While hacking u must have come along some sites or pages where they ask
you to upload shells in just .jpg or some image format and i dont think
you must be having any image shell :p . Anyways lets begin. You must
have heard of data tampering or Tamper Data? No? Well, i will tell
you...
Tamper Data is a firefox addon which is used to view and modify
HTTP/HTTPS headers and post parameters.Trace and time http
response/requests.Security test web applications by modifying POST
parameters.
First of all- download tamper data from here: https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ (remember to use Firefox)-
Install it and restart firefox. (It works with almost all the versions of firefox).-
Rename your .php shell to .jpg shell. e.g. : if the name of your shell
is shell.php, make it shel.php.jpg or shell.php;.jpg shell.php;.jpg (To
bypass website's security).
- find website to upload images
1- Locate your shell and place it in the upload box.
2-Click on tools in firefox menu and select Tamper Data.
3- Wait...Dont click on upload/save button , instead click on Start
Tamper in tamper data addon and remember dont open any extra tabs except
the uploading page.
4- Now hit the upload button.
5- After clicking on upload a window will appear, click on Tamper button.
6- Then you will see a tamper popup, copy all of the text of POST_DATA
in a notepad. press ctrl+f in notepad and find shell.php.jpg or
shell.php;.jpg and delete .jpg :) shell.php
7- Now again copy all the things in notepad and paste it in POST_DATA field and click ok
8- Locate ur pic/shell, What? You are done. your shell will be uploaded in the .php format..
Bye!
No comments :
Post a Comment