Forum Thread: I Need Help on Uploading Shell but as Image Format.

I made a backdoor using weevely, but i discovered that the website i want to hack can only upload .jpg,.png,.gif but i tried using tamper data and live http header but they both didn't work for me.

Is there any other way for me to upload the shell backdoor?

6 Responses

I think you are confused about what you are trying to do. Weevely is a post-exploitation tool. Meaning remote access is already available or you find a vulnerable website that will allow you to inject your backdoor php code into their website.

but what if the website can only allow image format, and .php format can't be uploaded how will i do that using shell, because nothing seems to work for me.

How are you trying to upload your files? Is it though an upload button on the website?

Yes through an uploading file from the website, then made use of live HTTP that didn't work so i tried tamper data but didn't work as well, can you show how to upload the shell.

The type of attack you are trying to do is not what you are thinking it is. Like I said, you must already have exploited the website or have a vulnerability that allows you to upload directly to the web server code. The backdoor is a php code that must be put in the website code. Uploading a file to the server will not work. If it did it would be a Huge vulnerability for most websites.

If you want to hack a website try to learn database hacking. Sql injections.

Share Your Thoughts

  • Hot
  • Active