(adsbygoogle = window.adsbygoogle || []).push({}); Ok, I will show you via images how I successfully uploaded a c99 shell on a hacked site.

First I obtained the Admin login details via Sqli, I then found the login prompt, and successfully logged in.

You must login or register to view this content.

Secondly, I browsed around looking for something interesting, I found the login details to the MySQL server of the website.

You must login or register to view this content.

I finally found an image upload function, lets change our shell to php.gif format and attempt to upload it.

You must login or register to view this content.

Damn, must be patched to prevent this, lets keep looking...

You must login or register to view this content.

Interesting, I found a template modifier that lets me edit the code of different functions and plug in's on the website.

You must login or register to view this content.

Lets try removing the current source code and adding c99 shell source code then saving it.

You must login or register to view this content.

It saved successfully, now the problem is locating that function on the website and making it run, I try different variable path's in the URL trying to find a directory that the file might be saved in, Eg /files/ /uploads/ /plugins/ etc. I experienced error messages like below, telling me that directory did not exist.

You must login or register to view this content.

I finally guess correct with the directory /themes/

You must login or register to view this content.

Remember, the msg.php plug in's theme name was classic, so with that we can assume the URL to the shell would be www.site.com/themes/classic/msg.php, I run this and get the following result.

You must login or register to view this content.

Voila my c99 shell is now on the site, the possibility's now are endless. Happy Hacking :blackhat:

**Link to shells* You must login or register to view this content.

This is his thread :confused: Why do you think that he did not write this. Did you do any research to back up your claim? If you did, you would have found that this thread is his.

The thread was written and demonstrated by me, if you are referring to not coding my own shell as skiddie, then I bet your hacking expertise is far minimal to your verbal statements, I have seen alot of threads on here like 'how do i port forward' and 'how do i scan ports' that is what I regard as skiddie, but rooting a server with someone else's shell is not skiddie, do you honestly think top hackers go to the bother of coding their own shells when they do not have to, have you ever coded a shell? I have yet to see any r00ting tuts on here, or cross site scripting threads, or blind sql injection threads, or even a thread on compiling exploits, yet you want to call this skiddie. Get off your high horse.

Sorry to say this 1_UP, But you just got OWNED!

And that was so hard. The real tut is how to get login you fail lol

How to get login? I stated at the start of the tutorial, the login credentials were obtained via Sqli, you make it seem with your statement that knowing Sqli is difficult or 'hard', specify how I fail, I officly got login to upload the shell in the first place, and evidence of this was presented via the screen shot, so once again mind telling me how I 'fail'?

You should make a tut on how to get login with SQLi. If your saying I think that SQLi is hard, yes I do. I am no nerd, nor am I a 4o year old fat ass.

Well how can you tell me I 'fail' when you are struggling to learn sqli, and I just used it to get the admin login details to the site I just posted screen shots off, do you know how to upload shells? Get back connections? Add back door's to websites to connect to via command prompt? Compile local root exploits? Use gcc commands to compile and run C language exploits? R00t servers? Mass deface sites? I dont think so, so dont tell me I 'fail' simply because I did not explain what you have yet to learn, little man.