find any uploading option in website. Sometimes the website will block .php extension
so you have to upload it in .jpg format.
First open your shell with notepad and then Save As and change the extension to one of these

shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;



If you did not find any option for uploading files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. Just add  this code in news 


after Getting admin Panel,if you can't upload .php directly upload it with modified extensions as I stated above. 

After uploading, find the directoey where your fle uploaded, 
example if you uploaded it in images then it will be in http://website/images/shell.php 

Sometimes simple extension hiding will not work so you  have to use one addon for firefox Live HTTP Headers, Get Live firefox HTTP headers Here 
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
 Install it and then hide shell extension, go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply. 
After that you have to find once again the same line of code which shows that you have uploaded shell. 
So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.  


It will take you to the shell, and if it does not then you will have to find manually where shell has been uploaded and go to that link. 

Note : This doesn't work for every website but working in mostly websites

0 comments:

Post a Comment

 
Top
Blogger Template