Deface A Website With A Shell

Use a shell to deface a website This tutorial is for members who are new to using Shells to deface a website.

What is a shell?

Shells are basic methods we can use to upload to a website then deface them once uploaded. A shell is a PHP file and gives us extra permissions to the website once uploaded.

Getting Started:
Here are some commonly used shells I managed to find:



Use this Search Engine dork to find sites that will allow you to upload files:


Code:
inurl:upload.php
Your search engine will now search for websites that allow you to upload files to the server or include "upload.php" within the URL. Select a website that allows you to upload files.

Uploading the Shell:

Most sites will be image hosting. However if you get a website such as audio hosting you will have to use your common sense.

If the website is an image host, you will have to rename your PHP file to shell.php.gif or any other image type. For audio hosting websites, you will have to rename the PHP file to shell.php.mp3 or any other audio type. You get the picture. The website usually tells you what formats the script allows you to upload, it's common sense.

OR

You can edit the PHP shell and add the following code to the top of your PHP code. Remember to change "jpeg" to what ever file extension the site allows such as MP3 etc and so on.



Code:
header('Content-type: image/jpeg');

Upload the shell you just renamed to the server. Most sites will show you have uploaded the shell to the server, some sites still might not allow you to upload this file.

Once you have done this, the website will show that you have uploaded an image. It will be blank. This is because you haven't really uploaded an image, you have uploaded a PHP file.

Find the path to your image. On the upload image, try clicking on the blank space, Copy Link Location and paste it into your browser and hit enter. This will load your shell.

Other Important Information

This tutorial is for shell beginners, there are other advanced ways to upload shells to websites your have hacked via SQL injection for example and I will post a tutorial on this at a later date.

In some servers this may not work, in other it will work. You will just have to try different websites untill you find one that works.

Remember to rename your php file to a different extension that the upload script allows and also remember you will need the correct file path for this to have a chance of working.

Comments

Popular Posts