SECUGENIUS SECURITY SOLUTIONS

--------------------------------------------------------------------------------------

(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)

Company Profile:

Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student

Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS

are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius

Security Solutions are providing training in Information Security and various professional courses.

Secugenius Security Solutions is an organization which believes in inventing and implementing new

ideas to influence the technological minds of the youngsters

Looking at the number of Cyber Crimes since last many years, We at Secugenius Security

Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank

Employees, Police officials.

Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the

benefit of the students & making them aware of the latest trends in technological era of the

Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the

nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime

Investigation & Forensic Sciences

Secugenius provides various security solutions to its clients by securing their websites from cyber

attacks. We provide training to college students, graduates and professionals in various fields.

Education is delivered to students through two modes i.e. Regular mode and Distance mode which

are available as short term and long term courses.

In the workshops conducted by Secugenius, participants can claim to be trained by the highly

experienced & skilled corporate trainers from different parts of the nation. We believe in making

the base of students to be as strong as possible. All the modules have been designed in order to

provide students with specialized knowledge by specialized trainers.

This library was furnished, managed and funded by the Founders and Directors of Secugenius

Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of

the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security

Solutions.

This Online Digital Library has been initiated as a free resource & permanent

resource on specialization basis for every student of Team Secugenius.

Symlinking – Part 2

Product ID No: SG/ODL/13036

Founder & Director: Harpreet Khattar & Kshitij Adhlakha

Resource Person: Chetan Soni

Secugenius Security Solutions

SCO-13A, Model Town Extn, Near Krishna Mandir,

Ludhiana-141002, Punjab – India

support@secugenius.com, info@secugenius.com

www.secugenius.com , www.seculabs.in

Symlinking – Part 2 A Symlink Aka Symbolic Link is a virtual link pointing to a file in a directory.

In shared Linux environment hard disk space in divided in several parts for different account. Syntax: ln-s target_file_pathnew_file_name

Step 1 – First of all make a blank directory in your shell so that we can upload our symlink shells and related files. You can also create directory by typing this command,

mkdir cyber

Step 2 – Upload these files i.e. confkiller.php , sql.php , sym.php in your cyber directory.

Step 3 – Open your Sym.php shell in your browser by typing this path i.e. http://example.com/cyber/sym.php and here it shows can’t read /etc/named.conf

Step 4 – Now Click on Symlink Bypass and it shows all list of usernames (/etc/passwd) file. After some result, click on Symlink button.

Step 5 – After clicking on symlink button, it’ll shows all users.

Step 6 – You can also use this confkiller shell which is made by Team Indishell, In this shell, click on “use to generate PHP.ini” link.

Step 7 – After this , click on “use to Extract usernames” link.

Step 8 – After this, Click on “Let’s Start” Button.

And Now click on “Configuration Files”

Step 9 – Here’s it shows all configuartion files of that server.

Step 10 – Open any configuration file (wp-config.php) and note down DB-USER and DB-PASS and put it into sql.php

Step 11 – Now Open sql.php and fill all details in it and click on Enter button.

Step 12 – Here’s You entered into Database of that website, now click on Tables.

Step 13 – Now to wp_options tab and click on Data for finding the Website link.

Step 14 – In the first line, you got the website name.

Step 15 – Now Go back and go to wp_users and click on Data button.

Step 16 – Here you got the admin username and admin password, but the password is in encrypted form, so its time to decrypt it.

Step 17 – Now go to some MD5 decrypter sites and crack this password, Here we use http://md5decrypter.co.uk

If you failed to decrypt the password then we use this method

http://10minutemail.com It will creates a randomly generated mail address.

Step 18 – Now Change the user_email with your temporary Email Address.

And Now go to the login page of that site and click on “Lost your Password” In Wordpress based sites , the default login page will be http://example.com/wp-login.php or http://example.com/wp-admin

Step 19 – Now put your temporary mail address and click on “Get New Password”

And check your 10minutemail.com site and within 2-3 minutes, you got a mail with subject “Password Reset”

Open your mail and here’s a link for reset your password.

Click on this link and it will ask “New Password”

Step 20 – Now login your panel with username and password (u – admin and p – admin)

Step 21 – Now its time to upload your shell on this wordpress website by click on Appearnce -> Editor.

Step 22 – Now Select ant theme, so here’s we choose “Twenty Ten” theme The path of this theme will be ,

http://example.com/wp-content/themes/twentyten/

Now open “author.php” file and paste your shell here.

Step 23 – Paste your Fav shell here, I choose my fav shell (404.php)

Now open this author.php file in your browser,

http://example.com/wp-content/themes/twentyten/author.php