Hacking Website Using Shell uploading with Tamper Data Firefox Addon

 Source :SH4Dow Elite
 Warning : For Education Purpose Only .

How To Upload Your PHP Shell Via Tamper Data (Firefox Add-On) This is tutorial dedicated to those who get login details but somehow they are unable to upload the PHP shell to the victim website.

First of all, you should download this little add-on for Firefox:
DL here

NOTE:
You need to rename your shell from .php to .jpg to bypass the website's security.

As an example i'll take - http://freead1.net/post-free-ad-to-USA-42

It is a free classified ads posting website, so we got an upload option to upload picture files. Now find your website's upload option, locate your .jpg shell (don't upload yet)



Now click on Tools in Firefox menu bar, select Tamper Data (will open in a new window)

Image has been scaled down 8% (907x467). Click this bar to view original image (977x503). Click image to open in new window.

Click on Start Tamper in the Tamper Data window.

NOTE: Before you click Start Tamper you should close all tabs unneeded. If you want this tutorial to be open, open up another browser (ex. chrome). Now you should click on the upload button.

After you have pressed the upload button, a new window will appear (Tamper with request?). Click on the Tamper button.



After a click on "Tamper" you will see "Tamper Popup"
In Tamper Popup Window, Copy "POST_DATA" text in Notepad.



After copying it to Notepad "Find yourshell.jpg" and rename it to .php.

Image has been scaled down 33% (907x133). Click this bar to view original image (1339x195). Click image to open in new window.

Now copy Notepad's text back to "POST_DATA" field. Now click OK.
It will upload the shell as .php and you can execute it easily!
Find your .php shell & do whatever you wanted to do with your victim website.

Thanks for reading