How to hack Web Server


What we will need

  • A target
  • Bing search engine
  • SQL Injection tools
  • PHP Shell, we will use dk shell

Information gathering

We will need to get the IP address of our target and find other websites that share the same IP address.

We will use an online tool to find the target’s IP address and other websites sharing the IP address


  • Enter the URL in your web browser
  • Enter as the target
  • Click on Check button
  • You will get the following results





Based on the above results, the IP address of the target is


We also found out that there are 403 domains on the same web server.


Our next step is to scan the other websites for SQL injection vulnerabilities. Note: if we can find a SQL vulnerable on the target, then we would directly exploit it without considering other websites.


Enter the URL into your web browser. This will only work with bing so don’t use other search engines such as google or yahoo

Enter the following search query

ip: .php?id=



  • “ip:” limits the search to all the websites hosted on the web server with IP address
  • “.php?id=” search for URL GET variables used a parameters for SQL statements.

You will get the following results




As you can see from the above results, all the websites using GET variables as parameters for SQL injection have been listed.


The next logic step would be to scan the listed websites for SQL Injection vulnerabilities. You can do this using manual SQL injection or using tools listed in this article on SQL Injection.


Uploading the PHP Shell

We will not scan any of the websites listed as this is illegal. Let’s assume that we have managed to login into one of them. You will have to upload the PHP shell that you downloaded from

  • Open the URL where you uploaded the dk.php file.
  • You will get the following window
  •                                 IMG_20160813_191003
  • Clicking the Symlink URL will give you access to the files in the target domain.

Once you have access to the files, you can get login credentials to the database and do whatever you want such as defacement, downloading data such as emails etc.


This Post is Strictly for EDUCATIONAL PURPOSES. Don’t use in bad manner. It can be a punishable offence.

NOTE:- some tricks may not work due to fixture of bugs of servers.


  1. I see your blog needs some fresh & unique articles. Writing manually is time-consuming, but there is a solution for this.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.