Saturday, 22 September 2012

Hack With Symlink

Hello guys, this article is for the beginners webhackers through this article I m going to teach you all about the Symlink
What is symlink?
Symlink is a method used by hackers to read files from other users on a linux server, only by using a php-shell.
Let me clarify the requirements which are necessary to learn the symlink:
Requirements are:
- One phpshell uploaded in a linux server (Safe MODE = OFF )
- basic phpshell & linux knowledge
- and last but not least brain !
So what are we waiting for let us start with the tutorial.
Where to get a target, if you only have a phpshell uploaded in a linux server that has some sites?
It’s easy first get the IP of the server.
Then go to bing.com and search like that:
Code: ip:xx.xxx.xxx.xxx vbulletin
xxx replace with the ip address of the server , and ‘vbulletin’, you can change to a name of a forum software or a CMS you wish as a target. But for this example I will take vBulletin.
OK, now we got the target site, let’s suppose that its domain name is mytarget.com and it uses vBulletin forum software.
Now starts the real hacking!
Go to your phpshell , and in the ‘Execute command’ field , execute there that command :
Code: ls -la /etc/valiases/mytarget.com
By executing this command, I will get the name of the user (on the linux server) that keeps the website mytarget.com.
It should return with a result similar to that :
>>>>>>>-rw-r–r– 1 target mail 28 May 28 2011 /etc/valiases/mytarget.com
The red colored piece is the user of mytarget.com on the server.
So in our case the username is ‘target’
Many of us know that the configuration file of vBulletin script ,can be found in /includes/config.php.
This is the file we need to read in our case , in order to get access at our target site.
How can we read that file?
Simple, execute that command on the shell :
Code: ln -s /home/target/public_html/includes/config.php symlink.txt
As you can see, we’re writing the content of config.php , into symlink.txt file. After you execute the command , you will se a new file called symlink.txt. Open it and You successfully read the configuration file (symlinked). Now, just get an MySQL connector script coded in PHP , and login with the details you get from configuration file of your target.T hen at the admin table, get the admin’s hash and crack it , or better , change the admin’s email you yours , and then do a forgot password at mytarget.com And then you successfully will get full access in your target site !
That was all very easy all you need is to practice it many times.

No comments:

Post a Comment