25 sites Owned by JackDaniels

3SidedSquare · 01-23-2013, 06:21 AM

Of course, masking a shell as a .png is relatively easy; plus your browser knows what to do when it sees it. Give me a sec and I'll dig up a tutorial.

Although I'm not sure where your easy money is

Edit:
Here you are
http://ankitthehacker.wordpress.com/2011...d-a-shell/
Go down to step 4, it'll show you how to upload a shell with a .png extension

BreShiE · 01-23-2013, 07:09 AM

(01-22-2013, 02:52 AM)3SidedSquare Wrote: So why did you upload an image instead of a shell?
I would think the ultimate goal would be to deface the site. Right?
Unless you got something else going on in there...

(01-22-2013, 06:29 AM)Phytrix Wrote:
(01-22-2013, 02:52 AM)3SidedSquare Wrote: So why did you upload an image instead of a shell?
I would think the ultimate goal would be to deface the site. Right?
Unless you got something else going on in there...

My thoughts exactly. So it's not really a deface, just using an exploit to upload a jpg.

It's because the site upload doesn't allow .php files to be uploaded, only un-harmful ones. It's not anything to shout about, that's why you don't see people using these exploits any more.

JackDaniels · 01-23-2013, 01:21 PM

(01-23-2013, 06:21 AM)3SidedSquare Wrote: Of course, masking a shell as a .png is relatively easy; plus your browser knows what to do when it sees it. Give me a sec and I'll dig up a tutorial.

Although I'm not sure where your easy money is

Edit:
Here you are
http://ankitthehacker.wordpress.com/2011...d-a-shell/
Go down to step 4, it'll show you how to upload a shell with a .png extension

Very good tutorial, I will try out your stuff and hope I really learn something!

25 sites Owned by JackDaniels
Author Message