables u have to find user,admin table as you can see here
Well symlink stands for symbolic link or can also be called soft-link, and to best describe it for everyone out there it is like a shortcut in windows now to explain in a bit more detail imagine your on your desktop and you create a shortcut to "C:/" this is essentially like creating a symlink from "/home/userx/www/" to "/"
please note that a shortcut is not the same as a symlink. as windows does also support symlinking I only use them as a reference as they are similar and help explain it for those who may not understand otherwise.
i am making this tutorial for those who have shelled websites and they cant root server as not all linux boxes can be rooted , also we dont have exploits for all linux kernels.
so here i am gonna show you how to hack websites on a server using symlink ,
but first u will need a shelled website on that server ,thatn only u can do symlink without shell u cant do symlink.
1.) here is my shelled website
Download Files from here
and now click on symlink bypass
now a days hostgator ,hostmonster,blue host ..etc servers are patched to symlink but others are still vulnerable.
4.) for this tut i will be hacking a joomla site so it will look like this
these all domains which are under domain column are joomla websites on the server.
now as u can see i have my target website of joomla now i will click on config and
then i will be redirected to the symlink shotrcut link of the directories of the target website :D. config file contains the username and password of databse of that website.
5.)now copy these username an password from the config page
download database file from the download link and upload on the webiste and then acess it will look like this now enter that username and passwrd which u just copied from above config page
7.)after login you will see this page now u are in databse of your target website bingo :P
8.)click on tables and then in tables u have to find user,admin table as you can see here
9.) now click on data you will see the admin users data like id,username,password emailsetc now clcik on edit
10.)now you will
see username and password hash ..in this you can do two things the best
one is replace you password hash with that hash or try to decryt that
hash i got the decrypted hash on google so no i will know the admin and
password of the website its time to login.
11.)now goto target website login page
default adminlogin page for joomla is www.site.com/administrator
default adminlogin page for joomla is www.site.com/administrator
12.)Bingo now we hacked a website on that server now its time upload shell and deface.
this how we upload shell in jomla
goto>tools>template manger> click on any template>edit html now you will see this html code of template to edit.
this how we upload shell in jomla
goto>tools>template manger> click on any template>edit html now you will see this html code of template to edit.
13.)now paste your shell's source code here in here i will use 404.php WSO pv8 shell
which is available for u in download file.
which is available for u in download file.
after pasting code click on save
now go to shell directory www.site.com/templates/name_template/index.php
here is our shell
here is our shell
14.)now i will enter my password in shell then login to shell bingo website pwned and now u can deface it
this is how you will hack all the website on same server using symlink .
website which u can hack
joomla
wordpress(wp-config)
website which u can hack
joomla
wordpress(wp-config)
v-bulletin forums
...etc
brother please tell me what is shelled site and how to find shelled site. thanks!
ReplyDeletePlease email me my email is 1mohammadarfa1@gmail.com
a site in which shell is uploaded
Delete