Monday, November 28, 2011

Shell Uploading


Many times you want to upload a shell to a website, but the websites allows only jpg to be uploaded. You tried everything like NULL-bytes and so and, but nothing worked. Thats because the site uses php-functions like "GetImageSize" to veryfie that it is really a picture. But you can bypass that.

Ok lets start:
What do you need?:
edjpgcom (search on google or download this one: http://www.mediafire.com/?1u8635yrteswv30

A jpg-image (it should be very small like 1x1px because big pictures can cause errors in the php script. (you can take this one: http://www.mediafire.com/?t28xp2714pw64bp
 


What Next after Downloading?
open cmd (win+r cmd enter)
use cd to change the directory to the one where you stored the two files.
now type (without the quotes) "edjpgcom image.jpg"
it will be some thing like this
 
 

When you press enter you will see some thing like this

Now edjpg will open, and you can write your php code into the picture.
I will use <?php phpinfo(); ?> as example.
Click ok. now your image contains your php code.

Change the extention of the image file from .jpg to .php and upload it.

Why does this work?

GetImageSize only works with images, but your image.php looks for php like an image with a comment inside, the extention doesent matter.
Many php tutorials like this one:http://www.php-einfach.de/tuts_php_datei_upload.php say GetImageSize is secure, and many websites use it.

9 comments:

  1. When I wanna Save This It Give me A Error Msg " Permission Denied, Can't Rename". What Shall I Do ?

    ReplyDelete
  2. After you write the code and click on ok... close the command box and then try to rename.It should work. Im able to rename. if you want i can post a video tut for this..

    ReplyDelete
  3. Please post a video tutorial for this.....I

    ReplyDelete
  4. bro not etension change nahi hota video tutorial plsss

    ReplyDelete
  5. help me pls i cant run ng edjpg

    ReplyDelete
  6. bro, It deletes automatically after some 10 seconds.. I dont know why...?

    ReplyDelete
  7. Hi Buddy! Nice site with great posts.Keep it up! :)

    ReplyDelete
  8. why not rename your shell to shell.php.pjpeg that would work..

    ReplyDelete