Tuesday, 26 April 2016

Upload Shell Using Tamper Data

While hacking u must have come along some sites or pages where they ask you to upload shells in just .jpg or some image format and i dont think you must be having any image shell :p . Anyways lets begin. You must have heard of data tampering or Tamper Data? No? Well, i will tell you...


 Tamper Data is a firefox addon which is used to view and modify HTTP/HTTPS headers and post parameters.Trace and time http response/requests.Security test web applications by modifying POST parameters.


First of all- download tamper data from here:  https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ (remember to use Firefox)-

Install it and restart firefox. (It works with almost all the versions of firefox).-

Rename your .php shell to .jpg shell. e.g. : if the name of your shell is shell.php, make it shel.php.jpg or shell.php;.jpg shell.php;.jpg (To bypass website's security).

- find website to upload images


1- Locate your shell and place it in the upload box.



2-Click on tools in firefox menu and select Tamper Data.



3- Wait...Dont click on upload/save button , instead click on Start Tamper in tamper data addon and remember dont open any extra tabs except the uploading page.



4- Now hit the upload button.

5- After clicking on upload a window will appear, click on Tamper button.



6- Then you will see a tamper popup, copy all of the text of POST_DATA in a notepad. press ctrl+f in notepad and find shell.php.jpg or shell.php;.jpg and delete .jpg :) shell.php






7- Now again copy all the things in notepad and paste it in  POST_DATA field and click ok 




8- Locate ur pic/shell, What? You are done. your shell will be uploaded in the .php format..
 
 
Bye!

No comments :

Post a Comment

Super Blog Directory