Sunday, 13 April 2014

Virtual Defacement [Fake Root]

Hey everyone, it has been a while that i haven't update this blog because my laptop is broken. So, as for today i'm going to make a tutorial about Virtual Defacement, or well-known as Fake Root. So, for this we going to use our shell, if you still don't have them you can download it from HERE

So, when the shell has been uploaded, it would be like this:

Checking Domain List
Now, to check the site that in in the same server, click on Domain

Then, you will see a list of domain and users.


You can simply check the site on the same server by visiting this website, Reverse IP Lookup

Checking Root Directory

To know the root path is very easy. It usually between the /home/ folder and /public_html/.
Take a look on this picture and you will understand.

Example, for this site, the root folder is /socialm4/

Checking for vulnerability
Now, it's time to check the site is vulnerable to virtual defacement or not. Simply choose any site from the list and add /~root/ at the end of the site URL.

Example for this site:

Hit enter, and if it says Forbidden , that's means the site is vulnerable to fake root and you good to go. :D

Upload your defacement in the /public_html/ folder and DONE :D

Check your defacement :P

Example Virtual Defacement: