find any uploading option in website. Sometimes the website will block .php extension
so you have to upload it in .jpg format.
First open your shell with notepad and then Save As and change the extension to one of these
shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
If you did not find any option for uploading files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. Just add this code in news
<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">
after Getting admin Panel,if you can't upload .php directly upload it with modified extensions as I stated above.
After uploading, find the directoey where your fle uploaded,
example if you uploaded it in images then it will be in http://website/images/shell.php
Sometimes simple extension hiding will not work so you have to use one addon for firefox Live HTTP Headers, Get Live firefox HTTP headers Here
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Install it and then hide shell extension, go to the upload section. Open Live HTTP Headersand upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live HTTP Headersyou should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
After that you have to find once again the same line of code which shows that you haveuploaded shell.
So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.
It will take you to the shell, and if it does not then you will have to find manually where shellhas been uploaded and go to that link.
so you have to upload it in .jpg format.
First open your shell with notepad and then Save As and change the extension to one of these
shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
If you did not find any option for uploading files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. Just add this code in news
<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">
after Getting admin Panel,if you can't upload .php directly upload it with modified extensions as I stated above.
After uploading, find the directoey where your fle uploaded,
example if you uploaded it in images then it will be in http://website/images/shell.php
Sometimes simple extension hiding will not work so you have to use one addon for firefox Live HTTP Headers, Get Live firefox HTTP headers Here
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Install it and then hide shell extension, go to the upload section. Open Live HTTP Headersand upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live HTTP Headersyou should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.
After that you have to find once again the same line of code which shows that you haveuploaded shell.
So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.
It will take you to the shell, and if it does not then you will have to find manually where shellhas been uploaded and go to that link.
0 comments:
Post a Comment