Uploading PHP Shell [Live HTTP Headers - and more ...]
#1
First try using the Live HTTP Headers // Tamper data repeat attack:
http://anonghostbd.blogspot.se/2014/08/u...aders.html

Spoiler(Show)
Shell Uploading With Live HTTP Headers

For this tutorial you need :
Mozilla Firefox
Live HTTP Headers ->
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/?src=ss

Find an website which allows you to upload .jpg , .png or any other extension

So now once you have found a website , we are going to try and upload .php file
For example if i try to upload inj3ct0r.php

The server rejects the file and says wrong extension
Now we are going to rename our shell to
Code:
inj3ct0r.php.jpg

Now try opening the Image , Right click on it and open in new tab
Now go to the upload spot and click browse
Go to the Live Http Headers and run it
The Capture Box should be checked

Now upload the shell , Wait for it to load completely and our inj3ct0r.php.jpg should come up on the Live Http Headers
Highlight the shell name and click on the replay button

A new windows should popup , now we have to find our shell name for example inj3ct0r.php.jpg and rename is to inj3ct0r.php
Now when you have done that click the replay button again

The page should refresh
Now right click on the picture you upload and open in new Tab

There you go the shell should be there

If above method/file extension fails, work your way down via the following methods:

A
Try to use any of these extensions:
file.php.jpg (wii u might use the extension after the first . to detect the extention)
  • File.jpg.php (The upload script thinks it's an jpg and allows the upload to continue even if it's a php file)
  • File.php%00.jpg (Null character termination this will create file.php)
  • File.php;.jpg (This will create file.php on the server)
  • File.php%0c%0a.jpg (Carriage return, this will create file.php on the server)
B
.php might be blacklisted so try .php5, .cer, .shtml etc. If shtml is enabled me can execute commands using the following:

Code:
< !--#exec cmd="COMMAND" -->

C
Upload a .htaccess file containing the following:

Code:
<Files shell.jpg>
AddType application/x-httpd-php .jpg
</Files>

This tells the webserver to execute shell.jpg as a php file so me can then upload mine shell as a regular jpg file.

This will overwrite any existing .htaccess files so try this method last!

Note: The post above is not mine, just sharing some good methods :p

Credits:
Live HTTP Headers - yakuza112.
File extension methods - Crassus @ Hacksociety.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CRLF Injection - Manipulating an HTTP Request Insider 1 629 06-16-2020, 12:38 PM
Last Post: dropzone
  [Tutorial] XSS through Exif headers Insider 1 627 06-16-2020, 11:51 AM
Last Post: LaZr4us
  [Tutorial] PHP CGI exploit Insider 0 549 06-16-2020, 11:34 AM
Last Post: Insider
  [Tutorial] Request header MySQL injection using netcat and burp suite Insider 0 553 06-16-2020, 02:53 AM
Last Post: Insider