Thursday, December 5, 2013

How To Acess Your Shell In JPG

Some time a website have want only image extension
and shell is in PHP so how to upload

First open your shell with notepad and then Save As and change the extension to one of these


shell.php;.jpg shell.php.jpg shell.php..jpg shell.php.jpg shell.php.jpg: ;shell.php.jpg%; shell.php.jpg; shell.php.jpg; shell.php.jpg:;
If you did not find any option for uploading files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page.Just add this code in news
< meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page" >
after Getting admin Panel,if you can't upload .php directly upload it with modified extensions as I stated above. After uploading, find the directoey where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php Sometimes simple extension hiding will not work so you have to use one addon for firefox Live HTTP Headers, Get Live firefox HTTP headers Here https://addons.mozilla.org/en-US/fir...-http-headers/ Install it and then hide shell extension, go to the upload section. Open Live.HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpg extension into the.php. So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell.You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply. After that you have to find once again the same line of code which shows that you have uploaded shell.So when you find it select the extension you used to hide original.php.In my case it is .jpg (List of all these extension is given in this tutorial at the beginning).When you select it delete it so that we have only c100.php. And after that once again click on reply. It will take you to the shell, and if it does not then you will have to find manually where shell has been uploaded and go to that link. Note : This doesn't work for every website but working in mostly websites

0 comments:

Post a Comment

 

Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

 
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by TadPole
FOG FLAMES