What is asymlink?
Wellsymlinkstands for symbolic link or can also be called soft-link, and to best describe it for everyone out there it is like a shortcut in now to explain in a bit more detail imagine your on your desktop and you crte a shortcut to "C:/" this is essentially like crting asymlinkfrom "/home/userx/www/" to "/"
plse note that a shortcut is not the same as asymlink. as does also supportsymlinking I only use them as a reference as they are similar and help explain it for those who may not understand otherwise.
i am making this tutorial for those who have shelled websites and they cant root server as not all linux boxes can be rooted , also we dont have s for all linux kernels.
so here i am gonna show you how to websites on a server using symlink ,
but first u will need a shelled website on that server ,thatn only u can do symlink without shell u cant do symlink.
1.) here is my shelled website
2.)now here i am not gonna tell you to crte two folders and then do symlink here i will use automated symlink script which you can download from here and upload on the shelled website.
Download Files from here
and this is how it will look
and now click on symlink bypass
if it is able to rd etc/passwd then u can do symlink on the server but it is not always 100% sure that if it can rd /etc pwd then server can be symlinked.
now a days hostgator ,hostmonster,blue host ..etc servers are to symlink but others are still vulnerable.
3.) now our next step is to find the availbale wordpress and joomla websites on the same server so now we will click on this
4.) for this tut i will be a joomla site so it will look like this
these all domains which are under domain column are joomla websites on the server.
now as u can see i have my target website of joomla now i will click on config and
then i will be redirected to the symlink shotrcut link of the directories of the target website :D. config file contains the username and of databse of that website.
5.)now copy these username an from the config page
6.) now in this step you have to upload a database file on ur shelled website
download database file from the download link and upload on the webiste and then acess it will look like this now enter that username and passwrd which u just copied from above config page
and now login
7.)after login you will see this page now u are in databse of your target website bingo :P
8.)click on tables and then in tables u have to find user,admin table as you can see here
9.) now click on data you will see the admin users data like id,username, emailsetc now clcik on edit
10.)now you will see username and hash ..in this you can do two things the best one is replace you hash with that hash or try to decryt that hash i got the decrypted hash on google so no i will know the admin and of the website its time to login.
11.)now goto target website login page
default adminlogin page for joomla is www.site.com/administrator
12.)Bingo now we a website on that server now its time upload shell and deface.
this how we upload shell in jomla
goto>tools>template manger> click on any template>edit html now you will see this html of template to edit.
13.)now paste your shell's source here in here i will use 404.p WSO pv8 shell
which is available for u in download file.after pasting click on save
now go to shell directory www.site.com/templates/name_template/index.p
here is our shell
14.)now i will enter my in shell then login to shell bingo website pwned and now u can deface it
this is how you will all the website on same server using symlink .
website which u can
joomla
wordpress(wp-config)v-bulletin forums...etc
No comments:
Post a Comment