Saturday, January 19, 2013

What is a symlink?

Well symlink stands for symbolic link or can also be called soft-link, and to best describe it for everyone out there it is like a shortcut in windows now to explain in a bit more detail imagine your on your desktop and you create a shortcut to "C:/" this is essentially like creating a symlink from "/home/userx/www/" to "/"
please note that a shortcut is not the same as a symlink. as windows does also support symlinking I only use them as a reference as they are similar and help explain it for those who may not understand otherwise.

i am making this tutorial for those who have shelled websites and they cant root server as  not all linux boxes can be rooted , also we dont have exploits for all linux kernels.

so here i am gonna show you how to hack websites on a server using symlink ,

but first u will need a shelled website on that server ,thatn only u can do symlink without shell u cant do symlink.

1.) here is my shelled website 


2.)now  here i am not gonna tell you to create two folders and then do symlink here i will use automated symlink script which you can download from here and upload on the shelled website. 

Download Files from here 



and this is how it will look
and now click on symlink bypass 

if it is able to read etc/passwd then u can do symlink on the server but it is not always 100% sure that if it can read /etc pwd then server can be symlinked.
 now a days hostgator ,hostmonster,blue host ..etc  servers are patched to symlink but others are still vulnerable.




3.) now our next step is to find the availbale wordpress and joomla websites on the same server so now we will click on this 
4.) for this tut i will be hacking a joomla site so it will look like this

these all domains which are under domain column are joomla websites on the server.
now as u can see i have my target website of joomla now i will click on config and
then i will be redirected to the symlink shotrcut link of the directories of the target website :D. config file contains the username and password of databse of that website.



5.)now copy these username an password from the config page

          


6.) now in this step you have to upload a database file on ur shelled website
download database file from the download link and upload on the webiste and then acess it will look like this now enter that username and passwrd which u just copied from above config page



and now login


7.)after login you will see this page now u are in databse of your target website bingo :P



8.)click on tables and then in tables u have to find user,admin table as you can see here




9.) now click on data you will see the admin users data like id,username,password emailsetc now clcik on edit



10.)now you will see username and password hash ..in this you can do two things the best one is replace you password hash with that hash or try to decryt that hash i got the decrypted hash on google so no i will know the admin and password of the website its time to login.

11.)now goto target website login page
default adminlogin page for joomla is www.site.com/administrator


12.)Bingo now we hacked a website on that server now its time  upload shell and deface.
this how we upload shell in jomla
goto>tools>template manger> click on any template>edit html now you will see this html code of template to edit.

 13.)now paste your shell's source code here in here i will use 404.php WSO pv8 shell
which is available for u in download file.
after pasting code click on save 

now go to shell directory www.site.com/templates/name_template/index.php
here is our shell 

14.)now i will enter my password in shell then login to shell bingo website  pwned and now u can deface it


this is how you will hack all the website on same server using symlink .
website which u can hack
joomla
wordpress(wp-config) 
v-bulletin forums
...etc