About Me

Saturday, 21 April 2012

Hack a server with shells

Here I will show you how to deface a website
First of all you will need shell. I will give you modified c100 shell which I use and it is undetectable.

Download Link: DL c100 - Mediafire - http://www.mediafire.com/?eebeecgrmfvcqyq

First when you download c100.php you will need to edit it with notepad. And set your Username and Password, so that only one who know user/pw can access shell and website.
Username and passowrd edit as you like. But the md5 pass must be crypted. For that you go to Crypo.com - Here you will make your pas MD5

So on crypo.com you write the password you writed in c100.php in my case it is hakforums and for that I get this MD5 password, copy it and paste in our shell c100.php


$login = "Dimitrije"; //login
$pass = "hakforums"; //password
$md5_pass = "b54f268a2badf26e2499631f37d7b12e"; //md5-cryped pass. if null, md5($pass)

When you do that, save it and now find on website place where you can upload some file. Sometimes the website will block .php extension so you will have to bypass it. First open your shell with notepad and then Save As and change the extension to one of these


If website doesn't have any place where you can upload files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. You do that by adding this code in news

<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">

Once you find admin panel upload your shell, if you can't upload .php directly upload it with modified extensions as I stated above.

After you uploaded it find the link where you uploaded it, example if you uploaded it in images then it will be in site/images/c100.php After you enter the link the new Pop up windows will apear and it will ask you for login. Here you write your username and password your wrote in c100.php. After that you should get next screen.
Find main index.php and edit it with your deface page source code, and click save. Thats it


Post a Comment