you can get in trouble from freehostia for doing the below on the shell i have uploaded for you,you are responsible for your own actions
this shell wasnt coded by me
k this is a short tut on how to deface,though i do not encourage it
this is only one method,there are many more methods though
ok i have setup a small site to deface,though i recomend you use a proxy when accessing the shell
here is a proxy i use proxy1918.com
ok
1.upload a shell to your target website(i have already done this for this example)
2.then execute it by going to http://www.targetsite.com/shell.php or
http://www.targetsite.com/shell.txt
3.explore the files and edit them,delete them,chage permits and more
now for most sites you can't just upload a shell,
a shell can be in the extension of
.txt and .php
for this example we will be using a php shell
here it is,http://shelltest.freehostia.com/c.php?
now if you look at this page you will hopefully figure the rest out
there are millions of shells out there apart from this one,so this not unique
most sites have blocks on what type of files can be uploaded,so dont be surprised by the errors you will get while trying to upload your shell
cheers
added:
ok well people if you dont know how to upload it to a server here goes
when uploading make sure you upload it as .php or .txt
never upload as a zip,it will ask if you wanna download it insted,lmfao
now to find a site to upload it to
a one method is to browse forums and stuff alike and find something to upload,eg
upload your avatar or icons or files,but insted upload your shell
go to google and type
index of /upload.php
or type in google
upload your pictures
now if you are going to use google to index upload file and stuff dont take the first page of results,i generaly go for pages 4+
reason is that the first page of results is sites that are visited most,so they are probably patched,if they arent and you do deface it then your deface wont last long,lol ill add more laters
simple way to deface with a shell>example included
simple way to deface with a shell>example included
Last edited by rhysh on 15 Oct 2007, 18:52, edited 1 time in total.
Usually you deface with shells using RFI (remote file inclusion). You might want to add that ^^
More info about RFI HERE
More info about RFI HERE
"The best place to hide a tree, is in a forest"
ya this tut just tells you haw to use a shell witch
is realy very simple its getting the shell on the site
that ppl have trouble with
if you want to test RFI's out then visit this link
link removed by b_b
and ppl dont deface this site if you do your just a gay skiddy
* if you dont want this B_B just remove it "
is realy very simple its getting the shell on the site
that ppl have trouble with
if you want to test RFI's out then visit this link
link removed by b_b
and ppl dont deface this site if you do your just a gay skiddy
* if you dont want this B_B just remove it "
bubzuru wrote:how can they use the shell to deface a site ifrhysh wrote: new people only need to learn how to use a shell,then that is it,that is all they need to know to deface
they cant get it on the server ? lol
anyways nice tut 4 ppl who dont know how to use a shell
k i obviously didnt word it well,
ok,first the subdomain was just so that people could understand how to use a shell,
ill edit the post a bit,so that people can read it better
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
Okay, all I have been seeing for a while is people who copy and paste tutorials or just reword it to seem "kool" or "leet" , which is beyond idiotic and obvious. At least you gave the effort rhysh, and at least you tried to improve on what you did and share your knowledge. And that I give you tons of credz for. This is how you can see your mistakes, and learn more about it. There is a book called The Database Hacker, its a really good book that explains RFI attacks as well as basic XSS, and many other web exploit attacks you could think of. Check it out. And nice post.
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]