Main » Articles » Web Hacking » Exploits and Vulenrablities

How to Hack websites using Symlink (Tutorial)
Today I will show you how to hack websites hosted on the server using symlink. I'm not going to explain what is symlink. So lets begin.


  • Shelled Website
  • Some php files which will help you to gain symlink.
  • To download them click here :- Click Here .

So now lets begin.

Firstly I want you to clear that it mostly works on Wordpress And Joomla sites only.

  • First open your shelled site and then make a new directory, of whatever name you want. Ex:- xyz .
  • Then in that directory upload the files which I have given you in upper section.
  • After that Click on -rw-r--r-- of .

  • Then from there change the value from 0644 to 0755 .

  • Then open the . In my case, to open, I'll go to .
  • Then you will see a box something like this.

  • Then leave this tab open. And then open nsuser.php. In my case the nsuser.php will be at
  • Then in that click on Eval.

  • After that there would be open a window something like this.

  • Then click on Go button.
  • After that you will see a list of text something like this, copy that.

  • After copying paste it to the box which you have opened early. And then click on Dapatkan Config!

  • Then go back to directory where you have upload all the files. In my case, it was 
  • In that directory you will get all the config files of the sites hosted on the server.
[Brief Note On Config Files :- Config Files are those which contains the database name and username, password also.]
  • Now you have done successfully.
You have now database name, username of database and also the password.
Now may be you have a question how to connect with database or where to put these credentials.

So lets begin:-

  • Now the file ida.php from where you have uploaded. In my case the ida.php file is in .
  • Now there would be a window open like this.

  • After that click on sql.
  • Then in Login - Type username
         Password - Type password
         Database - Type database name

  • Then click on double arrow ">>" button.
  • Now you are connected to database.
  • After that make a check mark in wp_user and then click on dump.

[Note:- There may be chances that the wp_user can renamed to another name, for example db_user etc.]

  • After that the dump.sql will saved at, where you have uploaded the previous files. In may case, the file dump.sql saved at .
  • So now lets open the dump.sql .
  • Boom !! now we have got the admin username, password and email.
  • Now use these credentials to login the admin panel.
But now you have the question where I put these credentials and how to know these credentials are of which site.
So now lets begin.

  • Copy the name of the db_user [which was found in the config file in .txt format]
  • Now in my case the  db_user is localbus_main.
  • Now again open the ida.php,and then go to under Symlink section, by clicking on the  Symlink.

  • After that click on Whole Server Symlink. Then there you a huge list of sites which are are hosted on the server.
  • Now then to find the site of which you got the credentials. Simply press ctrl+F then type your db_user name.
  • In my case the db_user is localbus,so i'll try to search localbus.

  • Now your targeted site is infront of the username. Now login to your targeted site and do what ever you want.
Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.08.17)
Views: 2243 | Comments: 3 | Rating: 3.7/3
Total comments: 3
0   Spam
3 kerj   (13.02.07 2:34 PM)
What about the etc/.config is not readable how can bypass it?

0   Spam
2 totom gabrielle   (12.11.02 3:18 PM)

0   Spam
1 mubeen   (12.09.02 11:41 AM)
what is shelled website??[color=red][size=19]

Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2018
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz