Latest News

Upload php shell using Tamper Data

In this I will show you how to upload a shell ...

Upload php shell using Tamper Data :)


While hacking u must have come along some sites or pages where they ask you to upload shells in just .jpg or some image format and i dont think you must be having any image shell :p . Anyways lets begin. You must have heard of data tampering or Tamper Data? No? Well, i will tell you...


 Tamper Data is a firefox addon which is used to view and modify HTTP/HTTPS headers and post parameters.Trace and time http response/requests.Security test web applications by modifying POST parameters.


First of all- download tamper data from here:  https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ (remember to use Firefox)-

Install it and restart firefox. (It works with almost all the versions of firefox).-

Rename your .php shell to .jpg shell. e.g. : if the name of your shell is shell.php, make it shel.php.jpg or shell.php;.jpg shell.php;.jpg (To bypass website's security).

- find website to upload images


1- Locate your shell and place it in the upload box.



2-Click on tools in firefox menu and select Tamper Data.



3- Wait...Dont click on upload/save button , instead click on Start Tamper in tamper data addon and remember dont open any extra tabs except the uploading page.



4- Now hit the upload button.

5- After clicking on upload a window will appear, click on Tamper button.



6- Then you will see a tamper popup, copy all of the text of POST_DATA in a notepad. press ctrl+f in notepad and find shell.php.jpg or shell.php;.jpg and delete .jpg :) shell.php






7- Now again copy all the things in notepad and paste it in  POST_DATA field and click ok 




8- Locate ur pic/shell, What? You are done. your shell will be uploaded in the .php format..



-------------------------------------------------------------------------------------------------------KNOXD3CrypT0r

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code