You are on page 1of 14

SECUGENIUS SECURITY SOLUTIONS

--------------------------------------------------------------------------------------

(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)

Company Profile:
Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius Security Solutions are providing training in Information Security and various professional courses. Secugenius Security Solutions is an organization which believes in inventing and implementing new ideas to influence the technological minds of the youngsters Looking at the number of Cyber Crimes since last many years, We at Secugenius Security Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank Employees, Police officials. Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the benefit of the students & making them aware of the latest trends in technological era of the Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime Investigation & Forensic Sciences Secugenius provides various security solutions to its clients by securing their websites from cyber attacks. We provide training to college students, graduates and professionals in various fields. Education is delivered to students through two modes i.e. Regular mode and Distance mode which are available as short term and long term courses. In the workshops conducted by Secugenius, participants can claim to be trained by the highly experienced & skilled corporate trainers from different parts of the nation. We believe in making the base of students to be as strong as possible. All the modules have been designed in order to provide students with specialized knowledge by specialized trainers. This library was furnished, managed and funded by the Founders and Directors of Secugenius Er. Harpreet Khattar & Er. Kshitij Adhlakha . The overall resource person for the content of the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security Solutions.

This Online Digital Library has been initiated as a free resource & permanent resource on specialization basis for every student of Team Secugenius.

SYMLINKING PART 3 With TWO Indian Shells


Product ID No: SG/ODL/13040 Founder & Director: Harpreet Khattar & Kshitij Adhlakha Resource Person: Chetan Soni & Kamaljeet Kumar Sharma
Secugenius Security Solutions SCO-13A, Model Town Extn, Near Krishna Mandir, Ludhiana-141002, Punjab India support@secugenius.com, info@secugenius.com www.secugenius.com , www.seculabs.in

Target - Hack all the wordpress sites which are hosted in one server by using only two Indian scripts.

Requirements:- A Shelled Site Two INDIAN shells/scripts ( Dhanush.php , Configkiller.php)


STEP 1 Go to Your shelled website. (example.com/shell.php ) Make sure you are in public_html directory in your shell.

Now make a new directory name sym without quotes.

STEP 2 After making a new directory, it looks like as shown in picture below.

After opening it upload your CONFIGKILLER.PHP

two

scripts

named as

DHANUSH.PHP

and

STEP 3 When you upload all two files in your directory you are ready for the next step. Now open that directory in new tab which you make. e.g. www.yoursite.com/sym /,

STEP 4 Now you can see there are two shells, now open the configkiller.php in new tab.

STEP 5 Now click on use to Generate PHP.ini . After clicking on it, then click on use to Extract usernames button. When you click on second button you see some names in box.

Now click on lets start button. STEP 6 After click on start button it looks like this.

Now click on configuration files button as you can see in picture. After clicking on configuration files it shows all the configurations files of all websites which are hosted in same server.

STEP 7 Now open any wp-config.php file. And youll get the Database Username Database Password in that file.

Now open the Dhanush.php in new tab and click on SQL button in Dhanush . php shell. After click on SQL button you got a screen which is shown in RED color BOX.

Now fill database username and database password which we copy from wp config.php file and click on connect button. After click on CONNECT button you got the database of that website.

STEP 8 Now click on Tables which is highlighted with blue color box and you got all the data. Now to find the web address of this site click on wp_options .

And you got the web address of your targeted website.

STEP 9 After that click on back button and now click on wp_users

After click on wp_users you got all the personal information about the admin. Now click on the EDIT button.

Here we got the user login and password , But as we can see password is in encrypted form so we are unable see the password correctly.

Now open the new tab and type md5encryption.com and encrypt the 12345 or any word you like and copy it.

STEP 10 After copy the encrypted word paste it into the database of the website.

After paste the password click on edit data.

STEP 11 Now open our targeted website admins page e.g:- www.yourtargatesite.com/wpadmin

Here fill the user name which we copy from the database and password. NOTE: - Password is that which we encrypt from md5encryption.com (12345) And hit LOG In button. And we entered in dashboard successfully.