simple way to deface with a shell>example included

rhysh · Post by **rhysh** » 15 Oct 2007, 06:51

you can get in trouble from freehostia for doing the below on the shell i have uploaded for you,you are responsible for your own actions
this shell wasnt coded by me
k this is a short tut on how to deface,though i do not encourage it
this is only one method,there are many more methods though

ok i have setup a small site to deface,though i recomend you use a proxy when accessing the shell
here is a proxy i use proxy1918.com
ok
1.upload a shell to your target website(i have already done this for this example)
2.then execute it by going to http://www.targetsite.com/shell.php or
http://www.targetsite.com/shell.txt
3.explore the files and edit them,delete them,chage permits and more

now for most sites you can't just upload a shell,
a shell can be in the extension of
.txt and .php
for this example we will be using a php shell
here it is,http://shelltest.freehostia.com/c.php?
now if you look at this page you will hopefully figure the rest out
there are millions of shells out there apart from this one,so this not unique
most sites have blocks on what type of files can be uploaded,so dont be surprised by the errors you will get while trying to upload your shell
cheers

added:

ok well people if you dont know how to upload it to a server here goes

when uploading make sure you upload it as .php or .txt
never upload as a zip,it will ask if you wanna download it insted,lmfao
now to find a site to upload it to
a one method is to browse forums and stuff alike and find something to upload,eg
upload your avatar or icons or files,but insted upload your shell
go to google and type
index of /upload.php
or type in google
upload your pictures
now if you are going to use google to index upload file and stuff dont take the first page of results,i generaly go for pages 4+
reason is that the first page of results is sites that are visited most,so they are probably patched,if they arent and you do deface it then your deface wont last long,lol ill add more laters

Post by **ayu** » 15 Oct 2007, 09:52

Usually you deface with shells using RFI (remote file inclusion). You might want to add that ^^

More info about RFI HERE

bubzuru · Post by **bubzuru** » 15 Oct 2007, 11:55

ya this tut just tells you haw to use a shell witch
is realy very simple its getting the shell on the site
that ppl have trouble with

if you want to test RFI's out then visit this link

link removed by b_b

and ppl dont deface this site if you do your just a gay skiddy

* if you dont want this B_B just remove it "

Post by **bad_brain** » 15 Oct 2007, 12:09

no links to defaced sites on this board, this is not a skiddie-site.

bubzuru · Post by **bubzuru** » 15 Oct 2007, 12:11

bad_brain wrote:no links to defaced sites on this board, this is not a skiddie-site.

the site has not been defaced

is OK anywayz B_B i understand

if anyone wants the link pm me

rhysh · Post by **rhysh** » 15 Oct 2007, 17:26

k i know bout remote file inclusion but this was only meant to be a quick tutorial
and bubzuru new people only need to learn how to use a shell,then that is it,that is all they need to know to deface and do lots more
lol and i do not encourage defacing

bubzuru · Post by **bubzuru** » 15 Oct 2007, 18:06

rhysh wrote: new people only need to learn how to use a shell,then that is it,that is all they need to know to deface

how can they use the shell to deface a site if
they cant get it on the server ? lol

anyways nice tut 4 ppl who dont know how to use a shell

rhysh · Post by **rhysh** » 15 Oct 2007, 18:46

bubzuru wrote:
rhysh wrote: new people only need to learn how to use a shell,then that is it,that is all they need to know to deface
how can they use the shell to deface a site if
they cant get it on the server ? lol

anyways nice tut 4 ppl who dont know how to use a shell

k i obviously didnt word it well,

ok,first the subdomain was just so that people could understand how to use a shell,
ill edit the post a bit,so that people can read it better

ebrizzlez · Post by **ebrizzlez** » 15 Oct 2007, 18:57

Okay, all I have been seeing for a while is people who copy and paste tutorials or just reword it to seem "kool" or "leet" , which is beyond idiotic and obvious. At least you gave the effort rhysh, and at least you tried to improve on what you did and share your knowledge. And that I give you tons of credz for. This is how you can see your mistakes, and learn more about it. There is a book called The Database Hacker, its a really good book that explains RFI attacks as well as basic XSS, and many other web exploit attacks you could think of. Check it out. And nice post.