Hello Everyone ! Today I Mr. Freak aka Silent Hacker and am here to tell you about " How to exploit any server " . This is guide for the beginners to learn How to Hack the website by Exploiting the Server . Here are some common question asked by the Newbie regarding this.
Why this Method ?
- This method is used when the Target site is not vulnerable to any of the vulnerabilities such as LFI , RFI , SQLI , XSS etc.
Any benefit of this method ?
- By this method attacker is able to get the server access by finding the vulnerable website in the server and then attacker tries to get the access of the website what the attacker wants.
So here we begin :-
First of the things we require :-
- Any PHP shell ( i am using DK shell beta version )
- A Target website ( http://www.pakistanescortservices.com )
- Brain xD
One more Question arises here How to do Symlink when we don't have the server access.
That's the thing we are going to Learn :D
Now we need to get the Target website's IP address . As we know we have lots of ways to get the Website IP address you can use any of the method.
I am going to use Yougetsignal.com website. The reason of using this site is that from this Reverse IP Lookup website we can also come to know about how many websites are hosted in the same server and which are the hosted sites ( We can get the Approx. websites )
Reverse IP Lookup website :- http://www.yougetsignal.com/tools/web-sites-on-web-server/
So from above Image you can see that we got the IP Address of the website.
Now the Main work begins :D
Copy the IP address and go to http://www.bing.com
In the search type :-
" ip:18.104.22.168 "
( Without quotes )
Now we will get the sites hosted in same Ip address now we need to find the vulnerable website in the server. For that we will use this search command :-
We are using .php?id= because sqli website contains .php?id= in their respective Url's
Now we have got the website for checking whether the website is vulnerable or not we will put the " ' " single inverted comma at the end of the Url . If we will get the SQL Syntax error then it means the website is Vulnerable to SQL Injection .
In my case the vulnerable website is :- http://www.mansol.com.pk/job.php?query=165'
Now You can inject your sql injection queries to the website by manually or Using tool for SQL Injection Such as Havij , SQL Map etc.
My Manual SQL Injection tutorial link :- http://youtu.be/Yrtug5zeB8U
Links for Tools :- Havij 1.15 Pro :- Click here
Now after analyzing the Target I got the Admin's User Info as Follows :-
*Password not shown as per the security reasons
Now find the admin panel of the website . In Havij there is option " Find Admin " You can get the admin panel from there .
Admin Page :- http://www.mansol.com.pk/admin
Put the username and Password there and Login!
Now we have to upload the shell in the website . We need to look for the upload area . In this website i got it in the File Manager and i upload my shell there.
After successfully i uploaded my shell . Now time to get the shell link of the Upload shell.
Now open your uploaded shell then in my shell i.e. DK shell beta version . This is a auto Symlink Option click that.
Now search for your target www.pakistanescortservices.com and click on the Green Highlighted text. There you will find the Website Symlinked :D
As the website is in Wordpress click on wp-config you will get the config file and put in the Database .
My Manual Symlink video link :- Symlink tutorial by Silent Hacker ( Also shown how to change the database config and using it )
My Symlink Video by Using Perl Script :- Symlink by using Perl Script
*You can get the tools in the video description :D
Now after getting the database change the username and password of the website. Login in the website and upload shell and Do whatever you want to do :)
Target taken down successfully :- http://www.pakistanescortservices.com/
Mirror :- http://www.hack-db.com/251934.html
Thanx for reading my Tutorial . If you are facing any problem regarding this topic you can contact me on Facebook :- https://www.facebook.com/Sil3nt.H4x0r
Here you can get my all videos regarding Hacking tutorial :)
My Youtube Channel Link :- http://www.youtube.com/user/Silent0Hacker/videos?view=0