 |
| http://newsofcrime.blogspot.com/ |
NOTE : I don't take any responsibility for your actions. This was written for instructional functions solely ! conjointly pitying my dangerous english !
Hello Friends Iam Leet008
Today i am going to attempt to facilitate begginer webhackers by teaching them a way referred to as symlink.
What is symlink ?
Symlink may be a technique employed by hackers to browse files from alternative users on a UNIX system server, solely by employing a php-shell.
So what can we need to begin the tutorial :
Requirements :
- a phpshell uploaded during a UNIX system server (Safe MODE = OFF )
- a target website
- basic phpshell & UNIX system data
- a brain !
Let's begin by the tutorial.
Where to urge a target, if you simply have a phpshell uploaded during a UNIX system server that has some sites ?
It's easy , 1st get the IP of the server.
Then attend bing.com and search like that :
Code:
ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the IP adress of the server , and 'vbulletin', you'll amendment to a reputation of a forum package or a CMS you would like as a target. except for this instance i am going to take vBulletin.
OK , currently we tend to got the target website , let's suppose that its name is mytarget.com and it uses vBulletin forum package.
Now starts the important hacking !
Go to your phpshell , and within the 'Execute command' field , execute there that command :
Code:
ls -la /etc/valiases/mytarget.com
By death penalty this command , i am going to get the name of the user (on the UNIX system server) that keeps the web site mytarget.com.
It ought to come with a result the same as that :
>>>>>>>-rw-r--r-- one target mail twenty eight might twenty eight 2011 /etc/valiases/mytarget.com
The red coloured piece is that the user of mytarget.com on the server.
So in our case the username is 'target'
Many folks understand that the configuration file of vBulletin script ,can be found in /includes/config.php.
This is the file we want to browse in our case , so as to urge access at our target website.
How will we tend to browse that file ?
Simple , execute that command on the shell :
Code:
ln -s /home/target/public_html/includes/config.php symlink.txt
As you'll see, we're writting the content of config.php , into symlink.txt file.
After you execute the command , you'll se a brand new file referred to as symlink.txt.
Open it and w00t !! You with success browse the configuration file (symlinked).
Now , simply get associate degree MySQL instrumentation script coded in PHP , and login with the small print you get from configuration file of your target.Then at the admin table, get the admin's hash and crack it , or better , amendment the admin's email you yours , so do a forgot word at mytarget.com
And then you with success can get full access in your target website !
That was all ,very straightforward if you follow again and again. perhaps before long i will be able to build a video tutorial if you continue to did not perceive , simply request the video tut within the comments , and that i can strive ASAP to form it for you !
Thanks for reading , -ThisGuys !
IF Any Problem Then Comment Us"'
Thank You To Join NewsofCrime We Try Will To Tech You
Thank You To Join NewsofCrime We Try Will To Tech You
No comments:
Post a Comment