Tuesday, April 3, 2012

Find Uploded Shells Using "Index of /sh3llZ" Google Dork

After getting the admin access hackers are Uploading their control penal (that’s call shell). Shell allows hackers to hack/deface the website and using the shell hacker can get root access. Sometime hackers left the shell in vulnerable sits. And here is some Google dorks which helps you to find the shells.

Use one of the following Google dork to find the shell:

      intitle:index of/sh3llZ
     "Index of /sh3llZ"  
    "/sh3llZ/uploadshell/uploadshell.php"

Usually hackers upload shell to victim's site using the vulnerability in that website. Shell allows hackers to hack/deface the website. Sometimes hackers left the shell in the vulnerable sites.  Here is simple google search allows you to find a shell uploaded by hackers.

These Google Dorks show the list of sites that has a sh3llZ folder. Probably, there will be link to c99 shell.  If you click the link, it will land you in a shell page. Using that shell, you can upload your own shells or deface the sites. You can see in the above figure there are some shells like c99.php , c100.php etc. using that shell u can upload your shell and you can also deface that site.
           
     
Example Sites:

http://www.admin-portal.com/sh3llZ/
http://sqladminportal.com/sh3llz/
http://donate-for-charity.com/sh3llz/
http://netdesigns.org/sh3llZ 

http://www.sexymodelforum.net/sh3llZ/
http://active-layout.org/sh3llZ
http:// blog.dark-action.net/sh3llZ/

http://blog.brainshots-blog.com/sh3llZ/
http://activedesigns.org/sh3llZ/
http://john.charity-zone.com/sh3llZ/
http://donate-for-charity.net/sh3llZ/
http://balcesishop.com/sh3llZ/
http://to-charity.com/sh3llZ/
http://smf-forum.org/sh3llZ/
http://darkactioncomics.org/sh3llZ/
http://active-designer.net/sh3llZ/
http://www.balcesi-online.com/sh3llZ/
http://fisher-freelance.org/sh3llZ/
http://donate-for-charity.com/sh3llZ/
http:// Forum.brainshotsblog.com /sh3llZ/ 
http://sexymodelsmf.com/sh3llZ/
http:// john.shots-blog.com/sh3llz/
http:// fisher.active-styles.com/sh3llz/
http:// blog.balcesionlineshop.org/sh3llz/
http://forum.phpadmin.org/sh3llZ/


Credit:
Minhal Mehdi


If you like this post then kindly Share with your friends and groups and hit like
Connect With us on Facebook.

Thank You For Visiting.....



Written by

Hello, My name is Ankit Bhandari You can visit and Learn Ethical Hacking from my blog. But all these hacking tricks only for educational purpose. Me and My Blog will not responsible for any wrong use of this. Enjoy it but never miss use it.

0 comments:

Post a Comment

 

© 2014 Invisible Hackers. All rights Reserved. Designed by InvisibleHackers