Tuesday, 18 November 2014

Bypass The Uploaders To Upload Shell / Virus!

Today i want to share some techniques which i use to bypass the uploaders to upload shell i hope you will find this article informative.

Hackers always try to find a way inside to exploit and upload their shell to the server or website and for this many times they have to face the restricted uploaders like some uploaders allow only image files like .jpg or .gif etc.

Uploaders actually work in a same way rather they are in php , asp , aspx or any other file format but the technique from which the up loaders detect the shell is same and below are the methods by which uploaders detect the shell.


How They Detect the Shell / virus 


  • By Name 
  • By Source Code


These are two most common way by which uploaders detect your php or asp shell and below we will learn how can we bypass those image or restricted file uploaders.

As i have mentioned the two types of uploaders the one is By name and the second is by Source code now below are the ways by which they detect the uploaders.

1. By Name

  • Disallows the file if it consists .php name 
  • Allow,s the file if it consists .jpg

2. By Source Code
  1. Allows the file if it consists ‰PNG  ( It is Included in every PNG Image file in Starting )
  2. Disallow,s the file if it consists of <?php ( included in every php file in starting ) 

First We will cover the topic No 1

Many Uploaders only detect the php file by its name like if our shell is named shell.php it will read its name and will disallow it but how could we by pass it ? 

  • We can bypass the uploader by creating a combination of upper case and lower case in php file like .PhP or pHP or pHp 

  • we can also bypass it by simply adding .png name in its name before .php because we know that many uploaders read the name of a file and if it contains .png or .jpg in its name they will alow that file to upload example shell.png.php or shell.png.pHp
Advance Method to bypass ( Topic 1) 

One of the most popular advance method used by attackers or hackers is by editing the HTTP Request and sending a customized request to the server and this method works for many peoples.

We will use a Firefox add-on for this purpose so download it by clicking here ( Live HTTP Headers ) 
First Rename the shell file into .jpg like mine is cmd.asp i will rename it into cmd.jpg 
Now we have this uploader and chose your cmd.jpg or the file which you want to upload 



Now after chosing your file , in FireFox click on Tools > Live Http Headers >
And after this Live Http Headers will start up and make sure that capture box is checked and after click on upload to upload your file and Live Http Headers will start capturing the Http packets.


Now Scroll Upside and try to find the name of your file like mine is cmd.asp and after finding that click on it and click on replay and after clicking on it a new window will pop up like below 



Now After clicking on replay you will get the name of your file like cmd.asp and rename it into cmd.jpg.asp and now click on replay and it will resend the http customized request to the server by saying that it is an image file even if named .asp server will allow it because of the http customized request.

And in this way we can also bypass the uploader so our topic one got cleared now lets proceed to the topic to which is Detecting by reading the source code.


  • By Reading the Source Code

we know that some uploaders detect the file by its source like we have a php shell and its named as shell.php and if we open its source we will ind <?php at the starting of the file source and this is what exactly the uploader dose it reads that <?php in the starting and disallows the file

So by adding some source code of picture in the starting of the php file this will allow us to bypass the uploader like below as shown in the picture so click on it to zoom.

Here we have opened one png image file in a notepad and copied the source code from starting of it and pasted it into the php shell file so when we will upload the uploader will scan the %PNG symbol and will allow the file to get upload but keep in mind that there are many uploaders which reads the complete source code and if there,s a <?php any where in the file this will deny the php file So also try to encrypt the php file.


No comments:

Post a Comment