This thread is for people who fail to upload shell onto websites ( Happens to me alot :P )
Try these methods below
---------------------------------------------------------------------------------
Method 1:---------------------------------------------------------------------------------
we all know that uploading scripts accepts JPG or GIF or both etc..
so its possible some times to bypass it by
renaming the file to
" shell.jpg.php "
---------------------------------------------------------------------------------
Method 2:---------------------------------------------------------------------------------
Sometimes we can upload PHP file by editing the parameters with tools such as
Tamper Data ( Firefox Addon )
Download Here:
Code:
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
application/octet-streamto
image/gifor
image/jpg
Video tuorial:
Code:
http://www.youtube.com/watch?v=OB5iQI5SkTw
---------------------------------------------------------------------------------
Method 3:
---------------------------------------------------------------------------------
We can also upload shell by adding
to the file name
%_00shell.jpgphp
shell.jpg%.php
or
shell.jpg;php (works alot specially on Win box'z )
---------------------------------------------------------------------------------
Method 4:---------------------------------------------------------------------------------
Another way is by tricking Apache
by adding PHP languages
For Example:
file.php.enthe Apache will read the file.php.en
as a normal php file
cause .en refers to English
another example:
file.php.ar
.ar refers to Arabic and so on....
that helps when we find an uploading center that
denies PHP extinsions and allows any other unknown extionsion.
Well that's pretty much it
Good luck!
~Regards, Invectus
No comments:
Post a Comment