Hack a Server easily

on


What we will need

Information gathering like ip address

We will need to get the IP address of our target and find other websites that share the same IP address.

We will use an online tool to find the target’s IP address and other websites sharing the IP address

Based on the above results, the IP address of the target is 69.195.124.112
We also found out that there are 403 domains on the same web server.
Our next step is to scan the other websites for SQL injection vulnerabilities. Note: if we can find a SQL vulnerable on the target, then we would directly exploit it without considering other websites.
  • Enter the URL www.bing.com into your web browser. This will only work with Bing so don’t use other search engines such as google or yahoo
  • Enter the following search query
ip:69.195.124.112 .php?id=
HERE,
  • “ip:69.195.124.112” limits the search to all the websites hosted on the web server with IP address 69.195.124.112
  • “.php?id=” search for URL GET variables used a parameters for SQL statements.
As you can see from the results, all the websites using GET variables as parameters for SQL injection have been listed.
The next logic step would be to scan the listed websites for SQL Injection vulnerabilities. You can do this using manual SQL injection or use tools listed in this article on SQL Injection.

Uploading the PHP Shell

We will not scan any of the websites listed as this is illegal. Let’s assume that we have managed to login into one of them. You will have to upload the PHP shell that you downloaded from http://sourceforge.net/projects/icfdkshell/
  • Open the URL where you uploaded the dk.php file.
  • You will get the following window
  • Clicking the Symlink URL will give you access to the files in the target domain.
Once you have access to the files, you can get login credentials to the database and do whatever you want such as defacement, downloading data such as emails, etc.

Comments

Post a Comment