Menu
» » » Tutorial Upload Shell [ myBB ]

Today i'm going to share how to shell myBB sites after gailing admin privs.

What do you need:
  • Modified myBB skin xml
  • A working shell
  • Common Sense

Steps on how to get this working:
  • To start out we are going to head on over to the admincp, there is usually a link to it at the top of the page. Once logged in, you will see a tab labled Styles and Templates or something close to that. Now import a new theme (the modified xml linked above).


  • Use these settings:


  • If all goes well, you should havea green checkmark displayed at the top. Navigate over to templates and select your new template as default.


  • Now head over to the board index, at the top you will see at nice little upload shell. Now if you want to be sneeky about this, I suggest not setting the theme as the overall default but just make it the default for your account.

  • Ok so we have an up load, now what. Click browse and look for your shell. to the right of the browse button, you will see newfile.php, change this to read ./upload/SHELLNAME.php this is important that you write it this way. Any readable dir will work. I just choose upload for demonstrational purposes.
  • Now navigate to where you uploaded the shell (site.com/upload/shell.php)

And there you go fully working shell that bypasses regex security on myBB. I really wish I could have held onto this longer, but what can you do. HAPPY HACKING!

Full Copas
Diposkan oleh
Label: ,
di 7:22 AM

1 komentar:

Subscribe to: Post Comments (Atom)
 
Top