WHMCS Hacking Tutorial 2013
Hi guys. Today i will be showing how to hack a WHMCS via symlinking so lets get started.
Big thanks for HeXagone for helping me. :)
Things you will need:
1) Shelled website
2) Tool i will post at the end of the tutorial
3) Putty
4) Symlink script
5) MySQL manager
What is WHMCS?
DEMO: http://demo.whmcs.com/
ADMIN AREA DEMO: http://demo.whmcs.com/admin/login.php
That is easy
Check your kernel. Usually it will be like:
If your kernel has something like "ns1.hosting.com" in your kernel that means WHMCS is installed on that site.
So go to the hosting.com and you will probably find it.
Or you can google dork it:
Chapter II - Exploiting
First off we need to find our hostings path.
So do
or just view the /etc/passwd file to find all the users on the hosting.
Once you did that save it to the .txt file somewhere.
In my example i got lucky and found the path easy. (There was WordPress installed so i viewed wp-content/plugins/akismet/legacy.php which gave me full path)
But usually you can find it by the URL.
Now i know my site's path:
And WHMCS path is /hosting/ so my goal file is configuration.php located in
Okay, now make a new folder in your shell.
![[Image: regionng.png]](http://img825.imageshack.us/img825/999/regionng.png)
We will now try to access the file mentioned above.
Next thing i want to is to enter the folder and upload the script (Located at the end of this tutorial)
We will now try to access the file mentioned above.
Next thing i want to is to enter the folder and upload the script (Located at the end of this tutorial)
![[Image: regionng.png]](http://img546.imageshack.us/img546/999/regionng.png)
In that box enter the path and the file you want:
![[Image: regionyh.png]](http://img845.imageshack.us/img845/8681/regionyh.png)
Press go and you now get something like this:
![[Image: regionryb.png]](http://img18.imageshack.us/img18/6272/regionryb.png)
Press on symlink and it will open a new page.
Notice how the site is blank. That means it worked.
Right click -> View source and our targets database will be there.
![[Image: regionl.png]](http://img138.imageshack.us/img138/4844/regionl.png)
![[Image: regiona.png]](http://img202.imageshack.us/img202/4894/regiona.png)
![[Image: regionz.png]](http://img547.imageshack.us/img547/1342/regionz.png)
Now that you managed to get configuration info from the site you now need to connect to the MySQL base and create a new administrator.
Open our mysql.php script (Provided on the end of the tutorial) and enter credentials (Username and password)
![[Image: regionrh.png]](http://img542.imageshack.us/img542/136/regionrh.png)
![[Image: regionwz.png]](http://img855.imageshack.us/img855/7779/regionwz.png)
When you are logged in on the main database click "Tables".
NOTE: You can press "Dump" to save all info in the database!
You got a list now. Good.
Find tbladmins and click "Data"
![[Image: regioncipng.png]](http://img32.imageshack.us/img32/1664/regioncipng.png)
From there you can edit/add admin users.
As you can see i added a new user so i can access it later.
![[Image: regionok.png]](http://img35.imageshack.us/img35/2028/regionok.png)
Now i login with the new user i created
![[Image: regionrc.png]](http://img21.imageshack.us/img21/8602/regionrc.png)
![[Image: regiontu.png]](http://img189.imageshack.us/img189/3685/regiontu.png)
Now i have tool for this cases
WARNING!:
I didnt check for backdoors. So check it for yourself since i'm too lazy.
![[Image: regionnw.png]](http://img9.imageshack.us/img9/5674/regionnw.png)
There you can manage cPanels, dump them, view CC info and rest of the BH shit. :)
OPTIONAL:
In the PHP tool click on "FTP and SMTP password" (Or Host Roots).
Try the password for the root in Putty.
(It worked for me but they changed the passwords ;( )
Tools used:
MySQL manager
WHMCS tool
Symlink tool
Link:
Big thanks for HeXagone for helping me. :)
Things you will need:
1) Shelled website
2) Tool i will post at the end of the tutorial
3) Putty
4) Symlink script
5) MySQL manager
What is WHMCS?
Code:
“WHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control”DEMO: http://demo.whmcs.com/
ADMIN AREA DEMO: http://demo.whmcs.com/admin/login.php
Chapter I - How do i find if my server has WHMCS?
That is easy
Check your kernel. Usually it will be like:
Code:
Linux ns1.hosting.com x.x.xx-xxx.xx.x.xxx #1 SMP xxx xxx x xx:xx:xx EST 2012 x86_64If your kernel has something like "ns1.hosting.com" in your kernel that means WHMCS is installed on that site.
So go to the hosting.com and you will probably find it.
Or you can google dork it:
Code:
site:hosting.com inurl:/admin/login.php "WHMCS"Chapter II - Exploiting
First off we need to find our hostings path.
So do
Code:
cat /etc/passwdOnce you did that save it to the .txt file somewhere.
In my example i got lucky and found the path easy. (There was WordPress installed so i viewed wp-content/plugins/akismet/legacy.php which gave me full path)
But usually you can find it by the URL.
Now i know my site's path:
Code:
/home/user/public_html/And WHMCS path is /hosting/ so my goal file is configuration.php located in
Code:
/home/user/public_html/hosting/configuration.phpOkay, now make a new folder in your shell.
We will now try to access the file mentioned above.
Next thing i want to is to enter the folder and upload the script (Located at the end of this tutorial)
We will now try to access the file mentioned above.
Next thing i want to is to enter the folder and upload the script (Located at the end of this tutorial)
In that box enter the path and the file you want:
Code:
/home/user/public_html/hosting/configuration.phpPress go and you now get something like this:
Press on symlink and it will open a new page.
Notice how the site is blank. That means it worked.
Right click -> View source and our targets database will be there.
Chapter III - Getting access to the WHMCS
Now that you managed to get configuration info from the site you now need to connect to the MySQL base and create a new administrator.
Open our mysql.php script (Provided on the end of the tutorial) and enter credentials (Username and password)
When you are logged in on the main database click "Tables".
NOTE: You can press "Dump" to save all info in the database!
You got a list now. Good.
Find tbladmins and click "Data"
From there you can edit/add admin users.
As you can see i added a new user so i can access it later.
Now i login with the new user i created
Now i have tool for this cases
WARNING!:
I didnt check for backdoors. So check it for yourself since i'm too lazy.
There you can manage cPanels, dump them, view CC info and rest of the BH shit. :)
OPTIONAL:
In the PHP tool click on "FTP and SMTP password" (Or Host Roots).
Try the password for the root in Putty.
(It worked for me but they changed the passwords ;( )
Tools used:
MySQL manager
WHMCS tool
Symlink tool
Link:
Code: http://adf.ly/OvmAz
WHMCS Hacking Tutorial 2013
