Category Archives: Shell Uploading

WordPress Shell Upload Vulnerability ! GeoThemes

~
 
WordPress Shell Upload Vulnerability In GeoThemes XD
# Exploit Title: WordPress GeoPlaces Themes >> upload shell exploit
# Date: 1/6/2013
# Author: xmayaroos
# Home: http://www.geotheme.com/
# Tested on: opera
# Dork : “inurl:wp-content/themes/GeoPlaces/”

[b]
exploit : Go to wp-content/themes/GeoPlaces/monetize/upload
then upload your shell
your shell >>> wp-content/uploads/2013/06/01010101shell010101.php

Enjoy 😀

How To Upload Shell ?

~
Shell Uploading Through cPanel!
In This tut ill tell y0uh 
How to upload shell through cPanel
Or
Shelling Website from cPanel

Well this tut is just for beginners
Plz dont abuse!
===============================================
so what y0u need ?
1st cPanel

2nd Madspot Shell V2 (awaaasome)


Now , open cPanel and goto 
Legacy File Manager 


than => Webroot Folder => Go


In New Tab , y0u’ll see Upload Files button 
press upload files Button and select y0ur shell and Click on upload!
\m/ Zindabad \m/
Shell Uploaded 🙂

Thankx For Reading
Note:For Educational Purpose ONLY!!!

tut officially written By Zaid Sparrow aka T4p10N

How To Upload Shell Using SQLMAP than get RDP

~
Hey Salam Guyz
Today i’ll tell y0uh 
Shell Uploading through SQLmap

its very easy if you have few thing 😉

-1st-
Vulnerable website with full path
-2nd-
file write privilleges
-3rd-
sqlmap
-4th-
Me 😀

start it

open your sqlmap
i have sqlmap with its GUI
so work becomes very easy 😀
you can also use sqlmap shell without its GUI just type this
./sqlmap.py -u http:www.site.in/index.php?id=1 –os-shell

link to use sqlmap with GUI
1st tick on the url box
now paste the vulnerable link in target box
than click on Get Query and you’ll see website appears on the 
“Query To Sqlmap box”
like in picture
Now 0pen “Access” tab in sqlmap
than => operating System
than => sqlshell
and tick sqlshell 
then again click on Get query
Than click on start button
than windows will pop up after 1-2 minutes 
it will ask y0u f0r enter Web application Language
like in this pic
web server is mysql so i’ll choose 4 PHP (Default)
it will start working again
and than asked y0u to give web root path
“Web Root Path”
the text y0u g0t from error like
mysql_error /home/india/public_html
this is called web root path

in my case my root path is
mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\DavWeb\src\controllers\photocontroller.php
my root path =>
C:\xampp\htdocs\DavWeb\
sometimes SQLMAP automatically get the root path like in this pic

please provide any additional web server full path to try to upload the agent 
[Enter for None]:
just press Enter


wOha! Shell uploaded =))

it will automatically connect the shell with sqlmap/cmd
Pic =>


shell uploaded =>

========================================
you can als0 get RDP from the shell 😛

just type in Run =>
mstsc.exe and enter website’s ip
and enter your password and enjoy 😀

thankx for reading 

Note:For Educational Purpose Only

How To Upload Shell On WordPress

~

      WordPress Shell Uploading

In this Tutorial , i’ll Show You How To Shell WordPress !
its not a difficult task 😉

First Of All1) Login To y0ur hacked WordPress Site,


2) Now Got0 Theme Editor..
   — wp-admin/theme-editor.php

3) On y0ur Right Side..Choose 404.php

4) Edit it And Paste Y0ur Madspot Shell Code in 404.php nd Save !t..

5) Now, you will see some thing like :
—- /home/Themename/public_html/wp-content/themes/themename/404.php&theme=themename&a=te&scrollto=0

6) Now Delete every thing before /wp-content/ and every thing after 404.php….

7) URl will be http://www.site.com/wp-content/themes/themename/404.php

7) Now Press Enter and Shell will be Executed 😉

 Note:- This Is Just For Educational Purpose ONLY!

This Post Is Written By ZAiD~~

How To Upload Shell Using cPanel

~
In This tut ill tell y0uh 
How to upload shell through cPanel
Or
Shelling Website from cPanel

Well this tut is just for beginners
Plz dont abuse!
===============================================
so what y0u need ?
1st cPanel

2nd Madspot Shell V2 (awaaasome)


Now , open cPanel and goto 
Legacy File Manager 


than => Webroot Folder => Go


In New Tab , y0u’ll see Upload Files button 
press upload files Button and select y0ur shell and Click on upload!
\m/ Zindabad \m/
Shell Uploaded 🙂

Thankx For Reading
Note:For Educational Purpose ONLY!!!

tut officially written By Zaid Sparrow aka T4p10N

How To Upload Shell With Tamper Data!

~


Assalamoalaikum All 

–==Today im G01ng t0 Sh0w Y0uh==-
     How t0 Upl04d Sh3ll Using Tamper Data 😛
———–=================————-

[[[[[[[[[[[[[StaRT]]]]]]]]]]]]]]]]


——-
1) Firef0x Beta
2) Tamper Data Add0n…

——————————–
Add0n Download LinK…
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
 ———————————————
Fire Fox Beta Download LinK:
http://www.mozilla.org/beta/
——-

—/
About this Add0n -TamperData/

About this Add-on

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.

Trace and time http response/requests.

Security test web applications by modifying POST parameters.

FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData.
Your browser will crash.
–+-

—SomeTimes Few webs Dont Allow y0u t0 upload Shell As .php
But With Tamper Data y0u can d0 thaT…

Open Website’s Admin Panel…

1) Change Your Shell ExtensioN t0 .jpeg or .jpg or .gif

2) Now open y0ur Tamper Data And Click 0n Start Tampering..

3) Now goto Upload 0pt10n` and upload y0ur Shell As shell.jpg

4) Windows Will Pop-UP.
  — Tamper – Submit – Abort REQUEST

5) Click 0n Tamper

6) At Yewr Right Side Copy All Text fr0m POST DATA BOX

7) Paste All text in notepad..

8) Now Press [[ CTRL + F ] its mean “FIND

9) Search For Shell.jpg

10) Edit You Shell Extension to .php then copy it paste it on post data box And Click On Submit…

11) Shell Will Upl04d Successfully… 😉 😉

Enj0y
Note:
This Tut Is Officially Written By Me 
Zaid Sparrow
My Old Website Has Just Gone!!!