Hello Friends
Well do you know the most easiest & common way to hack a site is Shell Upload. To be honest i'm not going to teach you to hack any site or server, I'm just sharing what I know besides hacking is really very cool, when you learn new things.
What Do I Need ?
DVWA Penetration Testing Lab
Burp Suite or (Live HTTP Headers)
Recommended - Mozilla Firefox
Any PHP File or Shell
Brain, Curiosity & Patience
Description & Methodologies
File Upload Vulnerability, allows an attacker to upload any scripted (static or dynamic) files on target server. (It's really very dangerous) Assume you create a Site in PHP / MySQL. You also create simple Image Uploading Application so users can upload their own image file, but without any validation yours application blindly trusts on users file and upload it on your server.
So what if an evil minded hacker like you determine it and upload .PHP file instead of Image file ?, Well your application will accept it & store it in server, Now an attacker will locate that file into Browser and it will be executed as .PHP scripted file, through this an attacker can also upload malicious shells and get complete access to Database & Server.
Go on & Learn This Holy Hacky Method!
1. Start DVWA, Put Security to Low Level, & Click on Upload.
2. First we'll exploit easy application, that doesn't validates user's file. Well you can also go through 'View Source', to understand how it really works.
3. So first of all let's exploit LOW LEVEL security. There's an application that allows you to upload image file. Click on Browse choose your any PHP or HTML scripted file (Like deface page or HACKED!) well you can also use any Shells like C99. Remember there's no security on EASY Level, it'll blindly trust on your file and upload it on it's server directory. It will be little hard on Medium Level.
Below i'm using simple 'HACKED' page
I've named it w0rm.php on my desktop and here i upload it on dvwa.
4. Click on upload and it'll show you a successfully uploaded message with file directory! wow that's amazing let's locate that file into browser. Copy that directory location and run it in your browser after dvwa path.
Now check the result, poor DVWA... hahaha no issue!
5. So we've successfully exploited easy level. Well an attacker can also upload dangerous shells that can completely take over server, data and even rooting an entire server. So let's move on little hard stage. (Change Security level to Medium). Now try to upload the same file in Medium Level and observe what's the result. Well you'll get an error message on top - that your image was not uploaded.. Because it's not an image. Now switch to firefox with Tamper Data Addon to modify headers while transmission.
6. It's time for little trick : Rename your file with w0rm.php.jpg to confuse interpreter.
7. Up till now we didn't trapped any GET or POST request but now we'll do it, now again try to upload it but before clicking on upload start Tamper Data and click on Start Tamper to trap every request.
8. "Start Tamper" and click on Upload. And suddenly you'll get a pop-up - Click on Tamper : (Now we've to modify POST data)
9. Now Look into POST_DATA - Yes! we've to modify that stuff only, Just go in that text-area and search for your file name - at last change it to w0rm.php from w0rm.php.jpg and click on OK- [That's called BYPASSING application validation]
10. You'll see a successfully uploaded message, again locate it in your browser and watch.. IT'S HACKED! [Cool isn't it ?]
Muhammad Shahbaz (17 Years Old) is a Young blogger, SEO Expert, & Cyber Security Expert from Pakistan
Hi Friends,..
ReplyDeleteGet Free ===> Learn Hacking, FaceBook Hacking, Free Internet Tricks, Facebook Tricks, Latest All Network Database, SEO, SMO, Google Adsense Tricks, Earn Money, etc