 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 230
 Members: 0
 Total: 230
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Some basic SHARED SERVER info |
|
 Posted: Mon Jun 15, 2009 2:43 pm |
 |
|
| shyspy |
| Advanced user |
 |
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
 |
|
 |
|
Hi m looking for information on how to hack using an shared server.
If you can hack an site then you can easily hack many other sites.
I don't really get the funda can any1 please explain. |
|
|
|
|
| Posted: Mon Jun 15, 2009 3:43 pm |
|
|
| earthquaker |
| Advanced user |
 |
|
| Joined: Jun 02, 2008 |
| Posts: 111 |
| Location: q8 |
|
|
|
|
|
|
| if you have an access to the server then upload a php shell |
|
|
|
|
|
|
|
|
| Posted: Mon Jun 15, 2009 4:18 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
It involves multiple steps:
1. getting webapplication admin account (usually needed)
2. from web app admin somehow elevate to php code level
Now you can run arbitrary php code, but there can be safe mode, open_basedir, disable_functions and other obstacles.
3. from php to operating system shell level. Usually through ``, passthru(), system(), preg_replace() e-modifier.
From php to shell can be very hard to accomplish, many depends on php version and server overall security.
4. Now you have Linux shell (let's not talk about Win right now).
Hosting server admins are not interesting of users poking around other user directories and files, right? So expect various obstacles there too.
Usually it's file system permissions.
5. From low priv shell to root shell - local root exploits.
Root level means
5.1 you can deface all websites on server
5.2 you can read /etc/shadow
5.3 you can delete logs
5.4 rootkits, backdoors
5.5 sniffing network traffic
etc, etc
Summary - you need advanced skills in sql, php, linux, c/c++, perl, networking, etc etc, if you want big rate of success.
With minimal knowledge you will have hard times 
But all experts start from beginning ... |
|
|
|
|
|
|
- |
|
| Posted: Mon Jun 15, 2009 4:25 pm |
|
|
| shyspy |
| Advanced user |
|
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
| Thankyou waraxe and earthquaker .. the information is really helpfull and now i m googleing for more on the topic.. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
