» » How to hack sites using symlink
Wednesday, July 31, 2013

For educational purposes only! I will not take responsibility for you!


Today I will show you how to hack websites hosted on the server using symlink. I’m not going to explain what is symlink. So lets begin.


Requirements:- 



  • Shelled Website

  • Some php files which will help you to gain symlink.

  • To download them click here :- Click Here .


So now lets begin.


Firstly I want you to clear that it mostly works on WordPress And Joomla sites only.



  • First open your shelled site and then make a new directory, of whatever name you want. Ex:- xyz .

  • Then in that directory upload the files which I have given you in upper section.

  • After that Click on -rw-r–r– of config.pl .


B0a90


 


Then from there change the value from 0644 to 0755 .


akTRH


 



  • Then open the config.pl . In my case, to open config.pl, I’ll go tohttp://www.example.com/xyz/config.pl .

  • Then you will see a box something like this.


eERdt


 



  • Then leave this tab open. And then open nsuser.php. In my case thensuser.php will be at http://www.example.com/xyz/nsuser.php.

  • Then in that click on Eval.


7wksI


 


After that there would be open a window something like this.


t5vd8


 



  • Then click on Go button.

  • After that you will see a list of text something like this, copy that.


uy1az


 


After copying paste it to the config.pl box which you have opened early. And then click on Dapatkan Config!


J7xQd



  • Then go back to directory where you have upload all the files. In my case, it was http://www.example.com/xyz/

  • In that directory you will get all the config files of the sites hosted on the server.


[Brief Note On Config Files :- Config Files are those which contains the database name and username, password also.]




  • Now you have done successfully.


You have now database name, username of database and also the password.



Now may be you have a question how to connect with database or where to put these credentials.So lets begin:-



  • Now the file ida.php from where you have uploaded. In my case the ida.php file is in http://www.example.com/xyz/ida.php .

  • Now there would be a window open like this.


VB4rz


 



  • After that click on sql.

  • Then in Login - Type username
    Password - Type password
    Database - Type database name


q9z7F


 



  • Then click on double arrow “>>” button.

  • Now you are connected to database.

  • After that make a check mark in wp_user or jom_users and then click on dump.


FxrXQ


 


[Note:- There may be chances that the wp_user can renamed to another name, for example db_user etc.]



  • After that the dump.sql will saved at, where you have uploaded the previous files. In may case, the file dump.sql saved athttp://www.example.com/xyz/dump.sql .

  • So now lets open the dump.sql .

  • Boom !! now we have got the admin username, password and email.

  • Now use these credentials to login the admin panel.


But now you have the question where I put these credentials and how to know these credentials are of which site.
So now lets begin.



  • Copy the name of the db_user [which was found in the config file in .txt format]

  • Now in my case the  db_user is localbus_main.

  • Now again open the ida.php,and then go to under Symlink section, by clicking on the  Symlink.


oyU7x


 



  • After that click on Whole Server Symlink. Then there you a huge list of sites which are are hosted on the server.

  • Now then to find the site of which you got the credentials. Simply pressctrl+F then type your db_user name.

  • In my case the  db_user is  localbus,so i’ll try to search  localbus.


UxR1h



  • Now your targeted site is infront of the username. Now login to your targeted site and do what ever you want.


Posted by at 10:16 AM
Labels:

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )