This forum is in archive mode. You will not be able to post new content.

Author Topic: No upload option in Admin panel how to deface after complete Admin access  (Read 4857 times)

0 Members and 1 Guest are viewing this topic.

Offline Infinityexists

  • Peasant
  • *
  • Posts: 74
  • Cookies: 1
    • View Profile
I got the Administrator access in to 15 different websites and complete database but i couldn't find any of the option to upload anything in the admin panel :/
how could i suppose to deface without the upload and having a complete SQL database

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Deface is very lame. But if you certainly MUST do it, then you probably could make a new PHP file and paste the php shell code in there. Of course assuming that file management option is available and you have a writable directory.

Think out of the box, dude.

Offline ovi_x

  • Peasant
  • *
  • Posts: 98
  • Cookies: -21
    • View Profile
yep  do as kulverstukas sad try to  get your  self  some  shell in  the panel or  try  to get it  by  file  transfer you  got  ftp option

Offline Pak_Track

  • Royal Highness
  • ****
  • Posts: 762
  • Cookies: 69
  • Paratrooper
    • View Profile
    • My Home
I got the Administrator access in to 15 different websites and complete database but i couldn't find any of the option to upload anything in the admin panel :/
how could i suppose to deface without the upload and having a complete SQL database
I quote Phage, (who knows a lot about website hacking) "deface is lame."
 I haven't done much SQLi defacing but if the site is vulnerable to XSS and you can find a persistent vulnerability, you can enter this script into it:
Code: [Select]
-><script>window.location="PASTEHTML DEFACE PAGE LINK HERE";</script>and you can check if it's vulnerable with this:
Code: [Select]
<script>alert("xss")</script>
hope this helped you

'Life is but a series of conflicts between the easy way and the right way.'
The more you know, the more you'll realize you know nothing. -Snayler
The problem with being a smart motherfucker is that sometimes the stupid motherfuckers think you're a crazy motherfucker.
dont u hate it when you offer help and the other person says yes -Pakalu Papito

Offline Daemon

  • VIP
  • Baron
  • *
  • Posts: 845
  • Cookies: 153
  • A wise man fears a gentle mans anger
    • View Profile
If you have admin access could you not just ftp your photos or whatever and edit the html to show your new photos?

Or am i missing something here?
This lifestyle is strictly DIY or GTFO - lucid

Because sexploits are for h0edays - noncetonic


Xires burns the souls of HF skids as a power supply

Offline Pak_Track

  • Royal Highness
  • ****
  • Posts: 762
  • Cookies: 69
  • Paratrooper
    • View Profile
    • My Home
If you have admin access could you not just ftp your photos or whatever and edit the html to show your new photos?

Or am i missing something here?
he wants to completely deface the site like this: http://glovepie.org/

'Life is but a series of conflicts between the easy way and the right way.'
The more you know, the more you'll realize you know nothing. -Snayler
The problem with being a smart motherfucker is that sometimes the stupid motherfuckers think you're a crazy motherfucker.
dont u hate it when you offer help and the other person says yes -Pakalu Papito

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
he wants to completely deface the site like this: http://glovepie.org/

Who ever done that doesn't need to be on the internet. Skids, I swear....
>>>import this
-----------------------------

Offline Pak_Track

  • Royal Highness
  • ****
  • Posts: 762
  • Cookies: 69
  • Paratrooper
    • View Profile
    • My Home
Who ever done that doesn't need to be on the internet. Skids, I swear....
i agree. more than half of these "hackers" are using Havij or SQL Map. And I don't understand what they get by defacing sites. It's not as if they learn or achieve something :P

'Life is but a series of conflicts between the easy way and the right way.'
The more you know, the more you'll realize you know nothing. -Snayler
The problem with being a smart motherfucker is that sometimes the stupid motherfuckers think you're a crazy motherfucker.
dont u hate it when you offer help and the other person says yes -Pakalu Papito

Offline volcano123

  • /dev/null
  • *
  • Posts: 19
  • Cookies: 0
  • join the dark side we have cookies ^_^
    • View Profile
Who ever done that doesn't need to be on the internet. Skids, I swear....
Just have a sense of humor OP if you hacked a catholic website for instance put a picture of a pedo bear or something.  If you hack a government website post some fake news post about the vaccine they released causes cancer.


Stuff like that is indeed funny, the more believable the better.  Though I agree with what techb said, it's lame.  Your are not hacking you are more of a troll or a skiddy in my opinion.
Would I buy the same car twice?  No I would not, ever do this.  Do not support greed of companies if you bought a book don't buy it again on your ipad.  You own it, there is no license there is no copy right you bought it.  Torrent everything never pay another dollar.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Triple X is a gay ass name too.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline namespace7

  • Sir
  • ***
  • Posts: 561
  • Cookies: 115
  • My Brother's Keeper
    • View Profile
Re: No upload option in Admin panel how to deface after complete Admin access
« Reply #10 on: January 13, 2013, 06:55:05 PM »
how could i suppose to deface without the upload and having a complete SQL database

From your question I can see that you don't really know how web dev works.
Looks like you have no idea about hacking at all. Defacing? Are you serious? Only retards who are desperate for attention and recognition do defacing.

If you want publicity go run around the town naked or something.

"A programmer’s greatest enemy isn’t the tools or the boss or the artists or the design or the legacy code or the third party code or the API or the OS. A programmer’s greatest enemy is getting stuck.
Therefore a crucial step to becoming a better programmer is learning how to avoid getting stuck, to recognize when you’re stuck, and to get unstuck." -Jeff Wofford

Offline geXXos

  • Royal Highness
  • ****
  • Posts: 646
  • Cookies: 178
    • View Profile
Re: No upload option in Admin panel how to deface after complete Admin access
« Reply #11 on: January 13, 2013, 07:52:54 PM »
If you hack a site and deface for a reason (ie. a company is treating its employees like shit or to pass a political message etc.) i'm fine with that, otherwise, deface is fail.



EDIT*
a deface where the attacker makes a comment like that:
Quote
hahaha, your site has been hacked by h4x0r1983883,hahahahha, admin you are a fool...
contacte me cocksucker@wannabehacker.skid
This is totally tragic.
But a deface like this imo is something that i may enjoy,
Quote
hello friends!
pandasecurity.com, better known for its shitty ANTIVIRUS WE HAVE BACKDOORED, has earning money working with Law Enforcement to lurk and snitch on anonymous activists. they helped to jail 25 anonymous in different countries and they were actively participating in our IRC channels trying to dox many others. Aside how clueless they are and how disgusting they look sucking police tiny dicks and even how much fun we got when they are trying to sell IT security services xD that only helps to endanger people even more;  they contribute to bring activist to jail. activists, not even hackers. common people who are trying desperately to denounce  the injustices happening on their countries right now.
we should just say:
yep we know about you.
how does it feels being the spied one?
eat cock now.
I don't condone anybody committing any kind of illegal activities, just saying..
« Last Edit: January 13, 2013, 08:12:35 PM by geXXos »

Offline namespace7

  • Sir
  • ***
  • Posts: 561
  • Cookies: 115
  • My Brother's Keeper
    • View Profile
Re: No upload option in Admin panel how to deface after complete Admin access
« Reply #12 on: January 13, 2013, 09:15:15 PM »
Exactly geXXos. Exactly. Leaving a subtle message isn't real deface in my eyes.

Especially if it is there for good reasons.

However the OP said clearly that he has like 15 admin accounts to different websites, so I really think they are just random websites and he intends to vandalize them. And that I dont like.

If I catch a guy who does website vandalizing in real life, then I would have a very serious talk with him.
"A programmer’s greatest enemy isn’t the tools or the boss or the artists or the design or the legacy code or the third party code or the API or the OS. A programmer’s greatest enemy is getting stuck.
Therefore a crucial step to becoming a better programmer is learning how to avoid getting stuck, to recognize when you’re stuck, and to get unstuck." -Jeff Wofford

Offline ovi_x

  • Peasant
  • *
  • Posts: 98
  • Cookies: -21
    • View Profile
Re: No upload option in Admin panel how to deface after complete Admin access
« Reply #13 on: January 15, 2013, 11:34:30 PM »
we haven't heard  from  the main  man that  started  this  tread  sow pleas don't  spam to make  you'r lazy  asses post count  or I  might  believe that  Ande make  evreyone  vip  here

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: No upload option in Admin panel how to deface after complete Admin access
« Reply #14 on: January 15, 2013, 11:45:29 PM »
As for the deface that was posted that I replied to, there was no reason for it. Who ever did it is a skid. GlovePie did nothing to anyone. They provided opensource code to help. The things they posted and provided where great and I have used there code myself. There was no reason other than being a douche to deface that site.
>>>import this
-----------------------------

 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.