Today we will be discussing about „Different ways of uploading Shell“.
Most of us have tried to upload shell many time, sometimes we succeeds and sometimes not. But let me tell you my friends, there are always ways to trick the code written by a lonely unemployed developer who mostly left some bugs in the code to be found by the guys like you. So here the ways according to me could be the ways of upload shell :-
1. StraightFoward shell :- Sometimes we get lucky. Shell is uploaded easily as you would have expected. But this is very rare these days unless some stupid p0rk admin likes to invites Indians dicks on his server. I am sure there are many still lives….
2. Some other ways:- Ok here are some other knows ways of uploading the shell. Most of these using NULL at the end of the shell filename to trick the uploader. When try to browse the shell URL, server ignores the NULL and shell is presented.
and some of these variants:- shell.php;.me.jpg
3. PHTML- Few of us still dont know what this is. File having the extension .PHTML is a combination of PHP + some scripting. PHP engine renders it as PHP, so whatever code is written in this file will gets rendered and executed. Mostly admins forgot to mark this extension as prohibited. So you can check this also while trying to upload the shell.
3. Using different versions of PHP:- Sometimes different versions of PHP is installed on the servers. This becomes the biggest loophole for uploading shells and then eventually rooting servers. Generally admins either ignores it or not aware of this at all. You can check for different versions of PHP having file extensions like .php1, .php2, .php3, .php4, .php5 and .php6
4. .Htaccess way :- One of the best way is to upload the .htacess file. It can change the current folder settings to accept the different extensions of your choice. Let me post you an example of such .htaccess file:-
AddType application/x-httpd-php .hack
Now upload file having .hack extension
5. Live HTTP HEADERS or Tempar Data: These 2 addons the most widely used by us today. LIVE HTTP Headers is famous for uploading shell by changing content-type to image/jpeg, gif etc. TEMPAR DATA is good for testing sqli, LFI etc. You can find tutorials for this on these forums. Try using text/html for LIVE HTTPHeaders.
6. Injecting the code in the jpeg file :- There are some tools available today while would allow you to inject the small PHP/ASP code in JPEG. The tool called edjpgcom.exe. You can find it easily on net. There some videos examples available on youtube. One can also inject the code using jpeg editors. PHP engine parses the php code hidden in the jpeg and php code gets executed. These days mostly uploaders readily accept the JPEG files, so this could be the best option to upload the shell successfully.
I hope you would find this tutorial useful.