Friday, 26 April 2013

How to Hack Website using C99shell PHP Backdoor

[C99 Shell PHP Backdoor] is a PHP Scripted Backdoor that allows an attacker to Deface Website and Get Complete Access on Database and Sensitive Directories, Basically it's PHP Backdoor web application Trojan, that can Completely hack any website and Also Get Complete Database.
   _____  ___    ___
/ ____|/ _ \ / _ \
| | | (_) || (_) |
| | \__, | \__, |
| |____ / / / /
\_____| /_/ /_/ 
*Points to be Noted :- 

  • This is For Educational Purpose only, and Penetration testing for learners & Newbie in Hacking Field, I'll be not responsible for any Hacking Performed by any reader.
  • Well, The C99shell is a PHP Web Application Backdoor Trojan that contains Malicious Script in it, that you're Antivirus will not accept it and Detect it as Backdoor Trojan, So I'll recommend you to keep C99shell into ZIP formats and Archive it, Don't worry it will not affect you're PC whether it is non-archived but you're AV will kill it. 
# What C99shell (Backdoor) can do ? 
  • SQL Injection
  • Uploading XSS Vulnerabilities 
  • Complete access to Website File manager
  • Domain and Session Hijacking 
  • FTP Brute Force 
  • MySQL Shut down 
  • Command Execution 
  • Completely Deface Website
# How C99shell works ?
  • As I told you it's a Web Backdoor So you've to find Remote File Inclusion (RFI) or Local File Inclusion (LFI) Vulnerable websites and Upload C99shell in website.
  • You'can also upload it using Social Engineering methods
  • Here you've to upload C99shell PHP to victim's site at any how Condition then only you can Hack that Site.
  • After uploading it will Give you many Options directly and you can do many web application Hacking.
  • Read it out Below's tutorial and Understand C99shell

# How to Hack website using C99shell (Backdoor) ?

*Requirements :
*Steps : To Hack :
  • First of all, If you want to Perform this hacking using C99shell then, I'll prefer you to use 000webhost free website.
  • Suppose an attacker found RFI Vulnerable website and can Upload any file to Website File manager.
  • Go to your Website Control Panel :-
  • Now, Search File Manager and Click on It.
  • And you'll be redirected to you're File manager, Now Click on Public_html
  • Now, Simply click on Upload and Upload C99shell that you've been downloaded in Step 1.


  • And finally, Now Go to your Domain (Website) 
  • Now, Click on C99.php and Enjoy :D 
Click on Image to Enlarge it
  • And, finally you'll be able to Get full access on you'r own file manager without logging to your Control Panel



  • And now using File manager on C99shell, upload your Defaced Page or replace Index page & website is HACKED :D 
  • Same, you've to search RFI or LFI Vulnerable websites and Upload C99shell on victim's website at any how Condition, if once you'd uploaded then you'll be able to Perform many hacking & you'll gain Complete Access to any website.
  • Note :- Here, I'd showed you tutorial by uploading C99shell on own website and to get access. 
  • You've to Just upload C99shell on victim's website and locate it into Browser and you're done.

Feel free to Comment and Ask Question :] and Share it


2 comments:

gama trom said...

Nice tutorial, but how to upload to the victims server. Need to hack ftp account :/

webadmin shell said...

yes its great man :)