Upload Shell using Data Tampering

Install Tamper Data firefox add-on:
Download Tamper Data here
Now Install it and Restart Firefox

Rename shell:
Note: You have to rename you .php shell to .jpg to bypass the website's security
To upload a shell, of-course you needed a upload option in login page or anywhere !

Demo:
As an example i'll take - http://freead1.net/post-free-ad-to-USA-42

It is a free classified ads posting website, so i got a upload option there !
Find your upload option click on browse, locate you .jpg shell and select it !

[Image: 43506463.png]

Now click on Tools in Firefox Menu bar and Select Tamper Data, Tamper Data plugin will open in a new window !

[Image: 53666832.png]

Before Clicking on Upload button click on "Start Tamper" in Tamper Data window..
Note: Before Clicking on "Start Tamper" close every extra tab you have opened.. If you want this tutorial to be open... Just open it in another browser

Now click on upload button !

After clicking on upload button "Tamper with request?" window will appear !
Click on "Tamper" button

[Image: 57130154.png]

After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad

[Image: 22787820.jpg]

After Copying it to Notepad... "Find yourshell.jpg" and rename it to .php.

Image has been scaled down 10% (1215x177). Click this bar to view original image (1339x195). Click image to open in new window.
[Image: 36323600.png]


Now copy Notepad's text back to "POST_DATA" field..and click OK
It will Upload the shell as .php and you can execute it easily !
Find your .php shell & do whatever you wanted with that website
that's all !

Thank you for reading.. 
Note: Website Taken as example is patched by the webmaster !


Source:Hackcommunity
Note: We Take no responsibility every tutorial here is for educational Purpose Only .
Earn upto Rs 5000 Per Month. with daily payout of Rs 500 or more. Join now!

Comments

Popular Posts