Hacker, Researcher and Author.

How Hackers Hack Into Websites On Shared Hosts - Symlink Bypass Part 2

In our previous article How Hackers Are Hacking Into Websites On Shared Hosts, we explained you step by step how hackers hack a website on a shared host with symlink bypass. However what if the Admin has changed the name of the configuration file or has moved it to another place. In such cases require directory access in order to locate the configuration file. Which will be topic of today's post. Getting directory access via symlink bypass. 


What Is Symlink Bypass?

Well, I would not like to go into much detail. However for your understanding all you need to know is that symlink is a method to refrence other files and folders on linux. Just like a shortcut in windows. Symlink is necessary in order to make linux work faster. However symlink bypassing is a method which is used to access folders on a server which the user isn't permitted. For example the home directory can only be accessed by a root level user. However with symlink bypass you can touch files inside home directory.

Directory Access With Symlink Bypass

Step 1 

Perform the same steps which we did before. Create a directory, e.g abc. Now upload jaguar.izri & .htacess in it. Give 0755 permission to jaguar.izri





Steps 2

Suppose that we uploaded it in root of dir. So our path should be www.site.com/abc. Next open it and load the jaugar.izri, which will be located on www.site.com/abc/jaugar.izri



Step 3 

Open it and make a new dir named 123 by issuing the command mkdir 123.


Step 4 

Now lets enter dir 123 by giving command cd 123.


Step 5

Now give the following command ln –s / root



Step 6

Once you have issued the command ln -s /root, you should see folder named root in dir 123. In order to check go to www.site.com/abc/123/ and you will see a folder named root.



Step 7

Next go back to script and press upload file:

Options Indexes FollowSymLinks
DirectoryIndex ssssss.htm
AddType txt .php
AddHandler txt .php


Copy the above in a notepad and rename it as .htacess and upload it to 123 folder.





Step 8

Next open root dir. www.site.com/abc/123/root

Note: if you don’t upload that .htacess you wont see this home folder


Step 9

Now click on that home folder and upload the domain.php file to get usernames. Or use the command cat /etc/passwd, to get the usernames.




Step 10

Now go to bing.com enter ip:xx.xx.xx.xx/joomla to get joomla sites on server search for names in users column of that sites once found. Place that name after home and add public_html like www.site.com/abc/123/root/home/victimusername/public_html


Step 11

When you do that you will get access to dir of that website.

Step 12

Now click on configuration.php it will show you blank page> Don’t worry just right click their and view page sources you’ll have database access.


Even if the admin has changed the admin login page or the configuration file, You can still find it by using this method.

About the Author:


Avinash is a security researcher and a blogger. He runs a blog http://www.hackerzadda.com/, where he writes about hacking. 

13 comments:

  1. I need an online tutor on hacking & CEH...can u?

    ReplyDelete
  2. #All the Best Avinash !! It's just awesome article :)

    #Regards
    M.Gazzaly
    #greenhathacker.blogspot.com

    ReplyDelete
  3. Good Tut Dude...

    the pass will be jaguarhackerpro
    or izriino or izri-ino
    of jaguar.izri

    ReplyDelete
  4. @anonymous jaguarhackerpro

    @M.Gazzaly Thnks

    ReplyDelete
  5. THis is just one n0rm@l way, THere are some other methods also like reading from cpanel, Bypassing Appache... and some m0ree, these methods are availble on normal servers not for bypassing hostgator or secureservers or websitewelcome servers on those servers the method i said are usefulll... for Pawning..

    ReplyDelete
  6. These methods are for unprotected and normal servers not for heavy security servers like websiteweclome, secureservers, hostgator... in those servers appache bypass, cpanel read files and jumping works..... @@ peace.. H4x0rL1f3...

    ReplyDelete
  7. PLS I WANT TO LEARN HOW TO HACK AND MONITOR ACCOUNT.......

    ReplyDelete
  8. for some sites i am getting a 500 internal server error while running jaguar.izri.
    how to solve this ?

    ReplyDelete
  9. i get 500 Internal server error when i click on Jaguar.izri
    link..
    please tell me how to solve it..
    i Stuck here

    ReplyDelete
  10. 500 internal server error => check that you have permission to read/write

    ReplyDelete
  11. Good Posting man , its very hopeful for me ...

    ReplyDelete
  12. Some bypass efectyve for 500 internal server error

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.