*Disclaimer: This tutorial of hacking a website may contain some penetration testing techniques and tools which is recommendable only for educational purpose
Websites these days have become more aware of their vulnerabilities and make them more secure than before but still they come up with other new vulnerabilities after.
Here , we are about to see a technique of uploading malicious file called arbitrary file upload where the attacker can gain access to the target by uploading malware to the target website through the provided a input page.
In general, websites today has contact us columns by default. All the dynamic website will have some loophole which will let the attacker get in.
What attacker has to do is that, he must find a peculiar point which will let him in. In this arbitrary file upload technique, the attacker looks for a page in website which will accept his input and store it in the back-end. He finds a page that will let him upload some files.
Either it may be a contact us page, or an image forum, or any other kind of file upload page. Once he finds that page, he tries uploading a shell composed of some advanced PHP functions which will let the attacker to control the entire website.
Mostly, the image upload forums wont allow uploading a PHP file. This is where tools like burp suite get’s in. Burp suite helps us to bypass the file upload restrictions if the restriction was only deployed in the front end.
The attackers can use burp suite to upload shell buy capturing the HTTP request of the uploaded image and manipulating the file name. But, in order to find a vulnerable website, we will need to use Google Dorks.
Google Dorks :
When you don’t what to find or search for vulnerability, just visit the google dorks with the inurl : strings .
This will help you to list out the vulnerable websites for specific attacks.
Basically, this vulnerability happens if the website doesn’t check or filter the type of file . look out for the directory indexing of the website.
Find the upload index from the parent directory. And upload the php shell…
Two source of the php shell .Either create it on your own or Download free source web shells from online…such as,
The author is not responsible for the attack implemented with these shells.
Upload the file from the directory.If the website doesn’t filter your php web shell then it will get uploaded. Finally , visit the url where you have uploaded your shell.
If you have done this with Ani shell the url you visited will look like this….
For gaining access ,you should go to the Ani shell server from where you can deface the vulnerable website.
Features in a shell :
- Dos ( Denial of Service ) attack .
- Deface or destroy the website
- Mass mailer ( With low spam detection)
- Leaf mailer
- Back connect
- Auto rooter
- MD5 Hash cracker
- Php decoder….etc
You can download the webshell from the Github and exploit the websites. Read the exploit completely to know more about the usage of the web shells.