In the name of Allah, most gracious and merciful
Assalam-O-Alaikum , Everyone in this guide i will show you how to upload a shell using tamper data , In this guide i am using DVWA ( Damn Vulnerable Web Application ) as my target site on my localhost
You can download DVWA by clicking here.
If you don't have any PHP shell you can download it here. This is a MEGA-SHELL PACK
I am using a 4041 shell in this TUT.
Let's Begin,
Step 1 :- When you have your victim website admin panel try to find image uploading options in the website, i am using DVWA so there is uploading option you can see in the image below.
Step 2 :- Click on the upload option in and this screen will appear.
Step 3 :- Now minimize this window for a second and open a notepad++ , ( If you dont have notepad++ you can download it )
And Open the Shell on it By Right-Clicking on the shell and then Click edit with notepad++ as shown in the picture below.
Step 4 :- When the notepad++ opened save the shell as 4041.jpg ( Image Format Jpeg). Shown in the image below.
Step 5 :- Now you are good to go now open the DVWA that you minimized and click on the Browse Button and select the shell in the image format but dont click on Upload Button now.
Step 6 :- Now Open Tamper Data Tools>>Tamper Data>Start Tamper and Start Tampering As shown in the image below.
Step 7:- Now click the Upload option and a A Box will appear on the tamper data box Click Tamper As Shown in the image below.
Step 8:- When you click TAMPER a window will appear again see in the right side there is box POST_DATA copy all the content from POST_DATA by Doing CTRL+A ( Select All ) And Copy Ctrl+C ( Copy ) And paste in the notepad..
Step 9:- Now Do CTRL+F to find 4041.jpg shown in the image below.
Step 9 :- Now change 4041.jpg to 4041.php and then this all and paste it in POST_DATA box in Tamper Popup , And click Ok And Stop Tamper :) Congratulation you have succesfully uploaded the PHP shell in the website, as shown in the image below.
Step 10:- Now open the shell , i am using localhost dat's why it's showing me the directory in and i can open it by going in to ../../hackable/uploads/4041.php.
Thank you.
Author : JinX!
Note : Educational Purpose Only
Frequently Asked Questions :-
Q1. What is Tamper Data?
Ans: Tamper data is a Mozilla-Firefox Addons which modify the headers of the HTTP request to the server.
Q2. How can we install Tamper data?
Ans: You can install tamper data by going to https://addons.mozilla.org/en-US/firefox/ And search for TAMPER DATA.
Q3. What is DVWA ?
Ans: DVWA is Damn Vulnerable Web Application for localhost which allows you to practice your skills in different attacks it is based on PHP.
Hello sir How do I use it on mobile
ReplyDeleteI have no PC because I am poor :( help me sir
Harrah's Cherokee Casino & Hotel - Mapyro
ReplyDeleteGet directions, 군산 출장안마 reviews and information for 세종특별자치 출장마사지 Harrah's Cherokee Casino 익산 출장샵 & Hotel in Cherokee, NC. 777 Casino Way, Cherokee, 경상남도 출장샵 NC 28719, 원주 출장안마 28719.