Shell Uploading Via Tamper Data

shell uploading via tamper

Shell Uploading Via Tamper Data

In this session we will discuss about shell uploading via tamper Data or shell uploading bypass method. During hacking you got successfully login to admin panel where they ask you for uploading image in .jpg and .png extension but you are not able to upload shell then read this tutorial carefully step by step.

In this tutorial we will bypass from unrestricted files upload using jpg extension so lets start our work.

  • Go to your desired location to upload files and rename your shell with .php.jpg extension like shell.php to shell.php.jpg as shown below.

Shell Uploading Via Tamper Data

  • Now just click on tools>Tamper Data>start tamper and click on upload.
  • Now tamper your page and in Post data find your file and rename shell.php.jpg to shell.php and then click ok.

Shell Uploading Via Tamper Data

  • Now your shell is successfully uploaded just access your shell.

Shell Uploading Via Tamper Data

Advance Shell uploading bypassing Extensions

1)shell.jpg.php (satisfies as check for jpg only)
2)shell.jpg.PhP (obfuscation)

3)shell.php;.jpg (sometimes can ignore whats after “;”)

4)shell.php%0delete0.jpg (the infamous NULL byte which comments out trailing text, remove the word delete so the zeros join together, blogspot strips this string!)

5)shell.php.test (defaults to first recognised extension ignoring “test”)

6)shell.php.xxxjpg (still ends in .jpg, but not recognised extension so will default to php!)

7).phtml (a commonly used php parsed extension often forgotten about!)

8).php3/.php4/.php5 (valid PHP extensions possibly left out of extension blacklists)

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

1 thought on “Shell Uploading Via Tamper Data”

  1. This is a classical bypass of the client side controls. All controls client side must be repeated server side and double extensions, nullbyte injections, and file format headers are usually controlled server side. If this example successes the application security must be reviewed in depth. Applying other techniques, but using the same concept in the client side, it is possible to include javascript code in jpg or png files stored server side and altering the conten-type during upload in order to get the file as text when requested client side. Either one or the other should be controlled server side.

Leave a Reply