Hellow geeks! In this article we’ll learn about how to hack any website and get root access using shell scripts.
We’ll target any file uploading areas in websites we’ll tamper it’s code.
So after you read this article you’ll know about
1. How HTTP methods work against code?
2. How to tamper HTTP request using simple Firefox plugins
3.How to get the shell which you have already uploaded into site directory.
So guys let’s start one by one…
1. HTTP request and Response(HTTP SESSIONS)
As you know the websites uses several web servers and it uses HTTP protocol to transmit all the data this methodology is called HTTP SESSIONS. Although it is TCP based but it is a stateless protocol because it executes 2 or more commands simultaneously. So it’s a stateless.
HTTP can be put into a state position only when it has a good and secured validation and cookies, sessions management.
So we’ll use some HTTP session vulnerability to hack a website by uploading shells .
What is Shell?
A shell is a written code which is basically a website a server side code which is encoded with Base64 type of encoding techniques.
What the shell does is, as soon it’s stored on the any directory of the server it opens a backdoor to our computer or one who opens the backdoor.
The backdoor transfers the full control over the HTTP server and all it’s directory including root and also the Database servers like PHPmyadmin and other.
The shell may be PHP, ASP, JSP or any of the server side languages.
2. How to tamper HTTP request using simple Firefox plugins?
As I’ve mentioned HTTP is a connectionless protocol. we can Tamper the HTTP requests and we can Bypass the Server side code Validation.
At first what we have to do is Download FireFox Plugin for doing HTTP request tamper.
Live HTTP Headers Plugins
Here in this tool you have to install it and enable it at firefox startup.
Then go to victim website find any File Uploading area.
As you’ve .php extension shell with you so there will be a restriction to upload only image files which have extensions like .png or.jpg etc
What you have to do for bypassing validation is you have to use Live HTTP header addon to change it’s extension.
First do your shell double extension. (Ex: shell.php to shell.php.png)
Then press Submit. Once the file uploaded to the directory which has been specified by the Server side code you have to open the HTTP Live header addon find the Content bar click on that then you will get another popup window there you should change your file name to normal .php extension and press on Replay button.
So now your file successfully uploaded to the server.
3. How to find the location of the shell which you’ve been uploaded and access the shell?
After you’ve been uploaded the shell to any unknown directory which is specified in it’s server side code.
That location you may not be knowing but all you know is the file name.
It is enough to find your shell.
Go for any Web Crawlers or Fullzer tools and search by name
Here we’ve used OWASP-ZAP Tool to find it’s location.
You can also use DirBuster tool to do this work.
I hope this article was very useful and easy!..
Thank you .. We will discuss shell upload using File Staging process in my next part of this Web-hacking version. Thank you.. 🙂