sandabot Posted February 7, 2012 Report Posted February 7, 2012 (edited) IntroductionSometimes site that is your TARGET just isn't hackable. Even Acunetix Web Security Scanner can't find useful vulnerability. In that kind of situation the only thing that might work is to hack site (backdoor site) that is on same server and through that site and through server to penetrate the site.Tools required:GNY.ShellShell - PestebinFinding Backdoor SiteTo find backdoor site go tohttp://www.domaintools.com/and in Whois Lookup enter your TARGET siteAs a result you'll get Whois RecordLook for "Reverse IP"In our case 25 other sites hosted on this server.Click on it to see names of the hosted sites on the same server.You will see few of them, to see all, click on more...To see them all you must be a member.You can easily Sign up for a FREE account by cicking on Create an Account (use some ********* email service for that)As a member you can see all 25 other sites hosted on that server.Hacking Backdoor SiteHere we have 25 potentional backdoor sites and our target one.Let's say after analysing we find that our backdoor sites No17 (as example) and target No22Backdoor site can be any one from the list who can be hacked and sell uploadedBy cicking on var/ at www.backdoorsite.com we go straight to root of the serverWhere we can find our www.target.com dir.Sometimes premisions isn't drwx but dr-x which is more then enough to read configuration file.With data from that file we can hack unhackable site... Edited February 7, 2012 by sandabot Quote
prime_edoced Posted February 7, 2012 Report Posted February 7, 2012 Reverse IP Lookup - Find Other Web Sites Hosted on a Web Serverbut, cu cat mai multa informatie free cu atat aceste metode isi vor duce spre null rata de reusita.. Quote
totti93 Posted February 7, 2012 Report Posted February 7, 2012 Da, am aplicat si eu asta, dar totusi depinde de permisiuni. Poate nu ai acces la acel `site`. Quote
MagicThunder Posted February 7, 2012 Report Posted February 7, 2012 Interesant postul dar restul nu vor intelege cum o sa folosesti tu scriptul ala de pe paste bin sa uploadezi shell:) Quote
DarkyAngel Posted February 7, 2012 Report Posted February 7, 2012 Interesant postul dar restul nu vor intelege cum o sa folosesti tu scriptul ala de pe paste bin sa uploadezi shell:)Probabil majoritatea nu vor în?elege nici un sfert din tutorial.. ap?i s? ajung? la shell . Oricum, bun tutorial ?i interesant ! Quote
