How to hack sites using symlink

Today I will show you how to hack websites hosted on the server using symlink. I'm not going to explain what is symlink. So lets begin.


Requirements:- 

• Shelled Website
• Some php files which will help you to gain symlink.
• To download them click here :- Click Here .

So now lets begin.


Firstly I want you to clear that it mostly works on Wordpress And Joomla sites only.

• First open your shelled site and then make a new directory, of whatever name you want. Ex:- xyz .
• Then in that directory upload the files which I have given you in upper section.
• After that Click on -rw-r--r-- of config.pl .
  
  
• Then from there change the value from 0644 to 0755 .
  
  
• Then open the config.pl . In my case, to open config.pl, I'll go to http://www.example.com/xyz/config.pl .
• Then you will see a box something like this.
  
  
• Then leave this tab open. And then open nsuser.php. In my case the nsuser.php will be at http://www.example.com/xyz/nsuser.php.
• Then in that click on Eval.
  
  
• After that there would be open a window something like this.
  
  
• Then click on Go button.
• After that you will see a list of text something like this, copy that.
  
  
• After copying paste it to the config.pl box which you have opened early. And then click on Dapatkan Config!
  
  
• Then go back to directory where you have upload all the files. In my case, it was http://www.example.com/xyz/ 
• In that directory you will get all the config files of the sites hosted on the server.

[Brief Note On Config Files :- Config Files are those which contains the database name and username, password also.]

• Now you have done successfully.

You have now database name, username of database and also the password.

Now may be you have a question how to connect with database or where to put these credentials.

So lets begin:-

• Now the file ida.php from where you have uploaded. In my case the ida.php file is in http://www.example.com/xyz/ida.php .
• Now there would be a window open like this.
  
  
• After that click on sql.
• Then in Login - Type username
       Password - Type password
       Database - Type database name
  
• Then click on double arrow ">>" button.
• Now you are connected to database.
• After that make a check mark in wp_user and then click on dump.
  
  

[Note:- There may be chances that the wp_user can renamed to another name, for example db_user etc.]

• After that the dump.sql will saved at, where you have uploaded the previous files. In may case, the file dump.sql saved at http://www.example.com/xyz/dump.sql .
• So now lets open the dump.sql .
• Boom !! now we have got the admin username, password and email.
• Now use these credentials to login the admin panel.

But now you have the question where I put these credentials and how to know these credentials are of which site.
So now lets begin.

• Copy the name of the db_user [which was found in the config file in .txt format]
• Now in my case the  db_user is localbus_main.
• Now again open the ida.php,and then go to under Symlink section, by clicking on the  Symlink.
  
  
• After that click on Whole Server Symlink. Then there you a huge list of sites which are are hosted on the server.
• Now then to find the site of which you got the credentials. Simply press ctrl+F then type your db_user name.
• In my case the  db_user is  localbus,so i'll try to search  localbus.
  
  
  
  
• Now your targeted site is infront of the username. Now login to your targeted site and do what ever you want.

Note:- This is only for educational purpose, For Any Illegal Activities No One Is Held Responsible In Any Ways

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!