How to Hack websites using Symlink (Tutorial)
|Today I will show you how to hack websites hosted on the server using symlink. I'm not going to explain what is symlink. So lets begin.|
- Shelled Website
- Some php files which will help you to gain symlink.
- To download them click here :- Click Here .
So now lets begin.
Firstly I want you to clear that it mostly works on Wordpress And Joomla sites only.
[Brief Note On Config Files :- Config Files are those which contains the database name and username, password also.]
- First open your shelled site and then make a new directory, of whatever name you want. Ex:- xyz .
- Then in that directory upload the files which I have given you in upper section.
- After that Click on -rw-r--r-- of config.pl .
- Then from there change the value from 0644 to 0755 .
- Then open the config.pl . In my case, to open config.pl, I'll go to http://www.example.com/xyz/config.pl .
- Then you will see a box something like this.
- Then leave this tab open. And then open nsuser.php. In my case the nsuser.php will be at http://www.example.com/xyz/nsuser.php.
- Then in that click on Eval.
- After that there would be open a window something like this.
- Then click on Go button.
- After that you will see a list of text something like this, copy that.
- After copying paste it to the config.pl box which you have opened early. And then click on Dapatkan Config!
- Then go back to directory where you have upload all the files. In my case, it was http://www.example.com/xyz/
- In that directory you will get all the config files of the sites hosted on the server.
You have now database name, username of database and also the password.
- Now you have done successfully.
Now may be you have a question how to connect with database or where to put these credentials.
So lets begin:-
[Note:- There may be chances that the wp_user can renamed to another name, for example db_user etc.]
- Now the file ida.php from where you have uploaded. In my case the ida.php file is in http://www.example.com/xyz/ida.php .
- Now there would be a window open like this.
- After that click on sql.
- Then in Login - Type username
Password - Type password
Database - Type database name
- Then click on double arrow ">>" button.
- Now you are connected to database.
- After that make a check mark in wp_user and then click on dump.
But now you have the question where I put these credentials and how to know these credentials are of which site.So now lets begin.
- After that the dump.sql will saved at, where you have uploaded the previous files. In may case, the file dump.sql saved athttp://www.example.com/xyz/dump.sql .
- So now lets open the dump.sql .
- Boom !! now we have got the admin username, password and email.
- Now use these credentials to login the admin panel.
- Copy the name of the db_user [which was found in the config file in .txt format]
- Now in my case the db_user is localbus_main.
- Now again open the ida.php,and then go to under Symlink section, by clicking on the Symlink.
- After that click on Whole Server Symlink. Then there you a huge list of sites which are are hosted on the server.
- Now then to find the site of which you got the credentials. Simply press ctrl+F then type your db_user name.
- In my case the db_user is localbus,so i'll try to search localbus.
- Now your targeted site is infront of the username. Now login to your targeted site and do what ever you want.
|Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.08.17)
|Views: 1831 | Comments: 3
| Rating: 3.7/3|
|Total comments: 3|
kerj (13.02.07 2:34 PM)
What about the etc/.config is not readable how can bypass it?
totom gabrielle (12.11.02 3:18 PM)
mubeen (12.09.02 11:41 AM)
what is shelled website??[color=red][size=19]