I am sure many have you have read about "Hacked / Defaced with
shells", So I am pretty sure that the first thing that comes to your
mind is "What the heck are these shells?" . So this article would give
you complete idea about shells and its use.
I will soon write about "RFI, LFI" which are somewhat connected with shells. Meanwhile, keep playing with it and learn more. As without practice you won't get anything.
Server : ftp.example.com
Username: XEO
Password: whatever
So, once you put in this information, server understands that you are XEO and gives you access to all the files on the server so you can work on it.
"Hi guyz, i managed to hack my 1st website today! YAY, I am really happy! But theres only 1 problem, i uploaded the shell and ran it and it worked fine. The only problem is i dont have access to FTP."
Y0, i hacked a website today, uploaded a shell and it worked fine, now i am trying to get access to FTP
Code: http://www.something.com/forums/attachment.php?attachmentid=456&d=1249607339
So that is the DIRECT url to the attachment which is called EXECUTION. In the same way if you execute your shell, it will take you to a webpage where you will see everything thats on the server. And you will have FULL ACCESS to remove/edit/replace/delete the files. So you are another XEO !
Thanks for your time to read the article . Hope you liked it . PEACE!
I will soon write about "RFI, LFI" which are somewhat connected with shells. Meanwhile, keep playing with it and learn more. As without practice you won't get anything.
Difference between FTP & Shells:
Many times I see that some of us know how to use the shell but once they have uploaded they get confused. So to start with, Let me give you some information about FTP:- File Transfer Protocol
Server : ftp.example.com
Username: XEO
Password: whatever
So, once you put in this information, server understands that you are XEO and gives you access to all the files on the server so you can work on it.
- Shells
- Moral of the Story:
FTP is a protocol that lets you connect your computer to your
hosting server so that you can upload/edit/delete/replace your files.
Since we wouldn't have the username & password to connect to any
website's ftp, thats why we will use the SHELL to get access. SO SHELL IS NOT FTP BUT IT GIVES YOU ACCESS TO THE HOSTING SERVER.
- Funny Incidents:
"Hi guyz, i managed to hack my 1st website today! YAY, I am really happy! But theres only 1 problem, i uploaded the shell and ran it and it worked fine. The only problem is i dont have access to FTP."
Y0, i hacked a website today, uploaded a shell and it worked fine, now i am trying to get access to FTP
- Main Logic
Phase 1 : Uploading a shell:
Suppose you want to hack "something.com". So the first thing that you will do is, open up "something.com", and try to find some place from where you can upload the files on the website. There are many such places for example, "file uploads, avatars, resume upload, cooking recipe uploads, upload your photo". So these are the places which will give you an opportunity to upload your shell. All you have to do is, try to upload the shell.php which is located in your computer and click on submit. So suppose you went to the webpage "something.com/submit_resume.php" and you uploaded your resume.Phase 2 : Executing your uploaded shelll:
Once we have uploaded the shell as shown in "Phase:1", we know that its sitting on the server. The only thing we need to do now is to execute the shell from a browser so we get access to it.- Example:
Code: http://www.something.com/forums/attachment.php?attachmentid=456&d=1249607339
So that is the DIRECT url to the attachment which is called EXECUTION. In the same way if you execute your shell, it will take you to a webpage where you will see everything thats on the server. And you will have FULL ACCESS to remove/edit/replace/delete the files. So you are another XEO !
Phase 3 : Defacing:
Defacing is a word which means "replacing the current index file with our own index with our motive and slogan on it". So once you have access to the server, you are the king- Different types of shells:
- Where do I get them from?
Important Piece of advice
I would suggest you to download WAMP SERVER, which lets you make your own server on your comptuer. And then try to use shells on it. Which will help you avoid hacking in live environment. Because, if webmaster is smart then, he can simply check the logs for that shell fine and track down your IP which executed the shell. Then you might be in problem.Thanks for your time to read the article . Hope you liked it . PEACE!
Subscribe To Get FREE Tutorials!
Respected Readers:
|
9 comments:
rocking manm i love tutorials on basics as i m a begineer
Very interesting discussion glad that I came across such informative post. Keep up the good work friend. Glad to be part of your net community.
Gold coast golf
Not only to write your article is very good, but very useful for me. From this article, I got a number of important and useful information.I hope to get more useful information from your article in the future.
I enjoy looking through a post that can make people think.
Also, thanks for allowing me to comment!
Here is my blog :: jocuri online rummy
Valuable information. Lucky me I found your web site unintentionally, and
I am stunned why this twist of fate didn't came about earlier! I bookmarked it.
Also visit my blog post: teenagers having sex
Hello, i think that і ѕaw yоu ѵisitеԁ my blog thuѕ і came to “геturn the favor”.
Ӏ аm attempting to find thingѕ tο enhance mу sіte!
І supρose itѕ оk to uѕe sоmе of your ideаѕ!
!
my ѕite: Lloyd Irvin
Lymus is determineԁ to break down mаny of
thе staгs' Fashions. The looks of any non-piercing jewelry is a necessity. Like men's/women's fashion, we've
been repaсkaging, repitching the technology, the man-mасhine interactive aρplісatіons fгeеr fіngеr touсh scrеen alѕo bеcomes easier.
Second, you сan either get а $25 for free or
25% off a $100 item. It can bе used or worn thаt is a fad either.
Alѕο visit mу website ... Thoi trang nam
Nice post,Everyone , I just thought I'd let you know you can have a talented hacker get your jobs done for you , whatever you need done , reach him on FRANKSHACKS11@gmail.com , let him know Maria told you
- See All Photos Captured.
- Hack facebook messages, viber chats, yahoo messenger.
- Track Line messages and BBM messages.
- Spy SMS text messages remotely.
- Track Call history and Spy Call Recording.
- Read phone contact and Track Internet Browsing History.
- 100% Undetectable and Free Update.
- Track whatsapp messages without rooting.
- Track mobile phone GPS location.
Great beat ! I would like to apprentice while you amend your website, how could i subscribe for a blog web site? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast offered bright clear ideaI am really impressed with your writing skills and also with the layout on your blog. Is this a paid theme or did you customize it yourself? Either way keep up the nice quality writing, it is rare to see a great blog like this one today..
I believe you have made some really fascinating points. Not too many others would actually think about this the direction you just did. I am really impressed that there is so much about this subject that has been revealed and you made it so nicely, with so considerably class. Outstanding one, man! Very wonderful things right here.
I have been searching for this information for quite some times. About three hours of online searching, at last I found it in your blog. I wonder why Yahoo dont display this kind of good websites in the first page. Usually the top search engine results are full of rubbish. Perhaps its time to use another search engine.
TOP Google Ranking On Your Site
Confused? Feel free to ask
Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
Post a CommentNote:-
Please do not spam Spam comments will be deleted immediately upon my review.
Regards,
XEO Hacker