(adsbygoogle = window.adsbygoogle || []).push({}); Ok, I will show you via images how I successfully uploaded a c99 shell on a hacked site.

First I obtained the Admin login details via Sqli, I then found the login prompt, and successfully logged in.

You must login or register to view this content.

Secondly, I browsed around looking for something interesting, I found the login details to the MySQL server of the website.

You must login or register to view this content.

I finally found an image upload function, lets change our shell to php.gif format and attempt to upload it.

You must login or register to view this content.

Damn, must be patched to prevent this, lets keep looking...

You must login or register to view this content.

Interesting, I found a template modifier that lets me edit the code of different functions and plug in's on the website.

You must login or register to view this content.

Lets try removing the current source code and adding c99 shell source code then saving it.

You must login or register to view this content.

It saved successfully, now the problem is locating that function on the website and making it run, I try different variable path's in the URL trying to find a directory that the file might be saved in, Eg /files/ /uploads/ /plugins/ etc. I experienced error messages like below, telling me that directory did not exist.

You must login or register to view this content.

I finally guess correct with the directory /themes/

You must login or register to view this content.

Remember, the msg.php plug in's theme name was classic, so with that we can assume the URL to the shell would be www.site.com/themes/classic/msg.php, I run this and get the following result.

You must login or register to view this content.

Voila my c99 shell is now on the site, the possibility's now are endless. Happy Hacking :blackhat:

**Link to shells* You must login or register to view this content.

Oh, you're in trouble now.

To be honest if vince wanted he could ruin 1_UP. But he's not like that. If you get on well with vince he is a real nice guy. He is very honest and tries his best with trying to help forums. I advised him to join and we should be greatful that he did. He will without doubt bring the hacking section to a new level. I know its a little early to consider but he would make a great hack section moderator. He probably has the most hacking experience in NGU.

You guys are retarded, how is he a script kiddie for using someone elses shell? Out of the millions of forum/website hackers I bet only 1/50 of them have actually coded there own shell. Why would you waste your time coding a shell if you could be using one that's right infront of you and finding exploits in a system? Great tutorial :y:. I might post a tutorial on blind SQL injection when I have the time.

Uploading shells via image upload or flash upload don't usually work because Mime checking/magicquotes is enabled therefore making it harder to assemble a shell on the website, basically, if you have successful Mime Checking equipped you can make it so the file is checked before its officially uploaded on the site's upload stream, so basically, the upload would be invalid because your embedding PHP strings in an image.

Uploading shells doesn't make you a skiddie, if you have just plain old administrator access you'll only have image/banner formatting permissions, but if you have the control panel to the site (/cpanel, or you can locate the host via traceroute) then you can do everything manually (just requires shell upload or ssh public/private key) .

This is already known but pretty good for beginners.