Introduction
Sometimes site that is your TARGET just isn't hackable. Even Acunetix Web Security Scanner can't find useful vulnerability. In that kind of situation the only thing that might work is to hack site (backdoor site) that is on same server and through that site and through server to penetrate the site.
Tools required:
GNY.Shell
Finding Backdoor Site
To find backdoor site go to
Code:
http://www.domaintools.com/![[Image: ttvofzahtmny.png]](http://d1.dipads.net/i/00025/ttvofzahtmny.png)
As a result you'll get Whois Record
![[Image: yj4zgv59y870.png]](http://d1.dipads.net/i/00025/yj4zgv59y870.png)
Look for Reverse IP
In our case 25 other sites hosted on this server.
Click on it to see names of the hosted sites on the same server.
![[Image: g9gw24idoktm.png]](http://d1.dipads.net/i/00025/g9gw24idoktm.png)
You will see few of them, to see all, click on more...
To see them all you must be a member.
You can easily Sign up for a FREE account by cicking on Create an Account
(use some anonymous email service for that)
As a member you can see all 25 other sites hosted on that server.
Hacking Backdoor Site
Here we have 25 potentional backdoor sites and our target one.
Let's say after analysing we find that our backdoor sites No17 (as example) and target No22
![[Image: 8lgqjhj76hqz.png]](http://d1.dipads.net/i/00025/8lgqjhj76hqz.png)
Backdoor site can be any one from the list who can be hacked and sell uploaded
![[Image: rq9k3vq8go5k.png]](http://d1.dipads.net/i/00025/rq9k3vq8go5k.png)
Penetrate Target Site
By cicking on var/ at www.backdoorsite.com we go straight to root of the server
![[Image: 2x5pk22e8u24.png]](http://d1.dipads.net/i/00025/2x5pk22e8u24.png)
Where we can find our www.target.com dir.
Sometimes premisions isn't drwx but dr-x which is more then enough to read configuration file.
![[Image: rni1js1ocemg.png]](http://d1.dipads.net/i/00025/rni1js1ocemg.png)
With data from that file we can hack unhackable site...
©2011, copyright BLACK BURN
i love your site dude you're awes0me.. i ♥ y0u :P
ReplyDelete