Symlink a linux server by php shell
NOTE : we do not take any responsibility for your actions.
Today we’ll try to help beginners web hackers by teaching them a method called symlink.
Symlink is a method used by hackers to read files from other users on a Linux server, only by using a php-shell. So what do we require to start the tutorial :
Requirements :
– a phpshell uploaded in a Linux server (Safe MODE =OFF )
– a target site
– basic phpshell & Linux knowledge
– a brain ! :p
– a phpshell uploaded in a Linux server (Safe MODE =OFF )
– a target site
– basic phpshell & Linux knowledge
– a brain ! :p
Let’s start by the tutorial. 
Where to get a target, if you only have a phpshell uploaded in a Linux server that has some sites ? It’s easy , first get the IP of the server.
Where to get a target, if you only have a phpshell uploaded in a Linux server that has some sites ? It’s easy , first get the IP of the server.
Then go to bing.com and search like that :
Code:
ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the IP address of the server , and ‘vbulletin’, you can change to a name of a forum software or a CMS you wish as a target. But for this example we’ll take vBulletin.
ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the IP address of the server , and ‘vbulletin’, you can change to a name of a forum software or a CMS you wish as a target. But for this example we’ll take vBulletin.
OK , now we got the target site , let’s suppose that its domain name is mytarget.com and it uses vBulletin forum software.
Now starts the real hacking !
Go to your phpshell , and in the ‘Execute command’ field , execute there that command :
Go to your phpshell , and in the ‘Execute command’ field , execute there that command :
Code:
ls -la /etc/valiases/mytarget.com
By executing this command , we’ll get the name of the user (on the Linux server) that keeps the website mytarget.com.
ls -la /etc/valiases/mytarget.com
By executing this command , we’ll get the name of the user (on the Linux server) that keeps the website mytarget.com.
It should return with a result similar to that :
>>>>>>>-rw-r–r– 1 target mail 28 Jan 23 2015 /etc/valiases/mytarget.com
>>>>>>>-rw-r–r– 1 target mail 28 Jan 23 2015 /etc/valiases/mytarget.com
The red colored piece is the user of mytarget.com on the server. So in our case the username is ‘ target ‘ Many of us know that the configuration file of vBulletin script ,can be found in /includes/config.php.
This is the file we need to read in our case , in order to get access at our target site.
How can we read that file ?
Simple , execute that command on the shell :
Simple , execute that command on the shell :
Code:
ln -s /home/target/public_html/includes/config.php symlink.txt
As you can see, we’re writing the content of config.php , into symlink.txt file.
ln -s /home/target/public_html/includes/config.php symlink.txt
As you can see, we’re writing the content of config.php , into symlink.txt file.
After you execute the command , you will see a new file called symlink.txt. Open it and w00t !! You successfully read the configuration file (symlinked).
Now , just get an MySQL connector script coded in PHP , and login with the details you get from configuration file of your target. Then at the admin table, get the admin’s hash and crack it , or better , change the admin’s email you yours , and then do a forgot password at mytarget.com And then you successfully will get full access in your target site ! That was all ,very easy if you practice many times.
Now , just get an MySQL connector script coded in PHP , and login with the details you get from configuration file of your target. Then at the admin table, get the admin’s hash and crack it , or better , change the admin’s email you yours , and then do a forgot password at mytarget.com And then you successfully will get full access in your target site ! That was all ,very easy if you practice many times.
Maybe soon i will make a video tutorial if you still didn’t understand , just request the video tut in the comments , and i will try ASAP to make it for you !
Thanks for reading…..
0 comments:
Post a Comment