How to Hack a Website completely



Hello friends, this is my 3rd article on HTP. Hope you are liking my articles.

There are several ways to hack a website
By Spl Injection

Now you accessed admin panel of a website and you want to edit its
file. To edit files you need a php shell.


What is a php shell?

PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use
to execute arbitrary shell- commands or browse the filesystem on your
remote webserver. This replaces, to a degree, a normal telnet
connection, and to a lesser degree a SSH connection. You use it for
administration and maintenance of your website, which is often much
easier to do if you can work directly on the server. For example, you
could use PHP Shell to unpack and move big files
around. All the normal command line programs like ps, free, du, df,
etc… can be used.

C99 is the shell by which you can manage the files of a website. Let
me explain practically :-

 Create a fake account on http://www.my3gb.com and download c99
shell(link given below in step 1) in zip extract it to your pc. After
extracing upload c99.php file to your my3gb account and logout from
your account. Now just go to the link of the shell i.e.
Yourusername.my3gb.com/c99.php
Now you can access control panel of the website without login into your account.

To hack the website's control panel Just follow these steps :

Step 1 : Download a php shell. I recommended c99 because of its
extended features. For download go to http://sh3ll.org/ and download
c99 shell in zip.
Then extract it.

Step 2 : Now find a place where you can upload photos in website.

Step 3 : Upload your shell here. If the website dont allow to upload
.php file then change it to .php.gif or .jpg

Step 4 : Now go to the link of the file that should be
www.abc.com/yourfilename.extension of your file

or
abc.com/images/yourfilename.andextension


Now here you can see all the files of that website. Now you can access cpanel. 
Share:

0 comments:

Post a Comment

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.